CN113505349A - Mini PCI-E password card operation method under embedded uboot - Google Patents
Mini PCI-E password card operation method under embedded uboot Download PDFInfo
- Publication number
- CN113505349A CN113505349A CN202110840032.2A CN202110840032A CN113505349A CN 113505349 A CN113505349 A CN 113505349A CN 202110840032 A CN202110840032 A CN 202110840032A CN 113505349 A CN113505349 A CN 113505349A
- Authority
- CN
- China
- Prior art keywords
- mini pci
- password card
- uboot
- authentication
- equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 21
- 238000004891 communication Methods 0.000 claims abstract description 16
- 238000012795 verification Methods 0.000 claims description 8
- 238000005516 engineering process Methods 0.000 claims description 6
- 238000012790 confirmation Methods 0.000 claims description 4
- 238000001514 detection method Methods 0.000 abstract description 3
- 238000011161 development Methods 0.000 description 7
- 238000011017 operating method Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/123—Restricting unauthorised execution of programs by using dedicated hardware, e.g. dongles, smart cards, cryptographic processors, global positioning systems [GPS] devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Remote Sensing (AREA)
- Radar, Positioning & Navigation (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Stored Programmes (AREA)
Abstract
The invention discloses a method for operating a Mini PCI-E password card under an embedded uboot, which comprises the steps of inserting an authentication tool and carrying out authority control on the Mini PCI-E password card; electrifying to run a uboot program, and initializing equipment hardware; loading and running a Mini PCI-E password card driving program after hardware initialization is finished, scanning the equipment ID through the Mini PCI-E password card driving program, and judging the type of an equipment communication protocol, wherein the communication protocol type comprises a Mini PCI-E protocol and a USB protocol; initializing a Mini PCI-E password card according to different protocols, and connecting a corresponding equipment interface; and calling an equipment interface to access the Mini PCI-E password card. The invention can ensure the safety and credibility of the system starting operation environment and the safety and credibility of the executed code after the system is started by carrying out identity authentication and safety integrity detection on the equipment, thereby preventing illegal operation of the equipment and illegal stealing of key information.
Description
Technical Field
The invention relates to the technical field of information security, in particular to an operation method of a Mini PCI-E password card under an embedded uboot.
Background
uboot is an open source code software project following GPL, supports various embedded processors, is usually used as a BootLoader program to boot different embedded operating systems, and has high stability and reliability. With the rapid development of the internet of things in recent years, the embedded system is widely applied to various fields of life, the importance of the embedded system is more prominent, the internet enables information communication between embedded devices to be more efficient and convenient, the internet is also used for gradually turning to the embedded system for network defense and attack, and the security problem of the embedded devices is gradually exposed. The trusted operating environment is an effective solution for improving the security of the embedded system, and uboot is used as a section of program executed first after the circuit board is powered on, and bears the roles of constructing a software operating environment and initializing hardware, and finally guiding the system to operate, so that a safe and reliable detection and authentication mechanism is integrated in the program, the legality of a request and the completeness and no tampering of the software and the hardware are ensured, and the trust of the operating environment of the embedded device platform is ensured, which is very necessary.
The cryptographic technology is a supporting and core technology of information security, and provides a reliable means for protecting the information security. The Mini PCI-E bus is mainly used for equipment with small size, and the Mini PCI-E password card based on the password technology is hardware equipment which takes the Mini PCI-E bus or a USB bus as an interface and has the password operation capabilities of data encryption and decryption, identity authentication and authentication, Hash operation and the like, can provide multi-level authority management and key protection storage, and is widely applied to information security solutions of products such as notebooks, digital equipment, industrial personal computers and the like.
However, in the actual use of the Mini PCI-E cryptographic card, the Bootloader of the embedded operating system first scans the device and then loads the corresponding driver to complete initialization, and the driver cannot adapt to which protocol the cryptographic card device uses, so two different drivers, namely the USB driver and the Mini PCI-E driver, are required, which results in low system start efficiency and the possibility of mixed use of the two drivers.
Therefore, how to efficiently run the Mini PCI-E cryptographic card on the premise of ensuring the security of the system running environment is an urgent problem to be solved by those skilled in the art.
Disclosure of Invention
In view of the above, the invention provides a Mini PCI-E cryptographic card operating method under an embedded uboot.
In order to achieve the purpose, the invention adopts the following technical scheme:
a Mini PCI-E password card operation method under an embedded uboot comprises the following steps:
s11, electrifying to run a uboot program, and initializing equipment hardware;
s12, loading and running a Mini PCI-E password card driving program after hardware initialization is finished, scanning the equipment ID through the Mini PCI-E password card driving program, and judging the type of an equipment communication protocol, wherein the type of the equipment communication protocol comprises a Mini PCI-E protocol and a USB protocol;
s13, initializing the Mini PCI-E password card according to different protocols, and connecting the corresponding equipment interface;
and S14, calling an equipment interface to access the Mini PCI-E password card.
Preferably, the method further includes performing authority control on a Mini PCI-E cryptographic card under the embedded uboot, and specifically includes:
s21, inserting an authentication tool before the step S11;
s22, before step S12, the Mini PCI-E password card is double-authenticated by the authentication tool and the Mini PCI-E password card itself.
Preferably, the step S22 of performing authority control on the Mini PCI-E cryptographic card specifically includes the following steps:
s221, scanning, identifying and authenticating the tool, acquiring authentication information, sending the authentication information to the Mini PCI-E password card for identity confirmation, acquiring control and operation authority of the Mini PCI-E password card, and completing first re-authentication;
s222, calling a Mini PCI-E password card, and performing integrity non-tampering verification on the system mirror image, the configuration file and the key hardware information by using a password technology to complete second authentication.
Preferably, if the first re-authentication or the second re-authentication fails, the authentication failure is prompted, and the device is shut down or restarted after a certain time.
According to the technical scheme, compared with the prior art, the invention discloses and provides the Mini PCI-E password card operation method under the embedded uboot, the problems of the use and the authority control of the Mini PCI-E password card under the embedded uboot are solved, and a safety mechanism taking the Mini PCI-E password card as a core can be established based on the method, so that the method has the following beneficial effects:
(1) uboot loads a Mini PCI-E password card driving program firstly, and the driving scanning equipment ID completes initialization according to different communication protocols, so that the driving can adapt to the protocol used by the password card equipment, the normal operation of the Mini PCI-E password card equipment can be guaranteed only by one driver, and the operation efficiency of the Mini PCI-E password card equipment is improved.
(2) The double authentication of identity authentication and safety integrity detection is carried out before the equipment is started, so that the safety and credibility of the running environment before the system is started and the credibility of the execution code after the system is started can be ensured, and the illegal operation of the equipment and the illegal stealing of the key information of the system are prevented.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
FIG. 1 is a flowchart illustrating a method for operating a Mini PCI-E cryptographic card under an embedded uboot according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating authority control of a Mini PCI-E cryptographic card under an embedded uboot according to an embodiment of the present invention;
FIG. 3 is a flowchart of a method for comprehensively operating a Mini PCI-E cryptographic card under an embedded uboot with authority control according to an embodiment of the present invention
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example 1:
as shown in FIG. 1, embodiment 1 discloses a Mini PCI-E password card operating method under an embedded uboot, which includes
S11, electrifying the development board, and starting uboot;
s12, after hardware initialization at stage2 is finished, loading a pre-developed Mini PCI-E password card driver by uboot; when the driver is loaded, the driver can match the equipment ID of the Mini PCI-E password card with the USB equipment by scanning the PCI, wherein the equipment ID comprises VID (manufacturer identification) and DID (product identification), so that the aim of adapting to whether the Mini PCI-E password card uses the USB protocol or the Mini PCI-E protocol is fulfilled;
s13, carrying out a series of initializations to the Mini PCI-E password card according to different protocols to ensure the password card can work normally and provide a communication interface corresponding to the protocol. When the communication protocol is a Mini PCI-E protocol, driving and reading information of a Mini PCI-E password card configuration space under uboot, allocating IO memory resources, configuring a series of registers, and providing a communication interface of the Mini PCI-E protocol to the outside; when the communication protocol is a USB protocol, a universal USB data transmission interface provided by uboot is used, and the communication interface of the USB protocol is externally provided according to the message format of the Mini PCI-E password card;
and the program running in the S14 and uboot calls the communication interface provided by the driver to the outside to realize the access to the Mini PCI-E password card.
Example 2:
as shown in fig. 2, embodiment 2 discloses an authority control method for a Mini PCI-E cryptographic card under an embedded uboot, which includes:
s21, before the development board is powered on, an SD password card or an UKey and other authentication tools containing authentication information are inserted;
s22, starting uboot, operating the authentication module of the system in the second stage, and performing double authentication on the Mini PCI-E password card through the authentication tool and the Mini PCI-E password card, wherein the double authentication specifically comprises the following steps:
s221, scanning and identifying the authentication tool inserted into the development board through the authentication module, establishing a bridge for communication between the authentication tool and the Mini PCI-E password card, and having the capability of collecting software and hardware information, wherein the authentication module interacts with the authentication tool in the running process, acquires authentication information, sends the authentication information to the Mini PCI-E password card to complete identity confirmation, acquires password card control and operation authority, and completes first re-authentication; if the identity authentication fails, prompting that the identity authentication fails, and shutting down or restarting the equipment after a certain time;
s222, the authentication module calls a Mini PCI-E password card, hash operation is carried out on the system mirror image, the configuration file and the key hardware information by using hmac (password card internal key) or hash algorithms such as SM3 and MD5, the obtained hash value is compared with a hash value prestored in the password card, integrity non-tampering verification is completed, and second authentication is completed; and if the verification is passed, the system is guided to normally operate, otherwise, the verification failure is prompted, and the equipment is shut down or restarted after a certain time.
Example 3:
as shown in fig. 3, on the basis of the embodiments 1 and 2, the embodiment 3 discloses a Mini PCI-E cryptographic card comprehensive operation method under an embedded uboot with authority control, and the specific implementation process is as follows:
before the development board is electrified, an SD password card or an UKey and other authentication tools containing authentication information are inserted;
electrifying the development board, starting an uboot program, and initializing hardware equipment;
after the initialization of hardware of uboot at the stage2 is finished, loading a pre-developed Mini PCI-E password card driver; the driver scans equipment, adapts to a protocol used by a Mini PCI-E password card, completes a series of initialization and provides a communication interface of a USB protocol or a Mini PCI-E protocol to the outside;
operating an authentication module to obtain the information of the Mini PCI-E password card equipment, and scanning and identifying an authentication tool inserted into the development board; judging whether the Mini PCI-E password card has control authority or not through the acquired equipment information, if not, acquiring authentication information from an authentication tool by an authentication module, sending the authentication information to the Mini PCI-E password card to complete identity confirmation, if the identity authentication fails, prompting that the identity authentication fails, and shutting down or restarting the equipment after a certain time;
the authentication module calls a password card, integrity non-tampering verification is carried out on the system mirror image, the configuration file and the key hardware information by using a password technology, if the verification is passed, the system is guided to normally operate, otherwise, verification failure is prompted, and the equipment is shut down or restarted after a certain time.
The embodiments in the present description are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (4)
1. A Mini PCI-E password card operation method under an embedded uboot is characterized by comprising the following steps:
s11, electrifying to run a uboot program, and initializing equipment hardware;
s12, loading and running a Mini PCI-E password card driving program after hardware initialization is finished, scanning the equipment ID through the Mini PCI-E password card driving program, and judging the type of an equipment communication protocol, wherein the type of the equipment communication protocol comprises a Mini PCI-E protocol and a USB protocol;
s13, initializing the Mini PCI-E password card according to different protocols, and connecting the corresponding equipment interface;
and S14, calling an equipment interface to access the Mini PCI-E password card.
2. The method for running a Mini PCI-E cryptographic card under an embedded uboot of claim 1, further comprising performing authority control on the Mini PCI-E cryptographic card under an embedded uboot, specifically comprising:
s21, inserting an authentication tool before the step S11;
s22, before step S12, the Mini PCI-E password card is double-authenticated by the authentication tool and the Mini PCI-E password card itself.
3. The method for running the Mini PCI-E password card under the embedded uboot of claim 2, wherein the step S22 of performing the authority control on the Mini PCI-E password card specifically comprises the following steps:
s221, scanning, identifying and authenticating the tool, acquiring authentication information, sending the authentication information to the Mini PCI-E password card for identity confirmation, acquiring control and operation authority of the Mini PCI-E password card, and completing first re-authentication;
s222, calling a Mini PCI-E password card, and performing integrity non-tampering verification on the system mirror image, the configuration file and the key hardware information by using a password technology to complete second authentication.
4. The method for running a Mini PCI-E password card under an embedded uboot of claim 3, wherein if the first re-authentication or the second re-authentication fails, the authentication failure is prompted, and the device is shut down or restarted after a certain time.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110840032.2A CN113505349A (en) | 2021-07-24 | 2021-07-24 | Mini PCI-E password card operation method under embedded uboot |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110840032.2A CN113505349A (en) | 2021-07-24 | 2021-07-24 | Mini PCI-E password card operation method under embedded uboot |
Publications (1)
Publication Number | Publication Date |
---|---|
CN113505349A true CN113505349A (en) | 2021-10-15 |
Family
ID=78013895
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110840032.2A Pending CN113505349A (en) | 2021-07-24 | 2021-07-24 | Mini PCI-E password card operation method under embedded uboot |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113505349A (en) |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2014059904A1 (en) * | 2012-10-15 | 2014-04-24 | 天地融科技股份有限公司 | System for multiplexing usb interface transmission data |
CN105933118A (en) * | 2016-06-13 | 2016-09-07 | 北京三未信安科技发展有限公司 | Communication method and system, PCI password card and remote management medium |
CN107977333A (en) * | 2017-12-04 | 2018-05-01 | 山东渔翁信息技术股份有限公司 | A kind of cipher card and the method for communication |
CN108282337A (en) * | 2017-12-04 | 2018-07-13 | 中国电子科技集团公司第三十研究所 | A kind of Routing Protocol reinforcement means based on trusted cryptography's card |
CN109347831A (en) * | 2018-10-24 | 2019-02-15 | 国家电网有限公司 | A kind of double authentication safety access system and method based on UKey certification |
CN109471668A (en) * | 2018-11-20 | 2019-03-15 | 南方电网科学研究院有限责任公司 | Cross-platform video card firmware translation executes method, apparatus, equipment and readable medium |
CN111797371A (en) * | 2020-06-16 | 2020-10-20 | 北京京投信安科技发展有限公司 | Switch encryption system |
CN112148100A (en) * | 2019-06-26 | 2020-12-29 | 西安诺瓦星云科技股份有限公司 | Embedded equipment control method, device and system |
-
2021
- 2021-07-24 CN CN202110840032.2A patent/CN113505349A/en active Pending
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2014059904A1 (en) * | 2012-10-15 | 2014-04-24 | 天地融科技股份有限公司 | System for multiplexing usb interface transmission data |
CN105933118A (en) * | 2016-06-13 | 2016-09-07 | 北京三未信安科技发展有限公司 | Communication method and system, PCI password card and remote management medium |
CN107977333A (en) * | 2017-12-04 | 2018-05-01 | 山东渔翁信息技术股份有限公司 | A kind of cipher card and the method for communication |
CN108282337A (en) * | 2017-12-04 | 2018-07-13 | 中国电子科技集团公司第三十研究所 | A kind of Routing Protocol reinforcement means based on trusted cryptography's card |
CN109347831A (en) * | 2018-10-24 | 2019-02-15 | 国家电网有限公司 | A kind of double authentication safety access system and method based on UKey certification |
CN109471668A (en) * | 2018-11-20 | 2019-03-15 | 南方电网科学研究院有限责任公司 | Cross-platform video card firmware translation executes method, apparatus, equipment and readable medium |
CN112148100A (en) * | 2019-06-26 | 2020-12-29 | 西安诺瓦星云科技股份有限公司 | Embedded equipment control method, device and system |
CN111797371A (en) * | 2020-06-16 | 2020-10-20 | 北京京投信安科技发展有限公司 | Switch encryption system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11258792B2 (en) | Method, device, system for authenticating an accessing terminal by server, server and computer readable storage medium | |
CN110688660B (en) | Method and device for safely starting terminal and storage medium | |
CN102027480B (en) | System and method for providing a system management command | |
JP5613596B2 (en) | Authentication system, terminal device, authentication server, and program | |
TW201706898A (en) | Secure software authentication and verification | |
WO2017045627A1 (en) | Control board secure start method, and software package upgrade method and device | |
KR20130008939A (en) | Apparatus and method for preventing a copy of terminal's unique information in a mobile terminal | |
CN111901117A (en) | Safety authentication method and system based on JTAG interface | |
CN112181513B (en) | Trusted measurement method based on control host system guidance of hardware board card | |
CN116070217A (en) | Safe starting system and method for chip module | |
CN112148314A (en) | Mirror image verification method, device, equipment and storage medium of embedded system | |
CN111783120A (en) | Data interaction method, computing device, BMC chip and electronic device | |
US11954234B2 (en) | System and method for protecting browser data | |
CN113505349A (en) | Mini PCI-E password card operation method under embedded uboot | |
CN112861137A (en) | Secure firmware | |
CN113704773B (en) | Relay protection safety chip operating system and communication method thereof | |
CN112307481B (en) | System trusted starting method, electronic equipment and computer readable storage medium | |
CN115563588A (en) | Software offline authentication method and device, electronic equipment and storage medium | |
CN108228219B (en) | Method and device for verifying BIOS validity during in-band refreshing of BIOS | |
CN110781527A (en) | Control register protection method and device | |
CN117056879B (en) | Distributed control system trusted policy start-stop authorization method and system | |
CN117610089B (en) | Encryption method, system, equipment and storage medium of multi-core heterogeneous chip | |
CN114666665B (en) | Certificate authentication method, storage medium and television | |
CN110929283B (en) | Hierarchical protection system of UEFI BIOS and corresponding implementation method | |
US11947954B2 (en) | Electronic apparatus adapted for container and software updating method for running container system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |