CN114090115A - Starting verification method, device, equipment and storage medium - Google Patents
Starting verification method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN114090115A CN114090115A CN202111282674.1A CN202111282674A CN114090115A CN 114090115 A CN114090115 A CN 114090115A CN 202111282674 A CN202111282674 A CN 202111282674A CN 114090115 A CN114090115 A CN 114090115A
- Authority
- CN
- China
- Prior art keywords
- firmware
- signature
- mcu
- wpt
- application
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44505—Configuring for program initiating, e.g. using registry, configuration files
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/61—Installation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
- G06F8/71—Version control; Configuration management
Abstract
The invention discloses a method, a device, equipment and a storage medium for starting verification, which relate to the field of communication and are used for ensuring the network security of WPT in the starting process on the premise of not adding an additional chip, and comprise the following steps: the method comprises the steps that an MCU (microprogrammed control unit) acquires a first application program firmware in the WPT, and determines a first signature of the first application program firmware under the condition that the first application program firmware passes verification of a second application program firmware; the second application program firmware is stored in the MCU in advance; starting the WPT under the condition that the signature parameters including the first signature meet the preset conditions; wherein the preset conditions include: the first signature passes the verification of the second signature; the second signature is pre-stored in the MCU.
Description
Technical Field
The present invention relates to the field of communications, and in particular, to a method, an apparatus, a device, and a storage medium for starting calibration.
Background
Along with the development of automobiles and smart phones, more and more mobile phones supporting wireless charging technology are provided, and automobile manufacturers also set vehicle-mounted wireless charging devices on the automobiles. The wireless charging device includes a wireless power transmitter IC (WPT), and in order to ensure network security of the WPT during the starting process, a chip is usually disposed in the wireless charging device, and the WPT is safely started by using a symmetric encryption algorithm through the chip.
However, in the above secure boot method, an additional dedicated chip needs to be provided in the wireless charging device, which results in poor versatility and high cost.
Disclosure of Invention
Embodiments of the present invention provide a start verification method, apparatus, device, and storage medium, which are used to ensure network security of a WPT during a start process without adding an additional chip.
In order to achieve the purpose, the embodiment of the invention adopts the following technical scheme:
in a first aspect, a start-up verification method is provided, which is applied to a Micro Controller Unit (MCU) and includes: the method comprises the steps that an MCU (microprogrammed control unit) acquires a first application program firmware in the WPT, and determines a first signature of the first application program firmware under the condition that the first application program firmware passes verification of a second application program firmware; the second application program firmware is stored in the MCU in advance; starting the WPT under the condition that the signature parameters including the first signature meet the preset conditions; the preset conditions include: the first signature passes the verification of the second signature; the second signature is pre-stored in the MCU.
According to the method for verifying the boot quota, the WPT firmware identical to the interior of the WPT is stored in the MCU on the premise that an additional encryption chip is not added, the MCU acquires the first application program firmware in the WPT, and after the first application program firmware is acquired, the MCU verifies the first application program firmware through the second application program firmware stored in the MCU. And under the condition that the first application program firmware passes the verification, the MCU calculates the first application program firmware through an asymmetric encryption algorithm and generates a first signature of the first application program firmware. And the MCU verifies the first signature through a second signature pre-stored in the MCU, and the WPT is started under the condition that the first signature passes the verification. In the starting verification method provided by the invention, no additional encryption chip is required to be added in WPT, so that the starting verification method is more economical. And the MCU is used for calculation and verification, and the WPT is not needed to perform related calculation, so that the starting time of the WPT is saved, and meanwhile, whether the MCU and the WPT are attacked and tampered can be determined, and the method is safer and more universal.
In one possible design, the MCU acquiring the first application firmware in the wireless power transmitter integrated circuit WPT includes: and under the condition that the communication baud rate between the MCU and the WPT passes the verification, the MCU acquires the first application program firmware from the WPT.
In one possible design, in a case where the WPT includes a built-in loaded firmware, the signature parameter further includes a first loaded firmware signature, and the preset condition further includes: the first loading firmware signature passes the verification of the second loading firmware signature; the first loading firmware signature is a signature of the built-in loading firmware, and the second loading firmware signature is a signature of the loading firmware pre-stored in the MCU.
In one possible design, in response to receiving a request update message, the MCU obtains an update package of the firmware of the first application; the request update message is for requesting an update of the first application firmware. The MCU updates the second application program firmware based on the update package of the first application program firmware, and updates the second signature based on the updated second application program firmware.
In one possible design, after the first application firmware is updated, the MCU obtains the updated first application firmware from the WPT and determines a signature of the updated first application firmware. And under the condition that the signature of the updated first application program firmware passes the verification of the updated second signature, the MCU determines that the first application program firmware is successfully updated.
In a second aspect, a start-up verification apparatus is provided, where the start-up verification apparatus is disposed in an MCU and includes an obtaining unit, a determining unit, and a processing unit. The obtaining unit is configured to obtain a first application firmware in the wireless power transmitter integrated circuit WPT. The determining unit is used for determining a first signature of the first application firmware under the condition that the first application firmware passes the verification of the second application firmware; the second application firmware is pre-stored in the MCU. The processing unit is used for starting the WPT under the condition that the signature parameters including the first signature meet a preset condition; the preset conditions include: the first signature passes the verification of the second signature; the second signature is pre-stored in the MCU.
In one possible design, the obtaining unit is specifically configured to obtain the first application firmware from the WPT when the communication baud rate between the MCU and the WPT passes the verification.
In one possible design, in a case where the WPT includes a built-in loaded firmware, the signature parameter further includes a first loaded firmware signature, and the preset condition further includes: the first loading firmware signature passes the verification of the second loading firmware signature; the first loading firmware signature is a signature of the built-in loading firmware, and the second loading firmware signature is a signature of the loading firmware pre-stored in the MCU.
In one possible embodiment, the start-up verification device further includes an updating unit. The acquisition unit is also used for responding to the received request updating message and acquiring an updating packet of the firmware of the first application program; the request update message is for requesting an update of the first application firmware. The updating unit is used for updating the second application program firmware based on the updating package of the first application program firmware acquired by the acquiring unit. And the updating unit is also used for updating the second signature based on the updated second application program firmware.
In one possible design, the obtaining unit is further configured to obtain the updated first application firmware from the WPT after the first application firmware is updated. The determining unit is further configured to determine a signature of the updated first application firmware. The determining unit is further configured to determine that the first application firmware update is successful if the signature of the updated first application firmware passes the verification of the updated second signature.
In a third aspect, a vehicle-mounted terminal is provided, which includes a memory and a processor; a memory for storing computer program code comprising computer instructions, which when executed by the processor, the in-vehicle terminal performs the start-up verification method as provided by the first aspect or any one of its possible implementations, is coupled to the processor.
In a fourth aspect, a computer-readable storage medium is provided, where instructions are stored, and when the instructions are executed on a vehicle-mounted terminal, the vehicle-mounted terminal is caused to execute the start verification method provided in the first aspect or any possible implementation manner thereof.
Drawings
Fig. 1 is a first structural schematic diagram of a vehicle-mounted control system according to an embodiment of the present invention;
fig. 2 is a structural schematic diagram of a vehicle-mounted control system according to an embodiment of the present invention;
fig. 3 is a first flowchart illustrating a start verification method according to an embodiment of the present invention;
fig. 4 is a schematic flowchart illustrating a second flowchart of a start verification method according to an embodiment of the present invention;
fig. 5 is a schematic flow chart of a start-up verification method according to an embodiment of the present invention;
fig. 6 is a schematic flow chart of a start-up verification method according to an embodiment of the present invention;
fig. 7 is a schematic flowchart of a start verification method according to an embodiment of the present invention;
fig. 8 is a schematic structural diagram of a start-up verification apparatus according to an embodiment of the present invention;
fig. 9 is a first structural diagram of a vehicle-mounted terminal according to an embodiment of the present invention;
fig. 10 is a structural schematic diagram of a vehicle-mounted terminal according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be described below with reference to the drawings in the embodiments of the present invention.
In the embodiments of the present invention, words such as "exemplary" or "for example" are used to mean serving as examples, illustrations or descriptions. Any embodiment or design described as "exemplary" or "e.g.," an embodiment of the present invention is not necessarily to be construed as preferred or advantageous over other embodiments or designs. Rather, use of the word "exemplary" or "such as" is intended to present concepts related in a concrete fashion.
In the description of the present invention, "/" means "or" unless otherwise specified, for example, a/B may mean a or B. "and/or" herein is merely an association describing an associated object, and means that there may be three relationships, e.g., a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. Further, "at least one" or "a plurality" means two or more. The terms "first", "second", and the like do not necessarily limit the number and execution order, and the terms "first", "second", and the like do not necessarily limit the difference.
In the prior art, a chip is usually arranged in a wireless charging device, and WPT is securely started by the chip by adopting a symmetric encryption algorithm. However, in the above secure boot method, an additional dedicated chip needs to be provided in the wireless charging device, which results in poor versatility and high cost.
In order to solve the above problems, the present invention provides a start verification method, apparatus, device and storage medium, where on the premise that no additional encryption chip is added, a Micro Control Unit (MCU) stores a WPT firmware (wireless power transmitter firmware) that is the same as the inside of the WPT, the MCU acquires a first application firmware in the WPT, and after acquiring the first application firmware, the MCU verifies the first application firmware through a second application firmware stored inside. And under the condition that the first application program firmware passes the verification, the MCU calculates the first application program firmware through an asymmetric encryption algorithm and generates a first signature of the first application program firmware. And the MCU verifies the first signature through a second signature pre-stored in the MCU, and the WPT is started under the condition that the first signature passes the verification. In the starting verification method provided by the invention, no additional encryption chip is required to be added in WPT, so that the starting verification method is more economical. And the MCU is used for calculation and verification, and the WPT is not needed to perform related calculation, so that the starting time of the WPT is saved, and meanwhile, whether the MCU and the WPT are attacked and tampered can be determined, and the method is safer and more universal.
The starting verification method provided by the embodiment of the invention can be suitable for a vehicle-mounted control system. Fig. 1 shows a schematic configuration of the on-board control system. As shown in fig. 1, an in-vehicle control system 10 is used to ensure a safe start of WPT. The in-vehicle control system 10 includes a MCU11 and a WPT 12. The MCU11 is connected to the WPT 12. The MCU11 and the WPT12 may be connected via a Serial Peripheral Interface (SPI) and an I2C bus (I2C).
The MCU11 may be located in a vehicle terminal, and a user may control other elements and devices in the vehicle by controlling the MCU.
The WPT12 may be located in a wireless charging apparatus for wirelessly charging a device that supports wireless charging.
Fig. 2 shows a schematic structural diagram of an in-vehicle control system, and as shown in fig. 2, WPT firmware in the WPT22 is stored in advance in APP firmware of the MCU 21. The WPT firmware comprises loading firmware, application program firmware and application program firmware signature. The loading firmware is used for guiding the application firmware to start, and the application firmware is used for enabling the WPT to realize the operation according to the standard drive.
In practical application, the start verification method provided by the embodiment of the invention can be applied to the MCU, the vehicle-mounted terminal, and a start verification device in the vehicle-mounted terminal or other similar devices. The following describes the start-up verification method provided in the embodiment of the present invention, taking the application of the start-up verification method to the MCU as an example, with reference to the accompanying drawings.
As shown in fig. 3, the start-up verification method provided in the embodiment of the present invention includes the following steps S301 to S305.
S301, the MCU acquires the first application program firmware in the WPT.
The first application firmware is application firmware stored inside the WPT.
As a possible implementation manner, after receiving an instruction of the WPT started by the user, the MCU obtains, through an interface between the MCU and the WPT, the first application firmware stored in the WPT.
It should be noted that the interface between the MCU and the WPT may be an I2C interface or an SPI interface, which is not limited in the present invention.
S302, the MCU judges whether the first application program firmware passes the verification of the second application program firmware.
And the second application program firmware is stored in the MCU in advance.
As a possible implementation manner, the MCU obtains a second application firmware stored inside the MCU, and after the MCU obtains the first application firmware, the second application firmware is used to verify the first application firmware.
In order to enable the MCU to store the second application firmware in advance, the MCU may acquire the application firmware stored in the WPT from the WPT when the WPT is first installed or registered. Further, the MCU stores the obtained application firmware as a second application firmware in the MCU.
It can be understood that the MCU determines whether the first application firmware is tampered with by an attack by comparing whether the first application firmware and the second application firmware are consistent. If the first application program firmware is inconsistent with the second application program firmware, determining that the first application program firmware does not pass the verification of the second application program firmware, namely determining that the first application program firmware is tampered by attack; and if the first application program firmware is consistent with the second application program firmware, determining that the first application program firmware passes the verification of the second application program firmware, namely determining that the first application program firmware is not tampered by attack.
S303, under the condition that the first application program firmware passes the verification of the second application program firmware, the MCU determines a first signature of the first application program firmware;
the first signature is used for verifying and identifying the first application program firmware.
As a possible implementation manner, in a case where the MCU determines that the first application firmware passes the verification of the second application firmware, the MCU calculates the first application firmware through an asymmetric encryption algorithm to generate a first signature.
Illustratively, the first signature may be 256 bytes of data.
In some embodiments, if the MCU determines that the first application firmware does not pass the verification of the second application firmware, the MCU stops starting the WPT by controlling WPT _ Power _ EN.
Wherein WPT _ Power _ EN is used to control the energization state of WPT.
In this step, reference may be made to the prior art for how to calculate and generate a signature using an asymmetric cryptographic algorithm, which is not limited by the present invention.
S304, the MCU judges whether the first signature passes the verification of the second signature.
And the second signature is stored in the MCU in advance. The second signature is used to verify and identify the second application firmware.
As a possible implementation manner, the MCU obtains the second signature stored inside the MCU, and after the MCU generates the first signature, determines whether the first signature is consistent with the second signature.
It should be noted that, in order to enable the MCU to store the second signature in advance, the MCU may be generated by calculation through an asymmetric encryption algorithm after the WPT is installed or registered for the first time. Further, the MCU stores the generated second signature in the MCU.
It will be appreciated that the MCU has determined whether the first signature has been tampered with by an attack by comparing whether the first signature and the second signature are identical. If the first signature is inconsistent with the second signature, determining that the first signature does not pass the verification of the second signature, namely determining that the first application program firmware is tampered by attack; and if the first signature is consistent with the second signature, determining that the first signature passes the verification of the second signature, namely determining that the first application program firmware is not tampered by the attack.
S305, the MCU starts the WPT under the condition that the signature parameter including the first signature meets the preset condition.
Wherein the preset conditions include: the first signature passes verification of the second signature.
As a possible implementation manner, when the first signature passes the verification of the second signature, the MCU determines that the signature parameter including the first signature satisfies the preset condition, and then starts the WPT.
It should be noted that the MCU may start WPT by controlling WPT _ Power _ EN.
In some embodiments, the MCU stops starting the WPT by controlling the WPT _ Power _ EN if the signature parameter does not satisfy the preset condition.
In one design, in order to determine whether the WPT can be safely started, as shown in fig. 4, the start-up verification method provided in the embodiment of the present invention further includes the following steps S306 to S307.
S306, the MCU acquires the communication baud rate between the MCU and the WPT.
It should be noted that the interface between the MCU and the WPT may be SPI, or may be an I2C serial bus.
How to obtain the communication baud rate in this step can refer to the prior art, which is not limited by the present invention.
S307, the MCU judges whether the communication baud rate between the MCU and the WPT passes the verification.
As a possible implementation manner, after determining the communication baud rate between the MCU and the WPT, the MCU determines whether the interface between the MCU and the WPT is tampered with by comparing the determined communication baud rate with a preset communication baud rate. If the communication baud rate between the MCU and the WPT is different from the preset communication baud rate, determining that the communication baud rate between the MCU and the WPT does not pass the verification, namely determining that the interface between the MCU and the WPT is attacked and tampered; and if the actual communication baud rate is the same as the preset communication baud rate, determining that the communication baud rate between the MCU and the WPT passes the verification, namely determining that the interface between the MCU and the WPT is not tampered by attack.
Under the above circumstances, S301 provided in the embodiment of the present invention specifically includes the following S3011:
s3011, under the condition that the communication baud rate between the MCU and the WPT passes the verification, the MCU acquires the first application program firmware from the WPT.
As a possible implementation manner, after determining that the communication baud rate between the MCU and the WPT is the same as the preset communication baud rate, the MCU acquires the first application firmware from the WPT through the verified interface, so as to ensure that the data of the first application firmware is not tampered or lost during transmission.
In another case, if the communication baud rates between the MCU and the WPT are different, the MCU stops the WPT by controlling WPT _ Power _ EN.
In some embodiments, the WPT may boot or load the first application firmware through its built-in loading firmware, and thus, in order for the WPT to be able to boot securely, it is also necessary to ensure that the WPT built-in loading firmware is not tampered with by an attack. Thus, in one design, where the WPT includes built-in loaded firmware, the signature parameters further include a first loaded firmware signature, and the preset conditions further include: the first loading firmware signature passes the verification of the second loading firmware signature; the first loading firmware signature is a signature of the built-in loading firmware, and the second loading firmware signature is a signature of the loading firmware pre-stored in the MCU. In order to implement secure boot of WPT, as shown in fig. 5, the boot verification method provided in the embodiment of the present invention further includes S401 to S404.
S401, the MCU acquires the built-in loading firmware in the WPT.
It should be noted that, the method for the MCU to specifically acquire the built-in loading firmware in the WPT may refer to the method for the MCU to acquire the firmware of the first application program in step S301, and details are not described here.
S402, the MCU determines a first loading firmware signature.
And the first loading firmware signature is the signature of the built-in loading firmware.
It should be noted that, the method for the MCU to specifically determine the signature of the first loaded firmware may refer to the method for the MCU to determine the signature of the first application firmware in step S303, which is not described herein again.
S403, the MCU judges whether the first loading firmware signature passes the verification of the second loading firmware signature.
And the second loading firmware signature is stored in the MCU in advance. The second loading firmware signature is used for verifying and identifying the first loading firmware.
It should be noted that, in order to enable the MCU to store the second loaded firmware signature in advance, the MCU may be generated by calculation through an asymmetric encryption algorithm after the WPT is first installed or registered. Further, the MCU stores the generated second loading firmware signature in the MCU.
It should be noted that, the method for the MCU to specifically determine whether the first loaded firmware signature passes the verification of the second loaded firmware signature may refer to the method for the MCU to determine whether the first signature passes the verification of the second signature in step S304, and details are not repeated here.
S404, the MCU starts the WPT under the condition that the signature parameters including the first signature and the first loaded firmware signature meet the preset condition.
As a possible implementation manner, under the condition that the first signature passes the verification of the second signature and the first loaded firmware signature passes the verification of the second loaded firmware signature, the MCU determines that the signature parameters including the first signature and the first loaded firmware signature satisfy the preset condition, and starts the WPT.
In some embodiments, the MCU stops starting the WPT by controlling the WPT _ Power _ EN if the signature parameter does not satisfy the preset condition.
It should be noted that, during the starting process of the WPT, the built-in loading firmware is started first, and the first application program is inactive, so it is determined first whether the first signature passes the verification of the second signature. And then the WPT restarts the first application program, at which time the built-in loading firmware stops working, and the MCU determines whether the signature of the first loading firmware passes the verification of the signature of the second loading firmware. The verification of the built-in loading firmware and the first application program firmware is guaranteed, and the safety of the built-in loading firmware and the first application program firmware in the WPT is guaranteed.
In some embodiments, the WPT may be started from a plug-in loaded firmware, and when the WPT is started by the plug-in loaded firmware, the WPT may be started safely without the need for the MCU to verify the built-in loaded firmware in the WPT.
In one design, when the first application firmware in the WPT needs to be updated, as shown in fig. 6, the boot verification method provided in the embodiment of the present invention further includes S501 to S505.
S501, the MCU responds to the received request updating message and acquires an updating packet of the first application program firmware.
Wherein the request update message is for requesting an update of the first application firmware.
As a possible implementation manner, the MCU receives the request update message and acquires an update package of the firmware of the first application program from the in-vehicle terminal.
In some embodiments, in the case that the update package of the first application firmware is included in the request update message, the MCU may obtain the update package of the first application firmware directly from the request update message.
In other embodiments, a user may import an update package of the first application firmware into the MCU through a storage device such as a usb disk, so that the MCU obtains the update package of the first application firmware
It should be noted that, when the first application firmware has the update content, the request update message may be acquired from a Controller Area Network (CAN).
S502, the MCU updates the second application program firmware based on the update package of the first application program firmware.
As a possible implementation manner, the MCU acquires the updated application firmware based on the update package of the first application firmware, and stores the updated application firmware after deleting the second application firmware pre-stored by the MCU, and determines the updated application firmware as the updated second application firmware.
It should be noted that, in particular, how to obtain the updated application program from the update package may refer to the prior art, and the present invention is not limited thereto.
S503, the MCU updates the second signature based on the updated second application program firmware.
It should be noted that, the method for the MCU to generate the second signature specifically may refer to the method for the MCU to generate the first signature according to the first application firmware in step S303, and is not described herein again.
S504, the MCU verifies the updated second signature.
As a possible implementation manner, the MCU generates a 256-byte third signature through calculation by an asymmetric encryption algorithm based on the updated second application firmware. And after the MCU generates a third signature, the MCU verifies the updated second signature through the third signature.
It should be noted that the second signature is generated by calculation according to the first application firmware in the update package, and the third signature is generated by calculation according to the installed second application firmware, if the signatures of the two signatures fail to verify the signature, it indicates that the second application firmware is lost during installation, or data is lost due to equipment overheating after installation, and therefore, in the case that the signatures of the two signatures fail to verify the signature, the MCU determines that the second application firmware is failed to update, and if the signatures succeed, it indicates that the second application firmware is successfully updated.
It can be understood that the MCU determines whether the second application firmware is successfully updated by comparing the updated second signature with the third signature. If the updated second signature is different from the third signature, determining that the updated second signature does not pass verification, namely determining that the second application program firmware has a problem after installation and fails to update; and if the updated second signature is the same as the third signature, determining that the updated second signature passes verification, namely determining that the firmware of the second application program is successfully updated.
And S505, under the condition that the second application program firmware is updated successfully, the MCU updates the first application program firmware in the WPT.
As a possible implementation manner, in the case that the second application firmware is successfully updated, the MCU sends the updated second application firmware to the WPT through the interface SPI, and updates the first application firmware in the WPT. Specifically, for the updating process of the first application firmware, reference may be made to the updating process of the second application firmware in step S402, which is not described herein again.
In one design, to determine whether the first application firmware is successfully updated, as shown in fig. 7, the boot verification method provided in the embodiment of the present invention further includes S601-S604.
S601, after the first application program firmware is updated, the MCU acquires the updated first application program firmware from the WPT.
It should be noted that, the method for the MCU to specifically obtain the updated first application firmware from the WPT may refer to the method for obtaining the first application firmware in the WPT in step S301, and details thereof are not repeated here.
S602, the MCU determines the signature of the updated first application program firmware.
It should be noted that, the method for the MCU to specifically determine the signature of the updated first application firmware may refer to the method for determining the first signature in step S303, and is not described herein again.
S603, the MCU determines whether the signature of the updated first application program firmware passes the verification of the updated second signature.
It should be noted that, the method for the MCU to specifically determine whether the signature of the updated first application firmware passes the verification of the updated second signature may refer to the method for determining whether the first signature passes the verification of the second signature in step S204, and details thereof are not repeated here.
S604, under the condition that the signature of the updated first application program firmware passes the verification of the updated second signature, the MCU determines that the first application program firmware is updated successfully.
As a possible implementation manner, in a case that the MCU determines that the signature of the updated first application firmware passes the verification of the updated second signature, it indicates that the updated first application firmware is successfully installed in the WPT, and the MCU determines that the update is successful.
In one design, the MCU repeats the above S501-S504 if the signature of the updated first application firmware fails the verification of the updated second signature.
In one design, in order to ensure the communication safety between the MCU and the WPT, the MCU encrypts data to be written into the WPT, and the data is prevented from being intercepted and tampered during channel transmission. For the data read from the WPT, the MCU checks through CRC-16 to ensure the integrity of the data. Meanwhile, the MCU can also determine whether the WPT is attacked by detecting the period of reading data from the WPT. Specifically, when the period of reading data changes, the MCU determines that WPT is attacked. In this case, the MCU stops reading the WPT data to secure communication between the MCU and the WPT.
The invention provides a start-up verification method, a device, equipment and a storage medium, wherein on the premise of not adding an additional encryption chip, a WPT firmware which is the same as the interior of a WPT is stored in an MCU, the MCU acquires a first application program firmware in the WPT, and after the first application program firmware is acquired, the MCU verifies the first application program firmware through a second application program firmware which is stored in the MCU. And under the condition that the first application program firmware passes the verification, the MCU calculates the first application program firmware through an asymmetric encryption algorithm and generates a first signature of the first application program firmware. And the MCU verifies the first signature through a second signature pre-stored in the MCU, and the WPT is started under the condition that the first signature passes the verification. In the starting verification method provided by the invention, no additional encryption chip is required to be added in WPT, so that the starting verification method is more economical. And the MCU is used for calculation and verification, and the WPT is not needed to perform related calculation, so that the starting time of the WPT is saved, and meanwhile, whether the MCU and the WPT are attacked and tampered can be determined, and the method is safer and more universal.
Subsequently, when the application program firmware in the WPT needs to be updated, the start verification method provided by the invention can ensure the safe update of the application program firmware, and avoid the data loss of the updated application program firmware in the installation process, thereby causing system failure.
The scheme provided by the embodiment of the invention is mainly introduced from the perspective of a method. To implement the above functions, it includes hardware structures and/or software modules for performing the respective functions. Those of skill in the art will readily appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as hardware or combinations of hardware and computer software. Whether a function is performed as hardware or computer software drives hardware depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The embodiment of the present invention may perform the division of the functional modules on the user equipment according to the method example, for example, each functional module may be divided corresponding to each function, or two or more functions may be integrated into one processing module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. Optionally, the division of the modules in the embodiment of the present invention is schematic, and is only a logic function division, and there may be another division manner in actual implementation.
Fig. 8 is a schematic structural diagram of a start-up verification apparatus according to an embodiment of the present invention. As shown in fig. 8, the start verification device 70 may be disposed in the vehicle-mounted terminal for executing the start verification method. As shown in fig. 8, the start verifying apparatus 70 includes an obtaining unit 701, a determining unit 702, and a processing unit 703.
An obtaining unit 701 is configured to obtain a first application firmware in the wireless power transmitter integrated circuit WPT. For example, as shown in fig. 3, the obtaining unit 701 may be configured to execute S301.
A determining unit 702, configured to determine a first signature of the first application firmware if the first application firmware passes the verification of the second application firmware. The second application firmware is pre-stored in the MCU. For example, as shown in fig. 3, the determining unit 702 may be configured to perform S303.
A processing unit 703 is configured to start the WPT when a signature parameter including the first signature satisfies a preset condition. The preset conditions include: the first signature passes the verification of the second signature; the second signature is pre-stored in the MCU. For example, as shown in fig. 3, the processing unit 703 may be configured to execute S305.
Optionally, as shown in fig. 8, in the start-up verification apparatus 70 according to the embodiment of the present invention, the obtaining unit 701 is specifically configured to obtain the first application firmware from the WPT when the communication baud rate between the MCU and the WPT passes the verification. For example, as shown in fig. 4, the acquisition unit 701 may be configured to execute S3011.
Optionally, as shown in fig. 8, the start-up verification apparatus 70 according to the embodiment of the present invention further includes an updating unit 704.
The obtaining unit 701 is further configured to obtain an update package of the first application firmware in response to the received request update message. The request update message is for requesting an update of the first application firmware. For example, as shown in fig. 6, the obtaining unit 701 may be configured to perform S501.
An updating unit 704, configured to update the second application firmware based on the update package of the first application firmware acquired by the acquiring unit. For example, as shown in fig. 6, the updating unit 704 may be configured to execute S502.
The updating unit 704 is further configured to update the second signature based on the updated second application firmware. For example, as shown in fig. 6, the updating unit 704 may be configured to execute S503.
Optionally, as shown in fig. 8, in the start-up verification apparatus 70 according to the embodiment of the present invention, the obtaining unit 701 is further configured to obtain the updated first application firmware from the WPT after the first application firmware is updated. For example, as shown in fig. 7, the acquisition unit 701 may be configured to execute S601.
And the determining unit is also used for determining the signature of the updated first application program firmware. For example, as shown in fig. 7, the determining unit 702 may be configured to perform S602.
And the determining unit is further used for determining that the first application program firmware is successfully updated under the condition that the signature of the updated first application program firmware passes the verification of the updated second signature. For example, as shown in fig. 7, the determining unit 702 may be configured to perform S604.
Under the condition that the functions of the integrated modules are realized in a hardware mode, the embodiment of the invention provides a possible structural schematic diagram of the vehicle-mounted terminal. The vehicle-mounted terminal is used for executing the starting verification method executed by the starting verification device in the embodiment. As shown in fig. 9, the in-vehicle terminal 80 includes a processor 801, a memory 802, and a bus 803. The processor 801 and the memory 802 may be connected by a bus 803.
The processor 801 is a control center of the communication apparatus, and may be a single processor or a collective term for a plurality of processing elements. For example, the processor 801 may be a Central Processing Unit (CPU), other general-purpose processors, or the like. Wherein a general purpose processor may be a microprocessor or any conventional processor or the like.
For one embodiment, processor 801 may include one or more CPUs, such as CPU 0 and CPU 1 shown in FIG. 9.
The memory 802 may be, but is not limited to, a read-only memory (ROM) or other type of static storage device that may store static information and instructions, a Random Access Memory (RAM) or other type of dynamic storage device that may store information and instructions, an electrically erasable programmable read-only memory (EEPROM), a magnetic disk storage medium or other magnetic storage device, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer.
As a possible implementation, the memory 802 may exist separately from the processor 801, and the memory 802 may be connected to the processor 801 via the bus 803 for storing instructions or program code. The processor 801, when calling and executing instructions or program codes stored in the memory 802, can implement the boot verification method provided by the embodiments of the present invention.
In another possible implementation, the memory 802 may also be integrated with the processor 801.
The bus 803 may be an Industry Standard Architecture (ISA) bus, a Peripheral Component Interconnect (PCI) bus, an Extended ISA (EISA) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 9, but this does not indicate only one bus or one type of bus.
Note that the configuration shown in fig. 9 does not constitute a limitation on the in-vehicle terminal 80. In addition to the components shown in fig. 9, the in-vehicle terminal 80 may include more or fewer components than shown in fig. 9, or combine some of the components, or a different arrangement of components.
As an example, in conjunction with fig. 8, the functions implemented by the acquisition unit 701, the determination unit 702, the processing unit 703, and the update unit 704 in the start check device 70 are the same as those of the processor 801 in fig. 9.
Optionally, as shown in fig. 9, the vehicle-mounted device provided in the embodiment of the present invention may further include a communication interface 804.
A communication interface 804 for connecting with other devices through a communication network. The communication network may be an ethernet network, a radio access network, a Wireless Local Area Network (WLAN), etc. The communication interface 804 may include a receiving unit for receiving data and a transmitting unit for transmitting data.
In one design, in the vehicle-mounted terminal provided by the embodiment of the invention, the communication interface may be further integrated in the processor.
Fig. 10 shows another hardware configuration of the in-vehicle terminal in the embodiment of the present invention. As shown in fig. 10, the in-vehicle terminal 90 may include a processor 901 and a communication interface 902. Processor 901 is coupled to a communication interface 902.
The functions of the processor 901 may refer to the description of the processor 801 described above. The processor 901 also has a memory function, and the function of the memory 802 described above can be referred to.
The communication interface 902 is used to provide data to the processor 901. The communication interface 902 may be an internal interface of the communication device, or may be an external interface (corresponding to the communication interface 804) of the communication device.
It is to be noted that the configuration shown in fig. 10 does not constitute a limitation of the in-vehicle terminal, and the in-vehicle terminal 90 may include more or less components than those shown in fig. 10, or may combine some components, or a different arrangement of components, in addition to the components shown in fig. 10.
Through the above description of the embodiments, it is clear for a person skilled in the art that, for convenience and simplicity of description, only the division of the above functional units is illustrated. In practical applications, the above function allocation can be performed by different functional units according to needs, that is, the internal structure of the device is divided into different functional units to perform all or part of the above described functions. For the specific working processes of the system, the apparatus and the unit described above, reference may be made to the corresponding processes in the foregoing method embodiments, and details are not described here again.
The embodiment of the present invention further provides a computer-readable storage medium, where instructions are stored in the computer-readable storage medium, and when the instructions are executed by a computer, the computer executes each step in the method flow shown in the above method embodiment.
Embodiments of the present invention provide a computer program product comprising instructions which, when run on a computer, cause the computer to perform the method of boot verification in the above-described method embodiments.
The computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination thereof. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, and a hard disk. Random Access Memory (RAM), Read-Only Memory (ROM), Erasable Programmable Read-Only Memory (EPROM), registers, a hard disk, an optical fiber, a portable Compact disk Read-Only Memory (CD-ROM), an optical storage device, a magnetic storage device, or any other form of computer-readable storage medium, in any suitable combination, or as appropriate in the art. An exemplary storage medium is coupled to the processor such the processor can read information from, and write information to, the storage medium. Of course, the storage medium may also be integral to the processor. The processor and the storage medium may reside in an Application Specific Integrated Circuit (ASIC). In embodiments of the invention, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
Since the apparatus, the device readable storage medium, and the computer program product in the embodiments of the present invention may be applied to the method described above, for technical effects that can be obtained by the apparatus, the apparatus readable storage medium, and the computer program product, reference may also be made to the method embodiments described above, and details of the embodiments of the present invention are not repeated herein.
The above description is only an embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions within the technical scope of the present invention are intended to be covered by the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (12)
1. A start-up verification method is applied to a Micro Control Unit (MCU), and is characterized by comprising the following steps:
acquiring first application program firmware in a wireless power transmitter integrated circuit (WPT);
determining a first signature of the first application firmware if the first application firmware passes verification of a second application firmware; the second application program firmware is stored in the MCU in advance;
starting the WPT under the condition that the signature parameters including the first signature meet a preset condition; the preset conditions include: the first signature passes verification of a second signature; the second signature is pre-stored in the MCU.
2. The boot-verification method of claim 1, wherein obtaining the first application firmware in the wireless power transmitter integrated circuit (WPT) comprises:
and under the condition that the communication baud rate between the MCU and the WPT passes the verification, acquiring the first application program firmware from the WPT.
3. The boot verification method of claim 1, wherein in a case that the WPT includes a built-in loaded firmware, the signature parameter further includes a first loaded firmware signature, and the preset condition further includes: the first loaded firmware signature passes verification of a second loaded firmware signature; the first loading firmware signature is the signature of the built-in loading firmware, and the second loading firmware signature is the signature of the loading firmware pre-stored in the MCU.
4. The boot verification method of claim 1, further comprising:
responding to the received request updating message, and acquiring an updating packet of the first application program firmware; the request updating message is used for requesting to update the first application program firmware;
updating the second application firmware based on the update package of the first application firmware, and updating the second signature based on the updated second application firmware.
5. The boot verification method of claim 4, further comprising:
after the first application firmware is updated, acquiring the updated first application firmware from the WPT, and determining a signature of the updated first application firmware;
determining that the first application firmware update is successful if the updated signature of the first application firmware passes verification of the updated second signature.
6. A starting calibration device is arranged in a Micro Control Unit (MCU), and is characterized by comprising an acquisition unit, a determination unit and a processing unit;
the acquisition unit is used for acquiring first application program firmware in the wireless power transmitter integrated circuit WPT;
the determining unit is used for determining a first signature of the first application program firmware under the condition that the first application program firmware passes the verification of a second application program firmware; the second application program firmware is stored in the MCU in advance;
the processing unit is used for starting the WPT under the condition that a signature parameter comprising the first signature meets a preset condition; the preset conditions include: the first signature passes verification of a second signature; the second signature is pre-stored in the MCU.
7. The start verification device according to claim 6, wherein the obtaining unit is specifically configured to:
and under the condition that the communication baud rate between the MCU and the WPT passes the verification, acquiring the first application program firmware from the WPT.
8. The boot verification apparatus according to claim 6, wherein in a case where the WPT includes a built-in loaded firmware, the signature parameter further includes a first loaded firmware signature, and the preset condition further includes: the first loaded firmware signature passes verification of a second loaded firmware signature; the first loading firmware signature is the signature of the built-in loading firmware, and the second loading firmware signature is the signature of the loading firmware pre-stored in the MCU.
9. The start-up verification apparatus according to claim 6, wherein the start-up verification apparatus further comprises an updating unit;
the obtaining unit is further used for responding to the received request updating message and obtaining an updating package of the first application program firmware; the request updating message is used for requesting to update the first application program firmware;
the updating unit is configured to update the second application program firmware based on the update package of the first application program firmware acquired by the acquiring unit;
the updating unit is further configured to update the second signature based on the updated second application firmware.
10. The boot verification apparatus according to claim 9, wherein the obtaining unit is further configured to obtain the updated first application firmware from the WPT after the first application firmware is updated;
the determining unit is further configured to determine a signature of the updated first application firmware;
the determining unit is further configured to determine that the first application firmware is successfully updated when the updated signature of the first application firmware passes the verification of the updated second signature.
11. A vehicle-mounted terminal is characterized by comprising a memory and a processor;
the memory and the processor are coupled;
the memory for storing computer program code, the computer program code comprising computer instructions;
when the processor executes the computer instructions, the vehicle-mounted terminal executes the start check method according to any one of claims 1 to 5.
12. A computer-readable storage medium having instructions stored therein, which when run on a vehicle-mounted terminal, cause the vehicle-mounted terminal to perform the start-up verification method of any one of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111282674.1A CN114090115B (en) | 2021-11-01 | 2021-11-01 | Startup verification method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111282674.1A CN114090115B (en) | 2021-11-01 | 2021-11-01 | Startup verification method, device, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114090115A true CN114090115A (en) | 2022-02-25 |
| CN114090115B CN114090115B (en) | 2023-10-03 |
Family
ID=80298435
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111282674.1A Active CN114090115B (en) | 2021-11-01 | 2021-11-01 | Startup verification method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114090115B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106257862A (en) * | 2015-06-19 | 2016-12-28 | 中兴新能源汽车有限责任公司 | Wireless charging device certification and the method and device of charging server certification |
| CN106329585A (en) * | 2015-06-19 | 2017-01-11 | 中兴新能源汽车有限责任公司 | Wireless charging authentication method and device |
| CN106464036A (en) * | 2014-06-24 | 2017-02-22 | 三星电子株式会社 | Method for transmitting signal by wireless power transmitter in wireless charging system, wireless power transmitter and wireless power receiver |
| CN106585393A (en) * | 2015-10-20 | 2017-04-26 | 现代自动车株式会社 | Security method and apparatus for electric vehicle power transfer system |
| CN110014903A (en) * | 2017-07-24 | 2019-07-16 | 现代自动车株式会社 | Wireless communications method and equipment for the wireless power transmission to electric vehicle |
| KR20200106826A (en) * | 2019-03-05 | 2020-09-15 | 현대자동차주식회사 | Apparatus and method for controlling wireless power transfer for electric car |
-
2021
- 2021-11-01 CN CN202111282674.1A patent/CN114090115B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106464036A (en) * | 2014-06-24 | 2017-02-22 | 三星电子株式会社 | Method for transmitting signal by wireless power transmitter in wireless charging system, wireless power transmitter and wireless power receiver |
| CN106257862A (en) * | 2015-06-19 | 2016-12-28 | 中兴新能源汽车有限责任公司 | Wireless charging device certification and the method and device of charging server certification |
| CN106329585A (en) * | 2015-06-19 | 2017-01-11 | 中兴新能源汽车有限责任公司 | Wireless charging authentication method and device |
| CN106585393A (en) * | 2015-10-20 | 2017-04-26 | 现代自动车株式会社 | Security method and apparatus for electric vehicle power transfer system |
| CN110014903A (en) * | 2017-07-24 | 2019-07-16 | 现代自动车株式会社 | Wireless communications method and equipment for the wireless power transmission to electric vehicle |
| KR20200106826A (en) * | 2019-03-05 | 2020-09-15 | 현대자동차주식회사 | Apparatus and method for controlling wireless power transfer for electric car |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114090115B (en) | 2023-10-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11146401B2 (en) | Software authentication before software update | |
| CN109815683B (en) | Authority verification method and related device | |
| JP6696942B2 (en) | Vehicle security system and vehicle security method | |
| KR20140146718A (en) | System for electric control unit upgrade with security functions and method thereof | |
| CN110009776B (en) | Identity authentication method and device | |
| US10284653B2 (en) | Method and apparatus for utilizing NFC to establish a secure connection | |
| US9183370B2 (en) | System for authenticating a user to a portable electronic device using an authentication token transmitted to a smart card reader | |
| CN104348616A (en) | Method for visiting terminal security component, device thereof and system thereof | |
| CN107766717B (en) | Access control method, device and system | |
| CN113442870B (en) | Method and device for deactivating vehicle-mounted unit, storage medium and terminal | |
| KR20200088877A (en) | Charging method for electric vehicles | |
| KR20160058375A (en) | A Protected Communication with an Embedded Secure Element | |
| CN105979519A (en) | Method and device for controlling network access through charging state | |
| CN114090115B (en) | Startup verification method, device, equipment and storage medium | |
| CN108648297A (en) | Equipment detection method and device, storage medium, electronic equipment | |
| CN109960536B (en) | Electronic equipment safety starting method and device and electronic equipment | |
| CN112514323A (en) | Electronic device for processing digital key and operation method thereof | |
| US11068880B2 (en) | Control of applications in a mobile terminal | |
| CN110912704B (en) | Certificate loading method and related product | |
| CN113810403A (en) | Charging pile vulnerability detection method and detection device based on communication protocol | |
| CN114124401B (en) | Data authentication method, device, equipment and storage medium | |
| US20130014268A1 (en) | Storage device and storage method | |
| WO2021120678A1 (en) | Software management method, apparatus and system | |
| CN113442846B (en) | Automobile skylight, vehicle-mounted equipment and method for controlling skylight bus interface multiplexing | |
| BR102022016804A2 (en) | INFORMATION PROCESSING DEVICE, VEHICLE EQUIPPED WITH INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING METHOD AND RECORDING MEDIA RECORDED WITH PROGRAM |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |