CN114090115B - Startup verification method, device, equipment and storage medium - Google Patents
Startup verification method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN114090115B CN114090115B CN202111282674.1A CN202111282674A CN114090115B CN 114090115 B CN114090115 B CN 114090115B CN 202111282674 A CN202111282674 A CN 202111282674A CN 114090115 B CN114090115 B CN 114090115B
- Authority
- CN
- China
- Prior art keywords
- firmware
- signature
- wpt
- application program
- mcu
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44505—Configuring for program initiating, e.g. using registry, configuration files
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/61—Installation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
- G06F8/71—Version control; Configuration management
Abstract
The invention discloses a starting verification method, a device, equipment and a storage medium, which relate to the field of communication and are used for ensuring network security of WPT in the starting process on the premise of not adding an additional chip, and comprise the following steps: the MCU acquires a first application program firmware in the WPT, and determines a first signature of the first application program firmware under the condition that the first application program firmware passes the verification of a second application program firmware; the second application program firmware is stored in the MCU in advance; starting the WPT under the condition that the signature parameters comprising the first signature meet the preset conditions; the preset conditions comprise: the first signature passes the verification of the second signature; the second signature is pre-stored in the MCU.
Description
Technical Field
The present invention relates to the field of communications, and in particular, to a method, apparatus, device, and storage medium for start verification.
Background
With the development of automobiles and smart phones, more and more mobile phones supporting wireless charging technology are provided, and automobile manufacturers are also provided with vehicle-mounted wireless charging devices on vehicles. The wireless charging device comprises a wireless power transmitter integrated circuit (wireless power transmitter IC, WPT), and in order to ensure network security of the WPT in the starting process, a chip is usually arranged in the wireless charging device, and the WPT is started safely through the chip by adopting a symmetric encryption algorithm.
However, in the above-mentioned safe starting method, an additional dedicated chip needs to be provided in the wireless charging device, resulting in poor versatility and high cost.
Disclosure of Invention
The embodiment of the invention provides a starting verification method, a starting verification device, starting verification equipment and a storage medium, which are used for ensuring network security of WPT in the starting process on the premise of not adding an additional chip.
In order to achieve the above purpose, the embodiment of the invention adopts the following technical scheme:
in a first aspect, a method of start-up verification is provided for a micro control unit (microcontroller unit, MCU) comprising: the MCU acquires a first application program firmware in the WPT, and determines a first signature of the first application program firmware under the condition that the first application program firmware passes the verification of a second application program firmware; the second application program firmware is stored in the MCU in advance; starting the WPT under the condition that the signature parameters comprising the first signature meet the preset conditions; the preset conditions comprise: the first signature passes the verification of the second signature; the second signature is pre-stored in the MCU.
In the method for verifying the forehead start, on the premise of not adding an additional encryption chip, the MCU stores the same WPT firmware as the inside of the WPT, the MCU acquires the first application program firmware in the WPT, and after acquiring the first application program firmware, the MCU verifies the first application program firmware through the second application program firmware stored inside. And under the condition that the first application program firmware passes the verification, the MCU calculates the first application program firmware through an asymmetric encryption algorithm and generates a first signature of the first application program firmware. The MCU verifies the first signature through a second signature stored in the MCU in advance, and the WPT is started under the condition that the first signature passes the verification. In the starting verification method provided by the invention, the WPT is not required to be additionally provided with the encryption chip, so that the starting verification method is more economical. And the MCU is used for calculation and verification, the WPT is not required to carry out related calculation, the starting time of the WPT is saved, and meanwhile, whether the MCU and the WPT are tampered with or not can be determined, so that the method is safer and more general.
In one possible design, the MCU obtains a first application firmware in the wireless power transmitter integrated circuit WPT, including: and under the condition that the communication baud rate between the MCU and the WPT passes the verification, the MCU acquires the first application program firmware from the WPT.
In one possible design, where the WPT includes built-in loaded firmware, the signature parameters further include a first loaded firmware signature, and the preset conditions further include: the first loaded firmware signature passes the verification of the second loaded firmware signature; the first loading firmware signature is the signature of the built-in loading firmware, and the second loading firmware signature is the signature of the loading firmware pre-stored in the MCU.
In one possible design, in response to receiving a request update message, the MCU obtains an update package for the first application firmware; the request update message is for requesting an update of the first application firmware. The MCU updates the second application firmware based on the update package of the first application firmware, and updates the second signature based on the updated second application firmware.
In one possible design, after the first application firmware update, the MCU obtains the updated first application firmware from the WPT and determines the signature of the updated first application firmware. And under the condition that the signature of the updated first application program firmware passes the verification of the updated second signature, the MCU determines that the first application program firmware is successfully updated.
In a second aspect, a start-up verification device is provided, where the start-up verification device is deployed on an MCU and includes an acquisition unit, a determination unit, and a processing unit. The acquisition unit is used for acquiring a first application firmware in the wireless power transmitter integrated circuit WPT. The determining unit is used for determining a first signature of the first application program firmware under the condition that the first application program firmware passes the verification of the second application program firmware; the second application firmware is pre-stored in the MCU. The processing unit is used for starting the WPT under the condition that the signature parameters comprising the first signature meet the preset conditions; the preset conditions comprise: the first signature passes the verification of the second signature; the second signature is pre-stored in the MCU.
In one possible design, the obtaining unit is specifically configured to obtain the first application firmware from the WPT when the communication baud rate between the MCU and the WPT passes the verification.
In one possible design, where the WPT includes built-in loaded firmware, the signature parameters further include a first loaded firmware signature, and the preset conditions further include: the first loaded firmware signature passes the verification of the second loaded firmware signature; the first loading firmware signature is the signature of the built-in loading firmware, and the second loading firmware signature is the signature of the loading firmware pre-stored in the MCU.
In a possible design, the start-up verification device further comprises an updating unit. The acquisition unit is also used for responding to the received request update message and acquiring an update package of the first application program firmware; the request update message is for requesting an update of the first application firmware. The updating unit is used for updating the second application program firmware based on the updating package of the first application program firmware acquired by the acquiring unit. And the updating unit is also used for updating the second signature based on the updated second application program firmware.
In a possible design, the obtaining unit is further configured to obtain, after the first application firmware is updated, the updated first application firmware from the WPT. The determining unit is further configured to determine a signature of the updated first application firmware. The determining unit is further configured to determine that the update of the first application firmware is successful if the signature of the updated first application firmware passes the verification of the updated second signature.
In a third aspect, there is provided a vehicle-mounted terminal including a memory and a processor; the memory is coupled to the processor for storing computer program code comprising computer instructions which, when executed by the processor, perform a boot verification method as provided in the first aspect or any one of its possible implementations.
In a fourth aspect, a computer readable storage medium is provided, in which instructions are stored which, when run on a vehicle terminal, cause the vehicle terminal to perform a boot verification method as provided in the first aspect or any one of its possible implementations.
Drawings
Fig. 1 is a schematic structural diagram of a vehicle-mounted control system according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a vehicle-mounted control system according to a second embodiment of the present invention;
FIG. 3 is a schematic diagram of a method for performing start-up verification according to an embodiment of the present invention;
FIG. 4 is a second flowchart of a method for performing start-up verification according to an embodiment of the present invention;
FIG. 5 is a flowchart illustrating a third method for performing start-up verification according to an embodiment of the present invention;
FIG. 6 is a flowchart illustrating a method for performing start-up verification according to an embodiment of the present invention;
FIG. 7 is a flowchart fifth embodiment of a method for performing start-up verification;
FIG. 8 is a schematic diagram of a start-up verification device according to an embodiment of the present invention;
fig. 9 is a schematic structural diagram of a vehicle-mounted terminal according to an embodiment of the present invention;
fig. 10 is a schematic structural diagram of a vehicle-mounted terminal according to the second embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be described below with reference to the accompanying drawings in the embodiments of the present invention.
In embodiments of the invention, words such as "exemplary" or "such as" are used to mean serving as an example, instance, or illustration. Any embodiment or design described herein as "exemplary" or "e.g." in an embodiment should not be taken as preferred or advantageous over other embodiments or designs. Rather, the use of words such as "exemplary" or "such as" is intended to present related concepts in a concrete fashion.
In the description of the present invention, "/" means "or" unless otherwise indicated, for example, A/B may mean A or B. "and/or" herein is merely an association relationship describing an association object, and means that three relationships may exist, for example, a and/or B may mean: a exists alone, A and B exist together, and B exists alone. Further, "at least one", "a plurality" means two or more. The terms "first," "second," and the like do not limit the number and order of execution, and the terms "first," "second," and the like do not necessarily differ.
In the prior art, a chip is generally arranged in a wireless charging device, and a symmetric encryption algorithm is adopted to safely start the WPT through the chip. However, in the above-mentioned safe starting method, an additional dedicated chip needs to be provided in the wireless charging device, resulting in poor versatility and high cost.
In order to solve the above problems, the present invention provides a startup verification method, apparatus, device, and storage medium, where a micro control unit (microcontroller unit, MCU) stores the same WPT firmware (wireless power transmitter firmware) as the WPT inside without adding an additional encryption chip, the MCU obtains a first application firmware in the WPT, and after obtaining the first application firmware, the MCU verifies the first application firmware by means of an internally stored second application firmware. And under the condition that the first application program firmware passes the verification, the MCU calculates the first application program firmware through an asymmetric encryption algorithm and generates a first signature of the first application program firmware. The MCU verifies the first signature through a second signature stored in the MCU in advance, and the WPT is started under the condition that the first signature passes the verification. In the starting verification method provided by the invention, the WPT is not required to be additionally provided with the encryption chip, so that the starting verification method is more economical. And the MCU is used for calculation and verification, the WPT is not required to carry out related calculation, the starting time of the WPT is saved, and meanwhile, whether the MCU and the WPT are tampered with or not can be determined, so that the method is safer and more general.
The starting verification method provided by the embodiment of the invention can be suitable for a vehicle-mounted control system. Fig. 1 shows a schematic structural diagram of the in-vehicle control system. As shown in fig. 1, the in-vehicle control system 10 is used to ensure safe start-up of the WPT. The in-vehicle control system 10 includes an MCU11 and a WPT12. The MCU11 is connected with the WPT12. The MCU11 and the WPT12 can be connected through a serial peripheral interface (serial peripheral interface, SPI) and an I2C bus (inter-integrated circuit, I2C).
The MCU11 may be located in a vehicle terminal, and a user may control other elements and devices on the vehicle by controlling the MCU.
The WPT12 may be located in a wireless charging device for wirelessly charging a device supporting wireless charging.
Fig. 2 shows a schematic structural diagram of the vehicle-mounted control system, and as shown in fig. 2, WPT firmware in WPT22 is stored in advance in APP firmware of MCU 21. The WPT firmware comprises loading firmware, application program firmware and application program firmware signature. The loading firmware is used for guiding the starting of the application program firmware, and the application program firmware is used for enabling the WPT to realize the running action according to the standard drive.
In practical application, the starting verification method provided by the embodiment of the invention can be applied to the MCU, the vehicle-mounted terminal, a starting verification device in the vehicle-mounted terminal or other similar equipment. The following describes a startup verification method provided by the embodiment of the present invention by taking an example that the startup verification method is applied to an MCU with reference to the accompanying drawings.
As shown in FIG. 3, the start-up verification method provided by the embodiment of the invention comprises the following steps S301-S305.
S301, the MCU acquires a first application program firmware in the WPT.
The first application program firmware is application program firmware stored in the WPT.
As a possible implementation manner, after receiving the indication of the WPT started by the user, the MCU obtains, through an interface between the MCU and the WPT, first application firmware stored in the WPT.
It should be noted that, the interface between the MCU and the WPT may be an I2C interface or an SPI interface, which is not limited in the present invention.
S302, the MCU judges whether the first application program firmware passes the verification of the second application program firmware.
The second application program firmware is stored in the MCU in advance.
As a possible implementation manner, the MCU obtains the second application firmware stored inside the MCU, and after the MCU obtains the first application firmware, the first application firmware is checked by the second application firmware.
In order to make the MCU store the second application firmware in advance, the MCU may acquire the application firmware stored in the WPT from the WPT when the WPT is first installed or registered. Further, the MCU stores the acquired application program firmware as second application program firmware in the MCU.
It will be appreciated that the MCU determines whether the first application firmware has been tampered with by an attack by comparing whether the first application firmware and the second application firmware are identical. If the first application program firmware is inconsistent with the second application program firmware, determining that the first application program firmware is not checked by the second application program firmware, namely determining that the first application program firmware is tampered with by attack; if the first application program firmware is consistent with the second application program firmware, determining that the first application program firmware passes through verification of the second application program firmware, namely determining that the first application program firmware is not tampered with.
S303, under the condition that the first application program firmware passes the verification of the second application program firmware, the MCU determines a first signature of the first application program firmware;
wherein the first signature is used to verify and identify the first application firmware.
As one possible implementation, in case the MCU determines that the first application firmware passes the verification of the second application firmware, the MCU calculates the first application firmware through an asymmetric encryption algorithm to generate the first signature.
The first signature may be 256 bytes of data, for example.
In some embodiments, if the MCU determines that the first application firmware fails verification of the second application firmware, the MCU stops starting the WPT by controlling the wpt_power_en.
Wherein wpt_power_en is used to control the Power on state of WPT.
In this step, reference may be made to the prior art for how the signature is generated using an asymmetric encryption algorithm calculation, which is not limited by the present invention.
S304, the MCU judges whether the first signature passes the verification of the second signature.
Wherein the second signature is pre-stored in the MCU. The second signature is used to verify, identify the second application firmware.
As one possible implementation, the MCU obtains a second signature stored inside the MCU, and after the MCU generates the first signature, determines whether the first signature is consistent with the second signature.
It should be noted that, in order to enable the MCU to store the second signature in advance, the MCU may be generated by calculating through an asymmetric encryption algorithm after the WPT is first installed or registered. Further, the MCU stores the generated second signature in the MCU.
It will be appreciated that the MCU has determined whether the first signature has been tampered with by an attack by comparing whether the first signature and the second signature are identical. If the first signature is inconsistent with the second signature, determining that the first signature fails to pass the second signature verification, namely determining that the first application program firmware is tampered with by attack; and if the first signature is consistent with the second signature, determining that the first signature passes the verification of the second signature, namely determining that the first application program firmware is not tampered with by attack.
S305, the MCU starts the WPT under the condition that the signature parameters comprising the first signature meet the preset conditions.
The preset conditions comprise: the first signature passes the verification of the second signature.
As a possible implementation manner, in the case that the first signature passes the verification of the second signature, the MCU determines that the signature parameter including the first signature meets a preset condition, and then starts the WPT.
It should be noted that the MCU may start WPT by controlling wpt_power_en.
In some embodiments, if the signature parameter does not meet the preset condition, the MCU stops starting the WPT by controlling the wpt_power_en.
In one design, in order to determine whether the WPT can be started safely, as shown in fig. 4, the method for starting up and checking provided in the embodiment of the present invention further includes the following steps S306-S307.
S306, the MCU acquires the communication baud rate between the MCU and the WPT.
It should be noted that, the interface between the MCU and the WPT may be an SPI, or may be an I2C serial bus.
How the communication baud rate is obtained in this step may be referred to in the art, as the invention is not limited in this regard.
S307, the MCU judges whether the communication baud rate between the MCU and the WPT passes the verification.
As a possible implementation manner, after determining the communication baud rate between the MCU and the WPT, the MCU determines whether the interface between the MCU and the WPT is tampered with by comparing the determined communication baud rate with a preset communication baud rate. If the communication baud rate between the MCU and the WPT is different from the preset communication baud rate, determining that the communication baud rate between the MCU and the WPT does not pass the verification, namely determining that an interface between the MCU and the WPT is tampered with; if the actual communication baud rate is the same as the preset communication baud rate, determining that the communication baud rate between the MCU and the WPT passes the verification, namely determining that an interface between the MCU and the WPT is not tampered by attack.
Under the above circumstances, S301 provided by the embodiment of the present invention specifically includes the following S3011:
s3011, under the condition that the communication baud rate between the MCU and the WPT passes the verification, the MCU acquires the first application program firmware from the WPT.
As a possible implementation manner, after determining that the communication baud rate between the MCU and the WPT is the same as the preset communication baud rate, the MCU obtains the first application firmware from the WPT through the checked interface, so as to ensure that the data of the first application firmware cannot be tampered or lost in the transmission process.
In another case, if the communication baud rates between the MCU and the WPT are different, the MCU stops starting the WPT by controlling the wpt_power_en.
In some embodiments, the WPT may boot or load the first application firmware through its built-in load firmware, thus, to enable the WPT to boot securely, it is also necessary to ensure that the WPT built-in load firmware is not tampered with by an attack. Thus, in one design, where the WPT includes built-in loaded firmware, the signature parameters further include a first loaded firmware signature, and the preset conditions further include: the first loaded firmware signature passes the verification of the second loaded firmware signature; the first loading firmware signature is the signature of the built-in loading firmware, and the second loading firmware signature is the signature of the loading firmware pre-stored in the MCU. In order to realize the secure start of the WPT, as shown in fig. 5, the start verification method provided by the embodiment of the present invention further includes S401-S404.
S401, the MCU acquires built-in loading firmware in the WPT.
It should be noted that, the method for the MCU to obtain the built-in loading firmware in the WPT may refer to the method for the MCU to obtain the first application firmware in step S301, which is not described herein.
S402, the MCU determines a first loading firmware signature.
Wherein the first loaded firmware signature is a signature of the built-in loaded firmware.
It should be noted that, the method for determining the signature of the first loading firmware by the MCU may refer to the method for determining the first signature of the first application firmware by the MCU in step S303, which is not described herein.
S403, the MCU judges whether the first loading firmware signature passes the verification of the second loading firmware signature.
The second loading firmware signature is stored in the MCU in advance. The second loaded firmware signature is used to verify, identify the first loaded firmware.
It should be noted that, in order to enable the MCU to store the second loading firmware signature in advance, the MCU may be generated by calculating through an asymmetric encryption algorithm after the WPT is first installed or registered. Further, the MCU stores the generated second loaded firmware signature in the MCU.
The method for the MCU to specifically determine whether the first loaded firmware signature passes the verification of the second loaded firmware signature may refer to the method for the MCU to determine whether the first signature passes the verification of the second signature in step S304, which is not described herein.
S404, the MCU starts the WPT under the condition that signature parameters including the first signature and the first loading firmware signature meet preset conditions.
As one possible implementation, in the case that the first signature passes the verification of the second signature and the first loaded firmware signature passes the verification of the second loaded firmware signature, the MCU determines that the signature parameters including the first signature and the first loaded firmware signature satisfy the preset condition, and starts the WPT.
In some embodiments, if the signature parameter does not meet the preset condition, the MCU stops starting the WPT by controlling the wpt_power_en.
It should be noted that, during the starting process of the WPT, the built-in loading firmware is started first, and the first application program is not working, so it is determined whether the first signature passes the verification of the second signature. The WPT then re-launches the first application, at which point the built-in loaded firmware has stopped working, and the MCU determines if the first loaded firmware signature passes the verification of the second loaded firmware signature. The built-in loading firmware and the first application program firmware in the WPT are ensured to be checked, and the safety of the built-in loading firmware and the first application program firmware in the WPT is ensured.
In some embodiments, the WPT may be started from the plug-in loading firmware, and when the WPT is started by the plug-in loading firmware, the WPT built-in loading firmware does not need to work, so that the MCU does not need to verify the built-in loading firmware in the WPT, and the WPT can be ensured to be started safely.
In one design, when the first application firmware in the WPT needs to be updated, as shown in fig. 6, the boot verification method provided in the embodiment of the present invention further includes S501-S505.
S501, the MCU responds to the received request update message to acquire an update package of the first application program firmware.
The request update message is used for requesting to update the first application program firmware.
As a possible implementation manner, the MCU receives the request update message and obtains the update package of the first application firmware from the vehicle-mounted terminal.
In some embodiments, in the case that the update package of the first application firmware is included in the request update message, the MCU may directly obtain the update package of the first application firmware from the request update message.
In other embodiments, the user may import the update package of the first application firmware into the MCU through a storage device such as a usb disk, so that the MCU obtains the update package of the first application firmware
It should be noted that, when the first application firmware has update content, the request update message may be obtained from the controller area network (controller area network, CAN).
S502, the MCU updates the second application program firmware based on the update package of the first application program firmware.
As a possible implementation manner, the MCU obtains updated application firmware based on the update package of the first application firmware, and after deleting the second application firmware stored in advance in the MCU, stores the updated application firmware, and determines the updated application firmware as the updated second application firmware.
It should be noted that, in particular, how to obtain the updated application program from the update package may refer to the prior art, which is not limited by the present invention.
S503, the MCU updates the second signature based on the updated second application program firmware.
The method for generating the second signature by the MCU may refer to the method for generating the first signature by the MCU according to the first application firmware in step S303, which is not described herein.
S504, the MCU checks the updated second signature.
As a possible implementation manner, the MCU generates a 256-byte third signature through an asymmetric encryption algorithm calculation based on the updated second application firmware. And after the MCU generates the third signature, the MCU verifies the updated second signature through the third signature.
It should be noted that, the second signature is calculated and generated according to the first application firmware in the update package, the third signature is calculated and generated according to the second application firmware after installation, if the two signatures fail to verify the signature, the data is lost in the installation process of the second application firmware, or the data is lost due to overheat of equipment and the like after installation, so that the MCU determines that the second application firmware fails to update if the two signatures fail to verify the signature, and the second application firmware is successfully updated if the signature fails to verify the signature.
It will be appreciated that the MCU determines whether the second application firmware was successfully updated by comparing whether the updated second signature and third signature are the same. If the updated second signature is different from the third signature, determining that the updated second signature fails to pass the verification, namely determining that the second application program firmware has a problem after being installed, and failing to update; if the updated second signature is the same as the third signature, determining that the updated second signature passes the verification, namely determining that the second application program firmware is successfully updated.
S505, under the condition that the second application program firmware is updated successfully, the MCU updates the first application program firmware in the WPT.
As a possible implementation manner, in the case that the second application firmware is updated successfully, the MCU sends the updated second application firmware to the WPT through the interface SPI, and updates the first application firmware in the WPT. For the updating process of the first application firmware, reference may be made to the updating process of the second application firmware in step S402, which is not described herein.
In one design, in order to determine whether the first application firmware is updated successfully, as shown in fig. 7, the method for boot verification provided in the embodiment of the present invention further includes S601-S604.
S601, after the first application program firmware is updated, the MCU acquires the updated first application program firmware from the WPT.
It should be noted that, the method for the MCU to obtain the updated first application firmware from the WPT may refer to the method for obtaining the first application firmware in the WPT in step S301, which is not described herein.
S602, the MCU determines the signature of the updated first application program firmware.
It should be noted that, the method for determining the signature of the updated first application firmware by the MCU may refer to the method for determining the first signature in step S303, which is not described herein.
S603, the MCU determines whether the signature of the updated first application program firmware passes the verification of the updated second signature.
It should be noted that, the method for determining whether the signature of the updated first application firmware passes the verification of the updated second signature by the MCU may refer to the method for determining whether the first signature passes the verification of the second signature in step S204, which is not described herein.
S604, under the condition that the signature of the updated first application program firmware passes the verification of the updated second signature, the MCU determines that the first application program firmware is successfully updated.
As a possible implementation manner, in the case that the MCU determines that the signature of the updated first application firmware passes the verification of the updated second signature, it indicates that the updated first application firmware is successfully installed in the WPT, and the MCU determines that the update is successful.
In one design, the MCU repeatedly performs S501-S504 described above in the event that the signature of the updated first application firmware fails the verification of the updated second signature.
In one design, in order to ensure the communication safety between the MCU and the WPT, the MCU encrypts the data to be written into the WPT, and prevents interception and tampering during channel transmission. For data read from WPT, MCU checks through CRC-16 to ensure data integrity. Meanwhile, the MCU can also determine whether the WPT is attacked by detecting the period of reading data from the WPT. Specifically, when the period of reading data changes, the MCU determines that WPT is attacked. In this case, the MCU stops reading WPT data to secure communication between the MCU and WPT.
The invention provides a startup verification method, a device, equipment and a storage medium, wherein on the premise of not adding an additional encryption chip, WPT firmware which is the same as the inside of the WPT is stored in an MCU, the MCU acquires first application program firmware in the WPT, and after the first application program firmware is acquired, the MCU verifies the first application program firmware through second application program firmware stored in the MCU. And under the condition that the first application program firmware passes the verification, the MCU calculates the first application program firmware through an asymmetric encryption algorithm and generates a first signature of the first application program firmware. The MCU verifies the first signature through a second signature stored in the MCU in advance, and the WPT is started under the condition that the first signature passes the verification. In the starting verification method provided by the invention, the WPT is not required to be additionally provided with the encryption chip, so that the starting verification method is more economical. And the MCU is used for calculation and verification, the WPT is not required to carry out related calculation, the starting time of the WPT is saved, and meanwhile, whether the MCU and the WPT are tampered with or not can be determined, so that the method is safer and more general.
Subsequently, when the application program firmware in the WPT needs to be updated, the start verification method provided by the invention can ensure the safe update of the application program firmware and avoid the data loss of the updated application program firmware in the installation process, thereby causing the system fault.
The foregoing description of the solution provided by the embodiments of the present invention has been mainly presented in terms of a method. To achieve the above functions, it includes corresponding hardware structures and/or software modules that perform the respective functions. Those of skill in the art will readily appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as hardware or combinations of hardware and computer software. Whether a function is implemented as hardware or computer software driven hardware depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The embodiment of the invention can divide the functional modules of the user equipment according to the method example, for example, each functional module can be divided corresponding to each function, and two or more functions can be integrated in one processing module. The integrated modules may be implemented in hardware or in software functional modules. Optionally, the division of the modules in the embodiment of the present invention is schematic, which is merely a logic function division, and other division manners may be implemented in practice.
Fig. 8 is a schematic structural diagram of a start-up verification device according to an embodiment of the present invention. As shown in fig. 8, the start-up verification device 70 may be disposed in the vehicle terminal and configured to perform the start-up verification method. As shown in fig. 8, the start-up verification apparatus 70 includes an acquisition unit 701, a determination unit 702, and a processing unit 703.
An acquiring unit 701 is configured to acquire a first application firmware in the wireless power transmitter integrated circuit WPT. For example, as shown in fig. 3, the acquisition unit 701 may be used to perform S301.
A determining unit 702, configured to determine a first signature of the first application firmware if the first application firmware passes the verification of the second application firmware. The second application firmware is pre-stored in the MCU. For example, as shown in fig. 3, the determination unit 702 may be used to perform S303.
A processing unit 703, configured to start the WPT if the signature parameter including the first signature satisfies a preset condition. The preset conditions comprise: the first signature passes the verification of the second signature; the second signature is pre-stored in the MCU. For example, as shown in fig. 3, the processing unit 703 may be used to perform S305.
Optionally, as shown in fig. 8, in the boot verification device 70 provided in the embodiment of the present invention, the obtaining unit 701 is specifically configured to obtain the first application firmware from the WPT when the communication baud rate between the MCU and the WPT passes the verification. For example, as shown in fig. 4, the acquisition unit 701 may be used to perform S3011.
Optionally, as shown in fig. 8, the start checking device 70 provided in the embodiment of the present invention further includes an updating unit 704.
The obtaining unit 701 is further configured to obtain an update package of the first application firmware in response to the received request update message. The request update message is for requesting an update of the first application firmware. For example, as shown in fig. 6, the acquisition unit 701 may be used to perform S501.
And an updating unit 704, configured to update the second application firmware based on the update package of the first application firmware acquired by the acquiring unit. For example, as shown in fig. 6, the updating unit 704 may be used to perform S502.
The updating unit 704 is further configured to update the second signature based on the updated second application firmware. For example, as shown in fig. 6, the updating unit 704 may be used to perform S503.
Optionally, as shown in fig. 8, in the boot verification apparatus 70 provided in the embodiment of the present invention, the obtaining unit 701 is further configured to obtain, after the first application firmware is updated, the updated first application firmware from the WPT. For example, as shown in fig. 7, the acquisition unit 701 may be used to perform S601.
And the determining unit is also used for determining the signature of the updated first application program firmware. For example, as shown in fig. 7, the determination unit 702 may be used to perform S602.
And the determining unit is also used for determining that the first application program firmware is successfully updated under the condition that the signature of the updated first application program firmware passes the verification of the updated second signature. For example, as shown in fig. 7, the determination unit 702 may be used to perform S604.
In the case of implementing the functions of the integrated modules in the form of hardware, the embodiment of the invention provides a possible structural schematic diagram of the vehicle-mounted terminal. The vehicle-mounted terminal is used for executing the start verification method executed by the start verification device in the embodiment. As shown in fig. 9, the in-vehicle terminal 80 includes a processor 801, a memory 802, and a bus 803. The processor 801 and the memory 802 may be connected by a bus 803.
The processor 801 is a control center of the communication device, and may be one processor or a plurality of processing elements. For example, the processor 801 may be a general-purpose central processing unit (central processing unit, CPU), or may be another general-purpose processor. Wherein the general purpose processor may be a microprocessor or any conventional processor or the like.
As one example, processor 801 may include one or more CPUs, such as CPU 0 and CPU 1 shown in fig. 9.
Memory 802 may be, but is not limited to, a read-only memory (ROM) or other type of static storage device that can store static information and instructions, a random access memory (random access memory, RAM) or other type of dynamic storage device that can store information and instructions, or an electrically erasable programmable read-only memory (EEPROM), magnetic disk storage or other magnetic storage device, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer.
As a possible implementation, the memory 802 may exist separately from the processor 801, and the memory 802 may be connected to the processor 801 through the bus 803 for storing instructions or program code. The processor 801, when calling and executing instructions or program code stored in the memory 802, is capable of implementing the boot verification method provided by the embodiments of the present invention.
In another possible implementation, the memory 802 may also be integrated with the processor 801.
Bus 803 may be an industry standard architecture (Industry Standard Architecture, ISA) bus, a peripheral component interconnect (Peripheral Component Interconnect, PCI) bus, or an extended industry standard architecture (Extended Industry Standard Architecture, EISA) bus, among others. The bus may be classified as an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in fig. 9, but not only one bus or one type of bus.
Note that the structure shown in fig. 9 does not constitute a limitation of the in-vehicle terminal 80. In addition to the components shown in fig. 9, the in-vehicle terminal 80 may include more or less components than those shown in fig. 9, or certain components may be combined, or a different arrangement of components may be provided.
As an example, in connection with fig. 8, the acquisition unit 701, the determination unit 702, the processing unit 703, and the update unit 704 in the boot verification apparatus 70 realize the same functions as those of the processor 801 in fig. 9.
Optionally, as shown in fig. 9, the vehicle device provided in the embodiment of the present invention may further include a communication interface 804.
A communication interface 804 for connecting with other devices via a communication network. The communication network may be an ethernet, a radio access network, a wireless local area network (wireless local area networks, WLAN), etc. The communication interface 804 may include a receiving unit for receiving data and a transmitting unit for transmitting data.
In one design, in the vehicle-mounted terminal provided by the embodiment of the invention, the communication interface may also be integrated in the processor.
Fig. 10 shows another hardware structure of the in-vehicle terminal in the embodiment of the present invention. As shown in fig. 10, the in-vehicle terminal 90 may include a processor 901 and a communication interface 902. The processor 901 is coupled to a communication interface 902.
The function of the processor 901 may be as described above with reference to the processor 801. The processor 901 also has a memory function, and the function of the memory 802 can be referred to.
The communication interface 902 is used to provide data to the processor 901. The communication interface 902 may be an internal interface of the communication device or an external interface of the communication device (corresponding to the communication interface 804).
It is to be noted that the structure shown in fig. 10 does not constitute a limitation of the in-vehicle terminal, and the in-vehicle terminal 90 may include more or less components than those shown in fig. 10, or may combine some components, or may be arranged differently.
From the above description of embodiments, it will be apparent to those skilled in the art that the foregoing functional unit divisions are merely illustrative for convenience and brevity of description. In practical applications, the above-mentioned function allocation may be performed by different functional units, i.e. the internal structure of the device is divided into different functional units, as needed, to perform all or part of the functions described above. The specific working processes of the above-described systems, devices and units may refer to the corresponding processes in the foregoing method embodiments, which are not described herein.
The embodiment of the invention also provides a computer readable storage medium, wherein the computer readable storage medium stores instructions, when the computer executes the instructions, the computer executes each step in the method flow shown in the method embodiment.
Embodiments of the present invention provide a computer program product comprising instructions which, when executed on a computer, cause the computer to perform the start-up verification method of the above method embodiments.
The computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the computer-readable storage medium would include the following: electrical connections having one or more wires, portable computer diskette, hard disk. Random access Memory (Random Access Memory, RAM), read-Only Memory (ROM), erasable programmable Read-Only Memory (Erasable Programmable Read Only Memory, EPROM), registers, hard disk, optical fiber, portable compact disc Read-Only Memory (CD-ROM), an optical storage device, a magnetic storage device, or any other form of computer-readable storage medium suitable for use by a person or persons of skill in the art. An exemplary storage medium is coupled to the processor such the processor can read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor. The processor and the storage medium may reside in an application specific integrated circuit (Application Specific Integrated Circuit, ASIC). In embodiments of the present invention, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
Since the apparatus, the device computer readable storage medium, and the computer program product in the embodiments of the present invention can be applied to the above-mentioned method, the technical effects that can be obtained by the apparatus, the device computer readable storage medium, and the computer program product can also refer to the above-mentioned method embodiments, and the embodiments of the present invention are not described herein again.
The foregoing is merely illustrative of specific embodiments of the present invention, and the scope of the present invention is not limited thereto, but any changes or substitutions within the technical scope of the present invention should be covered by the scope of the present invention. Therefore, the protection scope of the present invention should be subject to the protection scope of the claims.
Claims (8)
1. A boot verification method, characterized by being applied to a micro control unit MCU, the MCU storing WPT firmware identical to WPT firmware internal to a wireless power transmitter integrated circuit WPT, the WPT firmware including a load firmware, an application firmware, and an application firmware signature, the method comprising:
acquiring a first application program firmware in the WPT;
determining a first signature of the first application firmware under the condition that the first application firmware passes the verification of the second application firmware; the second application program firmware is stored in the MCU in advance;
Starting the WPT under the condition that a signature parameter comprising the first signature meets a preset condition; the preset conditions include: the first signature passes the verification of the second signature; the second signature is prestored in the MCU; in the case that the WPT includes built-in loaded firmware, the signature parameter further includes a first loaded firmware signature, and the preset condition further includes: the first loading firmware signature passes the verification of the second loading firmware signature; the first loading firmware signature is the signature of the built-in loading firmware, and the second loading firmware signature is the signature of the loading firmware pre-stored in the MCU;
responding to the received request update message, and acquiring an update package of the first application program firmware; the request update message is used for requesting to update the first application program firmware;
and updating the second application program firmware based on the update package of the first application program firmware, and updating the second signature based on the updated second application program firmware.
2. The boot verification method of claim 1, wherein the acquiring the first application firmware in the wireless power transmitter integrated circuit WPT comprises:
And under the condition that the communication baud rate between the MCU and the WPT passes the verification, acquiring the first application program firmware from the WPT.
3. The start-up verification method of claim 1, wherein the method further comprises:
after the first application program firmware is updated, acquiring the updated first application program firmware from the WPT, and determining a signature of the updated first application program firmware;
and under the condition that the updated signature of the first application program firmware passes the verification of the updated second signature, determining that the first application program firmware is updated successfully.
4. The starting verification device is characterized by being deployed in a micro control unit MCU, wherein the MCU stores WPT firmware which is the same as the WPT firmware in a wireless power transmitter integrated circuit, the WPT firmware comprises loading firmware, application program firmware and application program firmware signature, and the starting verification device comprises an acquisition unit, a determination unit, a processing unit and an updating unit;
the acquisition unit is used for acquiring the first application program firmware in the WPT;
the determining unit is used for determining a first signature of the first application program firmware under the condition that the first application program firmware passes the verification of the second application program firmware; the second application program firmware is stored in the MCU in advance;
The processing unit is used for starting the WPT under the condition that the signature parameters comprising the first signature meet preset conditions; the preset conditions include: the first signature passes the verification of the second signature; the second signature is prestored in the MCU; in the case that the WPT includes built-in loaded firmware, the signature parameter further includes a first loaded firmware signature, and the preset condition further includes: the first loading firmware signature passes the verification of the second loading firmware signature; the first loading firmware signature is the signature of the built-in loading firmware, and the second loading firmware signature is the signature of the loading firmware pre-stored in the MCU;
the acquiring unit is further configured to acquire an update package of the first application firmware in response to the received request update message; the request update message is used for requesting to update the first application program firmware;
the updating unit is used for updating the second application program firmware based on the updating packet of the first application program firmware acquired by the acquiring unit;
the updating unit is further configured to update the second signature based on the updated second application firmware.
5. The start-up verification device according to claim 4, wherein the obtaining unit is specifically configured to:
and under the condition that the communication baud rate between the MCU and the WPT passes the verification, acquiring the first application program firmware from the WPT.
6. The boot verification apparatus according to claim 4, wherein the obtaining unit is further configured to obtain, after the first application firmware is updated, the updated first application firmware from the WPT;
the determining unit is further configured to determine a signature of the updated first application firmware;
the determining unit is further configured to determine that the update of the first application firmware is successful if the updated signature of the first application firmware passes the verification of the updated second signature.
7. A vehicle-mounted terminal, characterized in that the vehicle-mounted terminal comprises a memory and a processor;
the memory is coupled to the processor;
the memory is used for storing computer program codes, and the computer program codes comprise computer instructions;
when the processor executes the computer instructions, the in-vehicle terminal executes the start-up verification method according to any one of claims 1-3.
8. A computer readable storage medium having instructions stored therein, which when run on a vehicle-mounted terminal, cause the vehicle-mounted terminal to perform the boot verification method of any one of claims 1-3.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111282674.1A CN114090115B (en) | 2021-11-01 | 2021-11-01 | Startup verification method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111282674.1A CN114090115B (en) | 2021-11-01 | 2021-11-01 | Startup verification method, device, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114090115A CN114090115A (en) | 2022-02-25 |
| CN114090115B true CN114090115B (en) | 2023-10-03 |
Family
ID=80298435
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111282674.1A Active CN114090115B (en) | 2021-11-01 | 2021-11-01 | Startup verification method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114090115B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106257862A (en) * | 2015-06-19 | 2016-12-28 | 中兴新能源汽车有限责任公司 | Wireless charging device certification and the method and device of charging server certification |
| CN106329585A (en) * | 2015-06-19 | 2017-01-11 | 中兴新能源汽车有限责任公司 | Wireless charging authentication method and device |
| CN106464036A (en) * | 2014-06-24 | 2017-02-22 | 三星电子株式会社 | Method for transmitting signal by wireless power transmitter in wireless charging system, wireless power transmitter and wireless power receiver |
| CN106585393A (en) * | 2015-10-20 | 2017-04-26 | 现代自动车株式会社 | Security method and apparatus for electric vehicle power transfer system |
| CN110014903A (en) * | 2017-07-24 | 2019-07-16 | 现代自动车株式会社 | Wireless communications method and equipment for the wireless power transmission to electric vehicle |
| KR20200106826A (en) * | 2019-03-05 | 2020-09-15 | 현대자동차주식회사 | Apparatus and method for controlling wireless power transfer for electric car |
-
2021
- 2021-11-01 CN CN202111282674.1A patent/CN114090115B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106464036A (en) * | 2014-06-24 | 2017-02-22 | 三星电子株式会社 | Method for transmitting signal by wireless power transmitter in wireless charging system, wireless power transmitter and wireless power receiver |
| CN106257862A (en) * | 2015-06-19 | 2016-12-28 | 中兴新能源汽车有限责任公司 | Wireless charging device certification and the method and device of charging server certification |
| CN106329585A (en) * | 2015-06-19 | 2017-01-11 | 中兴新能源汽车有限责任公司 | Wireless charging authentication method and device |
| CN106585393A (en) * | 2015-10-20 | 2017-04-26 | 现代自动车株式会社 | Security method and apparatus for electric vehicle power transfer system |
| CN110014903A (en) * | 2017-07-24 | 2019-07-16 | 现代自动车株式会社 | Wireless communications method and equipment for the wireless power transmission to electric vehicle |
| KR20200106826A (en) * | 2019-03-05 | 2020-09-15 | 현대자동차주식회사 | Apparatus and method for controlling wireless power transfer for electric car |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114090115A (en) | 2022-02-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11146401B2 (en) | Software authentication before software update | |
| CN109815683B (en) | Authority verification method and related device | |
| CN111033503A (en) | Vehicle security system and vehicle security method | |
| CN110009776B (en) | Identity authentication method and device | |
| CN112039896B (en) | Data processing method, equipment, server and storage medium | |
| US10284653B2 (en) | Method and apparatus for utilizing NFC to establish a secure connection | |
| CN110780909A (en) | Distributed embedded system upgrading method and device | |
| US20140150104A1 (en) | Electronic assembly comprising a disabling module | |
| CN112711761B (en) | Controller safety protection method, main chip of controller and controller | |
| CN113002478A (en) | Vehicle anti-theft method, system and electronic equipment | |
| CN114329496A (en) | Trusted starting method of operating system and electronic equipment | |
| CN104348616A (en) | Method for visiting terminal security component, device thereof and system thereof | |
| CN114861158A (en) | Security authentication method, device, system, electronic equipment and storage medium | |
| CN114090115B (en) | Startup verification method, device, equipment and storage medium | |
| CN105979519A (en) | Method and device for controlling network access through charging state | |
| CN112422595A (en) | Vehicle-mounted system safety protection method and device | |
| CN108648297A (en) | Equipment detection method and device, storage medium, electronic equipment | |
| CN106599619A (en) | Verification method and device | |
| US11068880B2 (en) | Control of applications in a mobile terminal | |
| CN112203270B (en) | Terminal control method, device, electronic equipment and storage medium | |
| CN104281811A (en) | Terminal self-destruction method, system and device | |
| CN114124401B (en) | Data authentication method, device, equipment and storage medium | |
| CN110912704B (en) | Certificate loading method and related product | |
| CN109714466B (en) | Dynamic password authentication processing method and device and mobile terminal thereof | |
| CN113442846B (en) | Automobile skylight, vehicle-mounted equipment and method for controlling skylight bus interface multiplexing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |