CN113849212B - Software upgrading control method and device and electronic equipment - Google Patents
Software upgrading control method and device and electronic equipment Download PDFInfo
- Publication number
- CN113849212B CN113849212B CN202111162350.4A CN202111162350A CN113849212B CN 113849212 B CN113849212 B CN 113849212B CN 202111162350 A CN202111162350 A CN 202111162350A CN 113849212 B CN113849212 B CN 113849212B
- Authority
- CN
- China
- Prior art keywords
- software
- area
- asymmetric digital
- value
- check
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 60
- 238000012795 verification Methods 0.000 claims abstract description 50
- 238000004364 calculation method Methods 0.000 claims abstract description 24
- 238000004422 calculation algorithm Methods 0.000 claims description 32
- 230000015654 memory Effects 0.000 claims description 19
- 238000004590 computer program Methods 0.000 claims description 5
- 206010068065 Burning mouth syndrome Diseases 0.000 description 25
- 238000011161 development Methods 0.000 description 11
- 230000005540 biological transmission Effects 0.000 description 9
- 238000004891 communication Methods 0.000 description 6
- 230000006378 damage Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 5
- 238000012986 modification Methods 0.000 description 5
- 230000004048 modification Effects 0.000 description 5
- 238000004458 analytical method Methods 0.000 description 4
- 238000013524 data verification Methods 0.000 description 3
- 238000003745 diagnosis Methods 0.000 description 3
- 238000007726 management method Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000012423 maintenance Methods 0.000 description 2
- 239000007787 solid Substances 0.000 description 2
- 238000009825 accumulation Methods 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000001680 brushing effect Effects 0.000 description 1
- 125000004122 cyclic group Chemical group 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/61—Installation
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Storage Device Security (AREA)
- Stored Programmes (AREA)
Abstract
The invention discloses a software upgrading control method, a device and electronic equipment, which are applied to a software providing end, wherein the method comprises the following steps: acquiring a first asymmetric digital check value in a software asymmetric digital check area and a first public key of the software; checking the first asymmetric digital check value by using the first public key to obtain a first check value; acquiring first data except a guide area and the asymmetric digital verification area in the software, and performing first hash calculation on the first data to obtain a first hash value; when the first check value is consistent with the first hash value, judging that the software is not tampered; and after judging that the software is not tampered, sending the software to a software upgrading end. That is, before the software is sent to the software upgrading end, the software needs to be checked in advance, so that the software itself can be ensured not to be destroyed, and the reliability of the software upgrading can be improved.
Description
Technical Field
The invention relates to the technical field of new energy automobiles, in particular to a software upgrading control method and device and electronic equipment.
Background
With the rapid development of the new energy automobile industry, the market conservation amount is gradually increased, and the requirements of after-sale upgrading and over-the-air upgrading OTA technology of the vehicle-mounted battery management system BMS are increased. For traditional automobiles, a diagnosis instrument is usually used at an automobile authorized 4S shop to connect with the BMS through a standard OBD diagnosis interface and upgrade the software of the BMS, and the process is generally reliable and controllable; for new energy automobiles, the OTA wireless upgrading is supported mostly, and compared with the upgrading mode of a 4S store, the wireless upgrading process has the advantages of larger possibility of interference failure and data tampering.
At present, in a software upgrading process of a general BMS, when the whole program is downloaded or the program is downloaded in a segmented way, data transmission verification of the downloaded program is carried out, an ADD accumulation algorithm or cyclic redundancy algorithms such as CRC16 and CRC32 are generally adopted, a diagnostic instrument sends a verification value obtained through verification to the BMS, and the BMS is compared with a received verification value after the same algorithm is used for verification. If the two values are the same, the data received from the diagnostic device is considered to be good and feedback is being responded to the diagnostic device. And then continuing the next transmission or completing the transmission to enter the subsequent process. However, the verification method of the current design can verify the data error in the transmission process from the diagnostic apparatus to the BMS under normal conditions, but if the BMS program file stored in the diagnostic apparatus is damaged, even if the transmission process to the BMS is not wrong, the integrity verification in the upgrade process can be passed, and still the actual writing and the unexpected problem can be caused.
Disclosure of Invention
Therefore, the technical problem to be solved by the invention is to overcome the defect that the program code itself is destroyed in the existing program upgrading process, thereby providing a method, a device and electronic equipment for controlling the software upgrading.
According to a first aspect, an embodiment of the present invention discloses a software upgrade control method, including: acquiring a first asymmetric digital check value in a software asymmetric digital check area and a first public key of the software; checking the first asymmetric digital check value by using the first public key to obtain a first check value; acquiring first data except a guide area and the asymmetric digital verification area in the software, and performing first hash calculation on the first data to obtain a first hash value; when the first check value is consistent with the first hash value, judging that the software is not tampered; and after judging that the software is not tampered, sending the software to a software upgrading end.
Optionally, before acquiring the asymmetric digital check value in the asymmetric digital check area of the software and the public key of the software or before acquiring all data except the boot area and the asymmetric digital check area in the software, the method further comprises: after the software is powered on, second data except a check area in a calibration data area of the software are obtained; checking the second data by using a preset checking algorithm to obtain a calibration data area checking value; acquiring a preset check value in the check area; and starting the software when the calibration data area check value is consistent with the preset check value.
Optionally, before acquiring the asymmetric digital check value in the asymmetric digital check area of the software and the public key of the software, the method further comprises: when the software is integrated, performing second hash calculation on the first data to obtain a second hash value; and encrypting the second hash value by using a private key to obtain the asymmetric digital check value, wherein the private key corresponds to the public key.
Optionally, the public key and the private key are obtained by an asymmetric encryption algorithm.
Optionally, the asymmetric encryption algorithm is an RSA algorithm.
According to a second aspect, the embodiment of the invention also discloses a software upgrading control method, which is applied to a software upgrading end and comprises the following steps: after the software is upgraded, a second asymmetric digital check value in the asymmetric digital check area of the software and a second public key of the software are obtained; checking the second asymmetric digital check value by using the second public key to obtain a second check value; acquiring third data except a guide area and the asymmetric digital verification area in the software, and performing third hash calculation on the third data to obtain a third hash value; and when the second check value is consistent with the third hash value, judging that the software upgrading is successful.
Optionally, after determining that the software upgrade is successful, the method further includes: generating a flag bit of successful software upgrading, and writing the flag bit to a preset position; after the software is powered on next time, judging whether the flag bit of the preset position is read or not; and when the flag bit at the preset position is read, judging that the software can be started normally.
According to a third aspect, an embodiment of the present invention further provides a software upgrade control apparatus, applied to a software providing end, including: the first acquisition module is used for acquiring a first asymmetric digital check value in the asymmetric digital check area of the software and a first public key of the software; the first verification module is used for verifying the first asymmetric digital verification value by using the first public key to obtain a first verification value; the first calculation module is used for acquiring first data except the guide area and the asymmetric digital verification area in the software, and performing first hash calculation on the first data to obtain a first hash value; the first judging module is used for judging that the software is not tampered when the first check value is consistent with the first hash value; and the sending module is used for sending the software to a software upgrading end after judging that the software is not tampered.
According to a fourth aspect, an embodiment of the present invention further provides a software upgrade control apparatus, applied to a software upgrade end, including: the second acquisition module is used for acquiring a second asymmetric digital check value in the asymmetric digital check area of the software and a second public key of the software after the software is upgraded; the second checking module is used for checking the second asymmetric digital check value by using the second public key to obtain a second check value; the hash calculation module is used for acquiring third data except the guide area and the asymmetric digital verification area in the software, and performing third hash calculation on the third data to obtain a third hash value; and the second judging module is used for judging that the software upgrading is successful when the second check value is consistent with the third hash value.
According to a fifth aspect, an embodiment of the present invention further discloses an electronic device, including: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to cause the at least one processor to perform the steps of the method according to the first aspect or any alternative implementation of the first aspect.
According to a sixth aspect, an embodiment of the present invention also discloses a computer-readable storage medium, on which a computer program is stored, which computer program, when being executed by a processor, implements the steps of the method according to the first aspect or any of the alternative embodiments of the first aspect.
The technical scheme of the embodiment of the invention has the following advantages:
1. The embodiment of the invention checks the first asymmetric digital check value in the asymmetric digital check area by using the first public key at the software providing end, compares the checked first check value with the first hash value obtained by carrying out hash calculation on the data (namely, the first data), determines that the software program is not tampered when the first check value is consistent with the first hash value, and sends the software to the software upgrading end under the condition that the software program is not tampered, namely, before the software is sent to the software upgrading end, the software needs to be checked in advance, thereby ensuring that the software is not destroyed, and improving the reliability of the software upgrading.
2. After the software is upgraded, the embodiment of the invention utilizes the second public key to check the second asymmetric digital check value in the asymmetric digital check area at the software upgrading end, compares the checked second check value with a third hash value obtained by carrying out hash calculation on data (namely third data) to be checked, and determines that the software is successfully upgraded when the first check value is consistent with the third hash value. That is, after the software is upgraded, by post verification after the software is upgraded, no error can be ensured in the analysis of the software, and the problem of software refreshing failure caused by analysis error is avoided, so that the reliability of the software upgrade can be improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are needed in the description of the embodiments or the prior art will be briefly described, and it is obvious that the drawings in the description below are some embodiments of the present invention, and other drawings can be obtained according to the drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic diagram of a Flash storage structure of BMS program software;
FIG. 2 is a flowchart of a specific example of a software upgrade control method applied to a software provider according to an embodiment of the present invention;
FIG. 3 is a flowchart illustrating a program determination of a software upgrade control method according to an embodiment of the present invention;
FIG. 4 is a flowchart of a specific example of a software upgrade control method applied to a software upgrade terminal according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of a software upgrade control apparatus applied to a software provider according to an embodiment of the present invention;
FIG. 6 is a schematic diagram of a software upgrade control apparatus applied to a software upgrade end according to an embodiment of the present invention;
fig. 7 is a diagram illustrating an embodiment of an electronic device according to the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made apparent and fully in view of the accompanying drawings, in which some, but not all embodiments of the invention are shown. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
In the description of the present application, it is to be noted that the term "and/or" as used in the present description and the appended claims refers to any and all possible combinations of one or more of the associated listed items, and includes such combinations.
In addition, the technical features of the different embodiments of the present invention described below may be combined with each other as long as they do not collide with each other.
The embodiment of the invention discloses a software upgrading control method which is applied to a software providing end. In the embodiment of the invention, the software is BMS program software, and FIG. 1 is a Flash storage structure schematic diagram of the BMS program software, as shown in FIG. 1, wherein the BMS program software is divided into a Boot area (Boot), a Calibration data area (Calibration), and a Code area (Code). The Boot is a program part which is firstly operated when the BMS is electrified, and cannot be updated after leaving a factory; boot is responsible for Boot and program upgrades, the scope of which includes calization and Code. Calization is a calibratable parameter that can be adjusted by a developer during development. Code is a program algorithm, which is a non-adjustable program Code area.
Fig. 2 is a flowchart of a specific example of a software upgrade control method applied to a software provider according to an embodiment of the present invention, as shown in fig. 2, the method includes the following steps:
step 101, a first asymmetric digital check value in an asymmetric digital check area of software and a first public key of the software are obtained.
Further, before acquiring the asymmetric digital check value in the asymmetric digital check area of the software and the public key of the software, the method further comprises the following steps: when the software is integrated, performing second hash calculation on the first data to obtain a second hash value; and encrypting the second hash value by using a private key to obtain the asymmetric digital check value, wherein the private key corresponds to the public key.
Specifically, the public key and the private key are obtained by adopting an asymmetric encryption algorithm. More specifically, the asymmetric encryption algorithm is an RSA algorithm. According to the embodiment of the invention, the BMS Cheng Xujin is subjected to asymmetric digital verification through an RSA algorithm which cannot be cracked under the conventional condition, so that the confidentiality is extremely high, the reliability is extremely high, and the risks of accidental damage and unauthorized modification of the BMS program in the processes of file transmission, wireless communication, wired communication and other use are greatly reduced. The possibility of BMS program failure or attack and destruction is avoided. And the reliability and the credibility level of the whole BMS are improved.
For example, when the codes are compiled and integrated, BMS program software directly calculates the SHA512 algorithm on the code area or the code area plus the calibration area through a tool to generate a HASH value with a fixed length and a length of 512bits. Then adopting an asymmetric encryption algorithm RSA2048 to generate two secret keys (a public key and a private key) in pairs, using a private key with strict confidentiality to operate the HASH value, generating an asymmetric digital check value, and storing the asymmetric digital check value in a digital check area of a CODE of software; the private key is only used once when software is integrated and is not stored in the BMS internal program; the public key is disclosed in a certain development and use range of strict authorization, and the BMS software information security can be effectively improved.
And 102, checking the first asymmetric digital check value by using the first public key to obtain a first check value.
That is, the first asymmetric digital check value of the code region is checked with the public key existing inside the BMS, and the first check value is generated.
Step 103, obtaining first data except the boot area and the asymmetric digital check area in the software, and performing first hash calculation on the first data to obtain a first hash value.
Illustratively, as shown in fig. 3, in the code area (or code area plus calibration data area) calibration, the Boot program calculates SHA512 of all data of the code area or code+calibration area (with the asymmetric digital calibration area removed), and generates a first hash value.
And step 104, when the first check value is consistent with the first hash value, judging that the software is not tampered.
Further, when the first check value and the first hash value prove that the software is tampered by unauthorized personnel, the software stops running.
That is, in the process of upgrading software, firstly, data of a program to be written is pre-checked, wherein the pre-checking process is as follows: and acquiring a first asymmetric digital check value in the asymmetric digital check area of the software and a first public key of the software, checking the first asymmetric digital check value by using the first public key to obtain a first check value, acquiring first data except the guide area and the asymmetric digital check area in the software, performing first hash calculation on the first data to obtain a first hash value, comparing the first check value with the first hash value, and proving that the software is not tampered when the first check value is identical with the first hash value. Only when the software is not tampered, the software is sent to the software upgrading end.
The software providing end can be a device for providing software, such as a diagnosis gun.
Furthermore, in the process of upgrading the software, the condition that the calibration data of the BMS program is modified by unauthorized personnel also exists, and specifically, if the calibration data of the BMS program is modified by unauthorized personnel, the calibration data cannot be verified during the process of upgrading the program, and the problem and hidden danger on the safety or performance of the vehicle exist. To avoid this, the method further comprises the steps of, before acquiring the asymmetric digital check value in the asymmetric digital check area of the software and the public key of the software or before acquiring all data in the software except the boot area and the asymmetric digital check area: after the software is powered on, second data except a check area in a calibration data area of the software are obtained; checking the second data by using a preset checking algorithm to obtain a calibration data area checking value; acquiring a preset check value in the check area; and starting the software when the calibration data area check value is consistent with the preset check value. When the calibration data area check value is consistent with the preset check value, the checked data is proved to be not tampered, and the software providing end can be started.
Illustratively, in the development stage, the calibration data area is mainly checked by using a CRC algorithm, CRC data is stored in the last position 4Bytes of the calibration data area for data checking of the calibration area, and the algorithm can be a mathematical algorithm of CRC 32 disclosed by the algorithm.
When the BMS is powered on and started, the Boot program checks all data of the calibration data area (removes the CRC check area) according to the CRC algorithm, then the data are compared with the numerical value of the CRC check area, if the data are inconsistent, the data of the calibration data area are considered to be changed in an unauthorized mode, the BMS is not started continuously, and the BMS enters a stop state.
Normally, the parameters of the real-time online calibration process of a development engineer can be normally adjusted, the parameters are not affected, and the development engineer is automatically disabled after power-down; if the BMS needs to be automatically embodied when being electrified next time, a new CRC value needs to be calculated manually or by a tool, and the new CRC value and other data of the calibration area are burnt into a FLASH area of the BMS together.
The algorithm is suitable for general verification in a development stage, can prevent general unauthorized developers from permanently changing programs, and has the verification function of being closed after mass production and being converted into verification together with a code area. The CRC algorithm may be replaced by other public checking algorithms, such as CCITT, according to requirements.
That is, before executing the program for writing, the software provider performs pre-verification on its own program by using a preset verification algorithm, where the verification mode is mainly the above-mentioned code area (or code area plus calibration data area) verification method, and starts the program writing flow after verification.
And step 105, after judging that the software is not tampered, sending the software to a software upgrading end.
The embodiment of the invention checks the first asymmetric digital check value in the asymmetric digital check area by using the first public key at the software providing end, compares the checked first check value with the first hash value obtained by carrying out hash calculation on the data (namely, the first data), determines that the software program is not tampered when the first check value is consistent with the first hash value, and sends the software to the software upgrading end under the condition that the software program is not tampered, namely, before the software is sent to the software upgrading end, the software needs to be checked in advance, thereby ensuring that the software is not destroyed, and improving the reliability of the software upgrading.
Further, after the software is sent to the software upgrading end, in the process of program refreshing, the diagnostic instrument can continue to perform conventional CRC32 check on the transmitted program data after the whole program is downloaded or the program is downloaded in a segmented mode, so that the data is prevented from being interfered in the transmission process; in combination with the pre-verification of the diagnostic instrument, the brushing process is guaranteed to be reliable and trusted.
Specifically, the conventional CRC32 checking method is to check the calibration data area, store CRC data at the last position 4Bytes of the calibration data area for data checking of the calibration area, and the algorithm can be a mathematical algorithm of CRC32 disclosed by the algorithm.
It should be noted that if the BMS main chip does not have a dedicated hardware security module to perform data verification, when the BMS is powered on and started, there may be an excessively long verification time, so that the data verification can be cancelled according to the actual power on, and only the complete data verification mode during software upgrading is reserved, that is, the code area (or code area plus calibration data area) verification method can be directly performed for verification, so that the verification process is simple and safe, and data leakage is not easy to cause.
Therefore, the embodiment of the invention realizes the integrity and feasibility of the program by adopting routine and asymmetric verification operation of the program for the BMS controller, is easier to operate, is easy to verify in each link of use, and also gives consideration to the convenience of calibration and development in different BMS development stages; the possibility of information leakage is greatly reduced, the BMS software information safety is improved, and the maintenance and management are convenient.
The embodiment of the invention also discloses a software upgrading control method which is applied to a software upgrading end, as shown in fig. 4, and comprises the following steps:
Step 401, after the software is upgraded, obtaining a second asymmetric digital check value in the asymmetric digital check area of the software and a second public key of the software.
And step 402, checking the second asymmetric digital check value by using the second public key to obtain a second check value.
Step 403, obtaining third data except the boot area and the asymmetric digital verification area in the software, and performing third hash calculation on the third data to obtain a third hash value.
And step 404, when the second check value is consistent with the third hash value, judging that the software upgrade is successful.
Further, after determining that the software upgrade is successful, the method further includes: generating a flag bit of successful software upgrading, and writing the flag bit to a preset position; after the software is powered on next time, judging whether the flag bit of the preset position is read or not; and when the flag bit at the preset position is read, judging that the software can be started normally.
That is, after the software upgrading, the control unit ECU of the software upgrading end executes the above-mentioned CODE area (or CODE area plus calibration data area) checking method for the received program, that is, the ECU checks the asymmetric digital check value of the CODE area after the upgrading is completed, so as to obtain the above-mentioned second check value and third hash value, when the second check value is consistent with the third hash value, and the upgrading is proved to be successful at this time, the program is written into the specific location of FLASH, and if the successful sign of the location is read when the ECU is powered on next time, the method can be started normally.
After the software is upgraded, the second asymmetric digital check value in the asymmetric digital check area is checked by the second public key at the software upgrading end, the checked second check value is compared with a third hash value obtained by carrying out hash calculation on data (namely third data) to be checked, and when the first check value is consistent with the third hash value, the success of the software upgrading is determined. That is, after the software is upgraded, by post verification after the software is upgraded, no error can be ensured in the analysis of the software, and the problem of software refreshing failure caused by analysis error is avoided, so that the reliability of the software upgrade can be improved. By checking the updated software, risks of accidental damage and unauthorized modification of the BMS program in file transmission, wireless communication, wired communication and other use processes are greatly reduced, and reliability and credibility level of the whole vehicle BMS are improved.
According to the invention, the BMS Cheng Xujin is subjected to asymmetric digital verification through an RSA algorithm which cannot be cracked under the conventional conditions, so that the confidentiality is extremely high, the reliability is extremely high, and the risks of accidental damage and unauthorized modification of the BMS program in the processes of file transmission, wireless communication, wired communication and other use are greatly reduced. The possibility of BMS program failure or attack and destruction is avoided. And the reliability and the credibility level of the whole BMS are improved. The invention also adopts routine and asymmetric verification operation of the program to the BMS controller to realize the integrity and feasibility of the program, is easier to operate, is easy to verify in each link of use, and also takes the convenience of calibration and development into consideration in different BMS development stages; the possibility of information leakage is greatly reduced, the BMS software information safety is improved, and the maintenance and management are convenient.
The embodiment of the invention also discloses a software upgrading control device which is applied to the software providing end, as shown in fig. 5, and comprises:
a first obtaining module 51, configured to obtain a first asymmetric digital check value in an asymmetric digital check area of software and a first public key of the software, and details thereof are described with reference to step 101;
a first verification module 52, configured to verify the first asymmetric digital verification value by using the first public key to obtain a first verification value, where details are described in reference to step 102;
A first calculation module 53, configured to obtain first data in the software except for the boot area and the asymmetric digital verification area, and perform a first hash calculation on the first data to obtain a first hash value, where details are described in reference to step 103;
a first judging module 54, configured to judge that the software is not tampered when the first check value is consistent with the first hash value, where details are described with reference to step 104;
The sending module 55 is configured to send the software to the software upgrading end after determining that the software has not been tampered, and details are described in reference to step 105.
The embodiment of the invention also discloses a software upgrading control device which is applied to a software upgrading end, as shown in fig. 6, and comprises:
a second obtaining module 61, configured to obtain, after the software is upgraded, a second asymmetric digital verification value in the asymmetric digital verification area of the software and a second public key of the software, where details are described in reference to step 401;
a second verification module 62, configured to verify the second asymmetric digital verification value by using the second public key to obtain a second verification value, where details are described in reference to step 402;
a hash calculation module 63, configured to obtain third data except the boot area and the asymmetric digital verification area in the software, and perform a third hash calculation on the third data to obtain a third hash value, where details are described in reference to step 403;
a second determining module 64, configured to determine that the software upgrade is successful when the second check value is consistent with the third hash value, as described in detail with reference to step 404.
Embodiments of the present invention also provide an apparatus, as shown in fig. 7, which may include a processor 701 and a memory 702, where the processor 701 and the memory 702 may be connected by a bus or otherwise, and in fig. 5, the connection is exemplified by a bus.
The processor 701 may be a central processing unit (Central Processing Unit, CPU). The Processor 701 may also be any other general purpose Processor, digital signal Processor (DIGITAL SIGNAL Processor), application SPECIFIC INTEGRATED Circuit (ASIC), field-Programmable gate array (Field-Programmable GATE ARRAY, FPGA) or other Programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination thereof.
The memory 702 is used as a non-transitory computer readable storage medium for storing non-transitory software programs, non-transitory computer executable programs, and modules, such as program instructions/modules corresponding to the software upgrade control method in the embodiments of the present invention. The processor 701 executes various functional applications of the processor and data processing by running non-transitory software programs, instructions, and modules stored in the memory 702, that is, implements the software upgrade control method in the above-described method embodiments.
Memory 702 may include a storage program area that may store an operating system, at least one application program required for functionality, and a storage data area; the storage data area may store data created by the processor 701, or the like. In addition, the memory 702 may include high-speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, memory 702 may optionally include memory located remotely from processor 701, such remote memory being connectable to processor 701 through a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The one or more modules are stored in the memory 702 and when executed by the processor 701, perform the software upgrade control method of the embodiment shown in fig. 1.
The specific details of the electronic device may be understood correspondingly with respect to the corresponding related descriptions and effects in the embodiment shown in fig. 1, which are not repeated herein.
It will be appreciated by those skilled in the art that implementing all or part of the above-described embodiment method may be implemented by a computer program to instruct related hardware, where the program may be stored in a computer readable storage medium, and the program may include the above-described embodiment method when executed. Wherein the storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a random access Memory (RandomAccessMemory, RAM), a flash Memory (flash Memory), a hard disk (HARD DISK DRIVE, abbreviated as HDD), a Solid state disk (Solid-STATE DRIVE, SSD), or the like; the storage medium may also comprise a combination of memories of the kind described above.
Although embodiments of the present invention have been described in connection with the accompanying drawings, various modifications and variations may be made by those skilled in the art without departing from the spirit and scope of the invention, and such modifications and variations are within the scope of the invention as defined by the appended claims.
Claims (7)
1. The software upgrading control method is characterized by being applied to a software providing end and comprising the following steps of:
Acquiring a first asymmetric digital check value in a software asymmetric digital check area and a first public key of the software;
checking the first asymmetric digital check value by using the first public key to obtain a first check value;
acquiring first data except a guide area and the asymmetric digital verification area in the software, and performing first hash calculation on the first data to obtain a first hash value;
When the first check value is consistent with the first hash value, judging that the software is not tampered;
After judging that the software is not tampered, sending the software to a software upgrading end;
Before acquiring the asymmetric digital check value in the asymmetric digital check area of the software and the public key of the software or before acquiring all data except the boot area and the asymmetric digital check area in the software, the method further comprises:
after the software is powered on, second data except a check area in a calibration data area of the software are obtained;
Checking the second data by using a preset checking algorithm to obtain a calibration data area checking value;
acquiring a preset check value in the check area;
And starting the software when the calibration data area check value is consistent with the preset check value.
2. The method of claim 1, further comprising, prior to obtaining the asymmetric digital check value in the asymmetric digital check area of the software and the public key of the software:
when the software is integrated, performing second hash calculation on the first data to obtain a second hash value;
And encrypting the second hash value by using a private key to obtain the asymmetric digital check value, wherein the private key corresponds to the public key.
3. The method of claim 2, wherein the public key and the private key are derived using an asymmetric encryption algorithm.
4. A method according to claim 3, wherein the asymmetric encryption algorithm is an RSA algorithm.
5. A software upgrade control apparatus, applied to a software providing terminal, comprising:
The first acquisition module is used for acquiring a first asymmetric digital check value in the asymmetric digital check area of the software and a first public key of the software;
The first verification module is used for verifying the first asymmetric digital verification value by using the first public key to obtain a first verification value;
The first calculation module is used for acquiring first data except the guide area and the asymmetric digital verification area in the software, and performing first hash calculation on the first data to obtain a first hash value;
The first judging module is used for judging that the software is not tampered when the first check value is consistent with the first hash value;
The sending module is used for sending the software to a software upgrading end after judging that the software is not tampered;
Before acquiring the asymmetric digital check value in the asymmetric digital check area of the software and the public key of the software or before acquiring all data except the boot area and the asymmetric digital check area in the software, the method further comprises: after the software is powered on, second data except a check area in a calibration data area of the software are obtained; checking the second data by using a preset checking algorithm to obtain a calibration data area checking value; acquiring a preset check value in the check area; and starting the software when the calibration data area check value is consistent with the preset check value.
6. An electronic device, comprising:
at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to cause the at least one processor to perform the steps of the software upgrade control method of any one of claims 1-4.
7. A computer readable storage medium having stored thereon a computer program, wherein the computer program when executed by a processor implements the steps of the software upgrade control method according to any one of claims 1-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111162350.4A CN113849212B (en) | 2021-09-30 | 2021-09-30 | Software upgrading control method and device and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111162350.4A CN113849212B (en) | 2021-09-30 | 2021-09-30 | Software upgrading control method and device and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113849212A CN113849212A (en) | 2021-12-28 |
| CN113849212B true CN113849212B (en) | 2024-05-14 |
Family
ID=78977558
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111162350.4A Active CN113849212B (en) | 2021-09-30 | 2021-09-30 | Software upgrading control method and device and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113849212B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114385215B (en) * | 2022-03-25 | 2022-06-24 | 江铃汽车股份有限公司 | Software upgrading method and system |
| CN114615075B (en) * | 2022-03-28 | 2023-04-25 | 重庆长安汽车股份有限公司 | Software tamper-proof system and method of controller and storage medium |
| CN115421756B (en) * | 2022-09-16 | 2023-07-18 | 杭州云动智能汽车技术有限公司 | Service type gateway upgrading method |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20100012595A (en) * | 2008-07-29 | 2010-02-08 | 콘티넨탈 오토모티브 시스템 주식회사 | Method for controlling operation of an ecu |
| CN102572595A (en) * | 2012-02-03 | 2012-07-11 | 深圳市同洲电子股份有限公司 | IPTV upgrade package structure, upgrading method and startup calibration method |
| CN107678765A (en) * | 2017-10-12 | 2018-02-09 | 北方电子研究院安徽有限公司 | A kind of online upgrading method based on C8051F series monolithics |
| CN110378104A (en) * | 2018-04-16 | 2019-10-25 | 北京升鑫网络科技有限公司 | A method of upgrading is anti-to distort |
| CN110417808A (en) * | 2019-08-08 | 2019-11-05 | 深圳市英博超算科技有限公司 | Tamper resistant method, device, system and terminal |
| CN111385191A (en) * | 2018-12-28 | 2020-07-07 | 联合汽车电子有限公司 | Vehicle-mounted interconnected gateway, vehicle OTA upgrading system and method and computer storage medium |
| CN111625295A (en) * | 2020-05-22 | 2020-09-04 | 苏州浪潮智能科技有限公司 | Embedded system starting method, device, equipment and storage medium |
| CN112379932A (en) * | 2020-11-23 | 2021-02-19 | 歌尔科技有限公司 | Boot method and Boot device of electronic equipment and electronic equipment |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR100791304B1 (en) * | 2006-07-24 | 2008-01-04 | 삼성전자주식회사 | Apparatus, system and method for software upgrading |
| JP6332970B2 (en) * | 2011-02-11 | 2018-05-30 | シーメンス・ヘルスケア・ダイアグノスティックス・インコーポレーテッドSiemens Healthcare Diagnostics Inc. | System and method for secure software update |
| US10642781B2 (en) * | 2017-04-07 | 2020-05-05 | Qualcomm Incorporated | Boot time determination of calibration parameters for a component coupled to a system-on-chip |
-
2021
- 2021-09-30 CN CN202111162350.4A patent/CN113849212B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20100012595A (en) * | 2008-07-29 | 2010-02-08 | 콘티넨탈 오토모티브 시스템 주식회사 | Method for controlling operation of an ecu |
| CN102572595A (en) * | 2012-02-03 | 2012-07-11 | 深圳市同洲电子股份有限公司 | IPTV upgrade package structure, upgrading method and startup calibration method |
| CN107678765A (en) * | 2017-10-12 | 2018-02-09 | 北方电子研究院安徽有限公司 | A kind of online upgrading method based on C8051F series monolithics |
| CN110378104A (en) * | 2018-04-16 | 2019-10-25 | 北京升鑫网络科技有限公司 | A method of upgrading is anti-to distort |
| CN111385191A (en) * | 2018-12-28 | 2020-07-07 | 联合汽车电子有限公司 | Vehicle-mounted interconnected gateway, vehicle OTA upgrading system and method and computer storage medium |
| CN110417808A (en) * | 2019-08-08 | 2019-11-05 | 深圳市英博超算科技有限公司 | Tamper resistant method, device, system and terminal |
| CN111625295A (en) * | 2020-05-22 | 2020-09-04 | 苏州浪潮智能科技有限公司 | Embedded system starting method, device, equipment and storage medium |
| CN112379932A (en) * | 2020-11-23 | 2021-02-19 | 歌尔科技有限公司 | Boot method and Boot device of electronic equipment and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113849212A (en) | 2021-12-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113849212B (en) | Software upgrading control method and device and electronic equipment | |
| CN110134412B (en) | Software updating method, device, vehicle and computer readable storage medium | |
| KR101600460B1 (en) | System for electric control unit upgrade with security functions and method thereof | |
| WO2020124985A9 (en) | Secure firmware upgrade method, device, on-board system, and vehicle | |
| EP3623939A1 (en) | Method and apparatus for wirelessly updating software for vehicle | |
| CN111142500B (en) | Permission setting method and device for vehicle diagnosis data and vehicle-mounted gateway controller | |
| CN113645590B (en) | Method, device, equipment and medium for remotely controlling vehicle based on encryption algorithm | |
| CN110989564B (en) | Automobile data diagnosis method and device | |
| JP6712538B2 (en) | Tamper detection system | |
| WO2022077922A1 (en) | Learning method and apparatus for tire pressure monitoring system, and sensor, system, and medium | |
| CN110427784A (en) | A kind of security gateway device and safety communicating method of vehicle | |
| CN108482308B (en) | Electric vehicle safety control method and device, storage medium and electric vehicle | |
| Khodari et al. | Decentralized firmware attestation for in-vehicle networks | |
| CN113805916A (en) | Upgrading method, system, readable storage medium and vehicle | |
| KR101675223B1 (en) | Watchdog, security system and method for watchdog | |
| JP6483461B2 (en) | Management method, management program, management device, management system, and information processing method | |
| CN115495123A (en) | Flash method and system of hardware security module | |
| CN112925546B (en) | Multistage verification method and system for preventing vehicle-mounted ECU from refreshing errors | |
| CN114338073A (en) | Protection method, system, storage medium and equipment for vehicle-mounted network | |
| US10789365B2 (en) | Control device and control method | |
| CN111746464A (en) | Matching code generation method and device for anti-theft verification | |
| CN115576302A (en) | Vehicle-mounted network secure communication testing method and system, electronic equipment and storage medium | |
| CN113132995B (en) | Equipment control method and device, storage medium and computer equipment | |
| CN113341914B (en) | Timing processing method, system and device of engine | |
| CN117873015A (en) | Implementation method, system and storage medium for loading EOL software on production line |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |