CN114138344B

CN114138344B - System verification method and terminal

Info

Publication number: CN114138344B
Application number: CN202010924084.3A
Authority: CN
Inventors: 孙哲; 黄虎
Original assignee: Hisense Mobile Communications Technology Co Ltd
Current assignee: Hisense Mobile Communications Technology Co Ltd
Priority date: 2020-09-04
Filing date: 2020-09-04
Publication date: 2024-06-04
Anticipated expiration: 2040-09-04
Also published as: CN114138344A

Abstract

The invention discloses a system verification method and a terminal, which are used for verifying a portable system in an external memory card and starting the verified portable system. The method comprises the following steps: the method comprises the steps that a terminal monitors insertion of an external memory card comprising a portable system, a user restarts a local system after selecting to start the portable system, and each partition of the external memory card is read in a kernel starting stage of restarting the local system, wherein the external memory card comprises a system partition, a data partition, a first check partition and a second check partition; the terminal performs first verification on the partition information of the external memory card according to the partition table information stored in the first verification partition; after the first verification is confirmed to pass, the terminal carries out second verification on the system partition of the external memory card according to the system verification file stored in the second verification partition, and if the second verification is passed, the portable system is started.

Description

System verification method and terminal

Technical Field

The present invention relates to the field of multisystem technologies, and in particular, to a system verification method and a terminal.

Background

With the development of multimedia technology, the storage space inside the terminal cannot meet the practical application requirements, and the expansion of the storage space can be performed through an external storage card. Most of the current external memory cards store file information, such as video files, picture files, txt files, etc., and the terminal can solve the problem of limited storage space of the terminal by storing some relatively large files on the T card and accessing the files on the T card. In the prior art, verification of a portable system on an externally connected memory card cannot be realized.

Disclosure of Invention

The invention provides a system verification method and a terminal, which are used for verifying a portable system in external storage equipment and starting the verified portable system.

In a first aspect, the present invention provides a method for system verification, the method comprising:

The method comprises the steps that a terminal monitors insertion of an external memory card comprising a portable system, a user restarts a local system after selecting to start the portable system, and each partition of the external memory card is read in a kernel starting stage of restarting the local system, wherein the external memory card comprises a system partition, a data partition, a first check partition and a second check partition;

The terminal performs first verification on the partition information of the external memory card according to the partition table information stored in the first verification partition;

After the first verification is confirmed to pass, the terminal carries out second verification on the system partition of the external memory card according to the system verification file stored in the second verification partition, and if the second verification is passed, the portable system is started.

The portable system verification method provided by the invention is mainly aimed at verifying the portable system of the external memory card of the terminal, and the portable system which passes the verification is started, so that the terminal can use the portable system of the external memory card.

In addition, the invention can solve the problem that the portable system is still started after the original partition in the external memory card is destroyed by checking the partition information, for example, the portable system is not started after the user self-adjusts the size of the partition and fails to check.

In one possible implementation manner, the terminal performs a second check on the system partition of the external memory card according to the system check file stored in the second check partition, including:

The terminal creates a temporary directory in a suspension procedure stage of restarting the local system, and mounts the second check partition on the temporary directory, and reads a system check file stored in the second check partition;

And the terminal determines a check value of the data in the system partition according to a preset check algorithm, compares whether the check code stored in the system check file is consistent with the check value, and determines that the second check is passed if the check code is consistent with the check value.

The embodiment of the invention provides a method for checking a system partition in an external memory card, because a file system exists in a second check partition, reading data of the second check partition can be executed after the second check partition is mounted, therefore, in the stage of a mounting process of starting a local system, a temporary directory is created, the second check partition is mounted on the temporary directory, and a system check file stored in the second check partition is read, so that the integrity of the system partition is checked, and because all data in the system partition is checked in the embodiment, even if a small part of the data in the system partition is modified, the starting of a portable system can be checked and interrupted, thereby effectively preventing the portable system from being started after being maliciously tampered, and improving the safety of the portable system.

In one possible implementation, if the second check passes, then starting the portable system, including:

The terminal operates a portable system in a system partition to execute an android starting stage of starting the portable system after replacing the system partition downloaded by the local directory with the system partition of an external memory card in a loading program stage of restarting the local system;

And the terminal interrupts the flow of mounting the data partition of the local system in the android starting stage of the portable system, uses the equipment identifier of the external memory card to mount the data partition, and continues to start the portable system.

The embodiment of the invention also provides a method for starting the portable system, which can enable the portable system to be checked after the portable system is started after receiving the user instruction, and can start the portable system after the portable system is checked to pass, so that the terminal can use the portable system on the external memory card. In addition, the system partition in the invention does not contain data related to the drive or hardware, so the portable system of the external memory card in the invention has universality.

In one possible implementation, the method further includes:

and the terminal checks the version number of the portable system in the system partition according to the original system version number in the first check partition in the android starting stage of starting the portable system.

The invention also provides a method for continuously checking the portable system in the process of starting the portable system, which can prevent the portable system of an unofficial version from running in the terminal according to the mode of checking the version number of the portable system.

In one possible implementation manner, the verifying, by the terminal, the version number of the portable system in the system partition according to the original system version number in the first verification partition includes:

If the terminal does not acquire the original system version number and/or the portable system version number within the preset time, determining that verification fails; or alternatively, the first and second heat exchangers may be,

And the terminal encrypts the version number of the current running portable system according to the encryption algorithm of the current running portable system to obtain an encryption system version number, and if the original system version number is the same as the encryption system version number, the verification is determined to pass.

The embodiment provides two ways of checking the version number of the portable system, and the portable system is not started when the user burns the portable system with the unofficial version by himself, one way is that the system version number is not carried in the portable system which is burned by herself, and the other way is that the system version number in the portable system which is burned by herself is the unofficial version, so that the encryption way of the original system version number in the first check partition is not known, thereby causing the check failure and ending the starting of the portable system.

In a second aspect, the present invention provides a system verification terminal, the terminal comprising: a processor and a memory, wherein the memory stores program code that, when executed by the processor, causes the terminal to perform the following:

The processor is configured to perform the following:

the method comprises the steps that an external memory card comprising a portable system is monitored to be inserted through an external interface, a user restarts a local system after selecting to start the portable system, all partitions of the external memory card on the external interface are read in a kernel starting stage of restarting the local system, and the external memory card comprises a system partition, a data partition, a first check partition and a second check partition;

performing first verification on each partition information of the external memory card according to the partition table information stored in the first verification partition;

After the first verification is confirmed to pass, a second verification is carried out on the system partition of the external memory card according to the system verification file stored in the second verification partition, and if the second verification is passed, the portable system is started.

As an alternative embodiment, the processor is specifically configured to:

creating a temporary directory in a suspension procedure stage of restarting a local system, and mounting the second check partition on the temporary directory to read a system check file stored in the second check partition;

And determining a check value of the data in the system partition according to a preset check algorithm, comparing whether the check code stored in the system check file is consistent with the check value, and if so, determining that the second check is passed.

As an alternative embodiment, the processor is specifically configured to:

in the loading and running stage of restarting the local system, after replacing a system partition loaded by the local directory with a system partition externally connected with a memory card, running a portable system in the system partition to execute the android starting stage of starting the portable system;

And in the android starting stage of the portable system, interrupting the process of mounting the data partition of the local system, using the equipment identifier of the external memory card to mount the data partition, and continuously starting the portable system.

As an alternative embodiment, the processor is specifically further configured to:

And in the android starting stage of starting the portable system, verifying the version number of the portable system in the system partition according to the original system version number in the first verification partition.

As an alternative embodiment, the processor is specifically configured to:

if the original system version number and/or the portable system version number are not obtained within the preset time, determining that verification fails; or alternatively, the first and second heat exchangers may be,

And encrypting the version number of the current running portable system according to the encryption algorithm of the current running portable system to obtain an encryption system version number, and if the original system version number is the same as the encryption system version number, determining that the verification is passed.

In a third aspect, the present invention provides an apparatus for system verification, the apparatus comprising: the device comprises a reading unit, a first checking unit and a second checking unit, wherein:

the reading unit is used for monitoring the insertion of an external memory card comprising a portable system, restarting the local system after the user selects to start the portable system, and reading each partition of the external memory card in a kernel starting stage of restarting the local system, wherein the external memory card comprises a system partition, a data partition, a first check partition and a second check partition;

The first verification unit is used for carrying out first verification on the partition information of the external memory card according to the partition table information stored in the first verification partition;

The second verification unit is configured to determine that the first verification is passed, perform a second verification on the system partition of the external memory card according to the system verification file stored in the second verification partition, and if the second verification is passed, start the portable system.

As an alternative embodiment, the second checking unit is specifically configured to:

As an alternative embodiment, the apparatus further comprises a third verification unit for:

As an optional implementation manner, the third verification unit is specifically configured to:

In a fourth aspect, the present invention provides a computer storage medium having stored thereon a computer program which when executed by a processing unit performs the steps of the method of the first aspect.

In addition, the technical effects caused by any implementation manner of the second aspect to the fourth aspect may refer to the technical effects caused by different implementation manners of the first aspect, which are not described herein.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the description of the embodiments will be briefly described below, it will be apparent that the drawings in the following description are only some embodiments of the present invention, and that other drawings can be obtained according to these drawings without inventive effort for a person skilled in the art.

FIG. 1A is a schematic diagram of a terminal for inserting an external memory card according to an embodiment of the present invention;

FIG. 1B is a schematic diagram of a terminal for inserting an external memory card according to an embodiment of the present invention;

FIG. 2 is a flowchart of a system verification method according to an embodiment of the present invention;

fig. 3A is a schematic diagram of an external memory card insertion terminal according to an embodiment of the present invention;

fig. 3B is a schematic diagram of an external memory card insertion terminal according to an embodiment of the present invention;

fig. 3C is a schematic diagram of a terminal for triggering a system restart process according to an embodiment of the present invention;

fig. 4 is a flowchart of a specific implementation of verifying a version number of a portable system by a terminal according to an embodiment of the present invention;

FIG. 5 is a flowchart of an implementation of a method for verifying integrity of a portable system according to an embodiment of the present invention;

Fig. 6 is a schematic diagram of a system verification terminal according to an embodiment of the present invention;

FIG. 7 is a schematic diagram of a system verification device according to an embodiment of the present invention;

Fig. 8 is a schematic diagram of a system verification terminal according to an embodiment of the present invention.

Detailed Description

In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in further detail below with reference to the accompanying drawings, and it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.

Some words appearing hereinafter are explained:

1. In the embodiment of the invention, the term "and/or" describes the association relation of the association objects, which means that three relations can exist, for example, a and/or B can be expressed as follows: a exists alone, A and B exist together, and B exists alone. The character "/" generally indicates that the context-dependent object is an "or" relationship.

2. The term terminal in the embodiment of the invention, or called terminal equipment, is equipment at the outermost periphery of a network in a computer network, can be accessed into a wireless local area network WLAN to input user information and output processing results, and comprises a desktop computer, a mobile phone, a notebook computer, a tablet personal computer, a POS machine and a vehicle-mounted computer.

The application scenario described in the embodiment of the present invention is for more clearly describing the technical solution of the embodiment of the present invention, and does not constitute a limitation on the technical solution provided by the embodiment of the present invention, and as a person of ordinary skill in the art can know that the technical solution provided by the embodiment of the present invention is applicable to similar technical problems as the new application scenario appears. In the description of the present invention, unless otherwise indicated, the meaning of "a plurality" is two or more.

Example 1

In the prior art, no portable system is available for the external memory card of the terminal, and the portable system is stored in the external memory card of the terminal in the embodiment of the invention, and the terminal can check the portable system after being powered on and select to start the portable system after the verification is passed. The external memory card in the embodiment of the invention can be, but not limited to, an SD card, a T card, etc., and the portable system in the embodiment of the invention is an operating system and can be, but not limited to, an android system. Wherein the T card, i.e. TF card, is a flash memory card.

Fig. 1A and fig. 1B are schematic diagrams of a terminal for inserting an external memory card according to an embodiment of the present invention, where the external memory card is a T card.

Because the prior art does not have a method for checking the portable system of the inserted external memory card by the terminal, the invention provides a method for checking the portable system of the external memory card, namely, the portable system can be checked whether the portable system meets the requirement or not by the method for checking the portable system by the self-contained local system of the terminal, and the portable system which is not tampered can be started after the terminal passes the checking.

Because the verification process of the portable system in the embodiment of the invention is completed in the execution process of the startup process of the android system, the startup process of the android system is simply introduced first.

The android system is divided into four layers from top to bottom: an application layer, an application program framework layer, a system operation library layer and a linux kernel layer; the Linux kernel provides memory management and process management for the android system, and network protocols and various drivers (such as display drivers, camera drivers, bluetooth drivers and the like); the system operation library layer is used for starting the system operation library comprising a C/C++ library and android runtime; the application framework layer provides various components and services for application layer development; the application layer is mainly written by java programs and contains various resource files, and can interact with users.

The starting process of the whole Android system can be divided into three stages in general, namely: a Boot Loader booting stage of a system Boot Loader; the linux Kernel starts, namely a Kernel starting stage; android system startup is the ramdisk. Img and system. Img startup phase. The Boot Loader can be understood as preparation for starting the operating system, and is used for initializing hardware equipment, establishing a mapping diagram of a memory space, preparing an environment for finally calling a system kernel, and transmitting necessary data to the kernel; the Linux kernel is started mainly to finish the initialization of the Linux kernel and set a system; after the initialization of the Linux kernel is completed, the Android system can be loaded, and an init process is started when the Android system is loaded; the init process is the first process of a user space in the Android system, the process number is 1, and the init process is a key process in the starting of the Android system and is briefly summarized as follows:

(1) Creating and mounting a file directory required for starting the system.

(2) The property service is initialized and started. The property service here, like a registry manager in the Windows operating system, is used to record some information of users, software, etc.

(3) Parse init.rc configuration file and start incubator Zygote process.

Zygote Process Start key services SYSTEM SERVER that are mainly used to create application processes and to create and start systems; SYSTEM SERVER process start-up is mainly used to create system services. The last step in system startup is to launch the Launcher, which launches the application, and display and manage shortcut icons or other desktop components for the application.

In addition, the ROM in the Android system is divided into different areas for placing different programs, and the ROM in the Android system is mainly divided into the following areas:

the. Boot: storing a bootstrap program, including a kernel and a memory operating program;

system: storing an Android system and system applications;

the. Recovery: recovering the partition, and entering the partition to recover the system;

and/data: a user data area containing user data: contacts, short messages, settings, programs installed by users;

the/cache: the android system cache area stores data and application programs which are accessed most often by the system;

the. Misc: including some miscellaneous content such as system settings and system function enable disable settings;

and sdcard: the user's own storage area can store files such as photos, music, videos, etc.

When the boot is powered on, bootloader is loaded first, and reads ROM back to find out the operating system and loads Linux kernel into RAM. When the Linux kernel is started, a driver is loaded, and a root file system is installed, where the installation (mounting) refers to a process that an operating system makes computer files and directories on a storage device (such as a hard disk, a CD-ROM, or a shared resource) available for a user to access through the file system of the computer.

As shown in fig. 2, an embodiment of the present invention provides a system verification method, which can verify a portable system in an external memory card in a process of restarting a terminal system, so that after verification, the terminal can start the portable system, and a specific implementation flow of the method is as follows:

Step 200, the terminal monitors that an external memory card containing a portable system is inserted, a user restarts a local system after selecting to start the portable system, and each partition of the external memory card is read in a kernel starting stage of restarting the local system, wherein the external memory card comprises a system partition, a data partition, a first check partition and a second check partition;

Step 201, the terminal performs a first check on each partition information of the external memory card according to the partition table information stored in the first check partition;

Optionally, the partition information in this embodiment includes, but is not limited to: partition size, start location of partition, partition name, etc. That is, the first check in the present embodiment is used to check whether each partition information is corrupted, for example, whether each partition size is modified.

In implementation, the terminal compares whether the partition information of the external memory card is consistent with the partition information in the partition table information according to the partition table information stored in the first check partition, if so, whether the size of each partition of the external memory card is consistent with the size of each partition in the partition table information, whether the name of each partition of the external memory card is consistent with the name of each partition in the partition table information, whether the starting position of each partition of the external memory card is consistent with the starting position of each partition in the partition table information, and if so, the external memory card is not modified and verified.

For example, the partition table information includes partitions starting from the 0x0000 position and ending at the 0x0300 position, wherein each 92 bits length represents the size of one partition, the first 92 bits represents the size of the system partition, the second 92 bits represents the size of the data partition, the third 92 bits represents the size of the first parity partition, and the fourth 92 bits represent the size of the second parity partition.

As an optional implementation manner, before the terminal receives the system restart procedure triggered after the instruction of starting the portable system, the terminal further includes:

after the terminal is powered on, determining whether to start an interface of the portable system after detecting the insertion of the external memory card containing the portable system according to a monitoring event of the insertion of the external memory card;

and restarting the system after the terminal receives the indication of the user to select to start the portable system.

In implementation, as shown in fig. 3A and fig. 3B, after the terminal is powered on, it is determined that the external memory card is inserted into the terminal, and then an interface for whether to start the portable system is popped up, as shown in fig. 3C, if the user clicks to start the portable system, a system restarting process is triggered, and after the verification of the portable system is completed, the portable system is started. It should be noted that, after the terminal is powered on, the local system starts to be started, a monitoring event is registered in a kernel starting stage started by the local system, so as to monitor whether the external memory card is inserted into the terminal, and after determining that the external memory card is inserted into the terminal according to the monitoring result, an interface of whether to start the portable system is popped up. The monitoring event in the embodiment can solve the problem that the external memory card of the terminal cannot be processed in the starting process of the terminal.

As an optional implementation manner, in this embodiment, the process of performing the first verification on the partition information of the external memory card is completed in a kernel start stage of the system restart process.

Step 202, after the first verification is determined to pass, the terminal performs a second verification on the system partition of the external memory card according to the system verification file stored in the second verification partition, and if the second verification is passed, the portable system is started.

It should be noted that, in this embodiment, the second checking process for the system partition of the external memory card is performed at the suspension procedure stage started by the local system.

Optionally, this embodiment provides a way to perform a second check on the system partition:

Alternatively, the preset verification algorithm in this embodiment may be, but not limited to, hash verification.

The preset verification algorithm used by the terminal in this embodiment may be obtained in a system partition of the external memory card, or may be obtained in a data partition or a first verification partition or a second verification partition of the external memory card, which is not limited in this embodiment. Optionally, the external memory card in this embodiment further includes an additional partition for storing required data or a preset verification algorithm. Specifically, if the preset algorithm is hash verification, the terminal may read a verification value (such as a hash value) in a system verification file in a hanging procedure stage started by the local system, and utilize the verification value (such as the hash value) to verify (such as hash verification) the data in the system partition, and if the verification is passed, the portable system is started.

It should be noted that, in this embodiment, the verification process of the terminal to the portable system is performed during the restart process of the terminal, and the terminal is a system restart process triggered after receiving the instruction to start the portable system. Since the local system checks the data in the system partition by using vbmeta check data in one protection partition during the system restarting process of the terminal, when the check values are consistent, the normal system starting process can be carried out, so that the local system of one terminal can only identify one system, if a plurality of systems are to be identified, a plurality of vbmeta check data are needed to be built in, and a plurality of system partitions are prepared, and the switching between the two systems can be realized.

In order to solve the above problems, in the process of restarting the system, in order to not destroy the verification of the system partition of the local system of the terminal, in the kernel starting stage of the restarting process of the local system, the local system normally executes the verification of the system partition of the local system, and after the verification of the system partition of the local system is successful, the portable system is started to be verified, so that each partition of the external memory card can be read; or in the kernel starting stage of the system restarting process, the local system normally executes the verification of the local system partition, meanwhile, each partition of the external memory card is read, after the local system partition is successfully verified and the first verification is passed, the terminal performs the second verification on the system partition of the external device according to the system verification file stored in the second verification partition, and if the second verification is passed, the portable system is started.

Optionally, after the local system executes the verification of the local system partition successfully in a kernel starting stage of the local system, reading each partition of the external memory card, and performing a first verification on each partition information of the external device according to the partition table information stored in the first verification partition; or alternatively, the first and second heat exchangers may be,

And in a kernel starting stage of starting the local system, the local system executes verification of a local system partition, reads each partition of the external memory card, performs first verification on each partition information of the external device according to partition table information stored in a first verification partition, and starts a portable system if the local system partition is successfully verified and the first verification is passed, the terminal performs second verification on the system partition of the external device according to a system verification file stored in a second verification partition, and if the second verification is passed.

The portable system in the embodiment of the invention is a general system, and comprises the following four partitions:

1) The system partition, store system file, can be understood as storing files such as portable system and system application;

2) Data partitioning, storing user data, such as: contacts, short messages, settings, programs installed by users;

3) A first check partition for storing partition table information; the first check partition has no file system, can not be mounted, and can be directly read by a terminal;

Optionally, the first check partition further includes an original system version number.

4) A second check partition for storing the system check file; the second checking partition has a file system, and the terminal can read the file system after the file system is mounted.

The external memory card in the embodiment of the invention can burn the data or the files of the four partitions into the external memory card through the burning tool, and because the system partition is burnt with the system file, the system file only comprises the portable system and the files applied by the system and does not comprise the content related to the drive or the hardware (can be understood as not comprising the private files of manufacturers), the portable system in the embodiment has universality, and the portable system and the equipment do not have strong related content and do not have high coupling property.

As an optional implementation manner, this embodiment further provides a verification manner, including:

As an optional implementation manner, if the first check fails, interrupting the current local starting process, and restarting the system to return to the local system; or alternatively, the first and second heat exchangers may be,

If the second check fails, interrupting the current local starting process, and restarting the system to return to the local system; or alternatively, the first and second heat exchangers may be,

If the version number of the portable system in the system partition is checked according to the original system version number in the first check partition, and the verification fails, the current local starting process is interrupted, and the system is restarted to return to the local system.

It should be noted that, in the embodiment of the present invention, the portable system may be checked by two different checking modes, and after the two checking modes pass, the portable system may be checked by combining with a third checking mode, where the first checking is performed on the external memory card, that is, checking the information of each partition, so that the portable system may not be started after the size of each partition is adjusted, and it is considered that the portable system is not an official version and is modified by itself; the second check is carried out on the external memory card, namely the system partition is checked, so that the portable system can not be started after the data in the system partition is replaced, and the integrity of the system partition is ensured; the portable system version number of the external memory card is checked, so that the portable system can not be started when the system version number or the system version number is not official, and the user is prevented from starting the portable system when the portable system of the unofficial version is burnt in the external memory card.

It should be noted that, the verification process of the terminal on the version number of the portable system is performed in the android starting stage of starting the portable system.

The embodiment may further start the portable system after the second check passes, and specific embodiments are as follows:

It should be noted that, after the data partition is mounted, the starting process executed is the same as the starting process of the prior art, and because the starting process of the portable system in the embodiment of the invention is based on the starting process of the local system, the portable system in the external memory card can be used by any terminal equipped with the android system, and a plurality of interrupt processes are added in the starting process of the original local system, so that the portable system in the external memory card is started after the external memory card is checked. One interrupt process is used for replacing a system partition mounted under a local directory with a system partition of an external memory card in a mounting process stage of the local system, the other interrupt process is used for interrupting a process of mounting a data partition of the local system, and the device identification mounting data partition of the external memory card is used for carrying out the two interrupt processes, so that the current system started by the local system is a portable system in practice.

The embodiment also provides a mode for starting the portable system, which is used for firstly checking the portable system after the terminal receives the instruction for starting the portable system, and starting the portable system after the check is passed, so that the use of the portable system in the externally connected memory card is realized, the use of a plurality of operating systems by the terminal is realized, and the portable system provided in the embodiment is a universal portable system and can be aimed at various different terminals.

As an optional implementation manner, in an android startup stage of starting the portable system, the version number of the portable system in the system partition is verified according to the original system version number in the first verification partition, where a specific verification manner includes any one of the following:

1) If the terminal does not acquire the original system version number and/or the portable system version number within the preset time, determining that verification fails;

2) And the terminal encrypts the version number of the current running portable system according to the encryption algorithm of the current running portable system to obtain an encryption system version number, and if the original system version number is the same as the encryption system version number, the verification is determined to pass.

In the verification mode, the terminal sends the portable system version number recorded in the system to the driver for verification (the driver is informed in a node writing mode) in the android starting stage of starting the portable system:

one way is that the driver does not acquire the portable system version number within a preset time and/or determines that the verification fails if the original system version number in the first verification partition;

and if the portable system version number is consistent with the original system version number, checking, otherwise, interrupting the current local starting process, and restarting the system to return to the local system.

It should be noted that, in this embodiment, the process of checking the version number of the portable system by the terminal is executed after the device identifier of the external memory card is used to mount the data partition in the android starting stage of the starting portable system; in implementation, the version number of the portable system in this embodiment is an encrypted version number according to a preset algorithm.

As shown in fig. 4, a specific execution flow of the terminal for verifying the version number of the portable system is as follows:

step 400, if the second check passes, the terminal replaces the system partition downloaded by the local directory with the system partition of the external memory card in the hanging program stage of the local system;

For example, the replaced local directory is a mount-t ext4/dev/block/mmcblk p1/system, where mount is a command to execute a mount operation, that is, a mount command is used to replace a system partition, -t ext4 means that the file system of the external memory card is in ext4 format, dev/block/mmcblk p1 is the device name of the external memory card (that is, the device name corresponding to the portable system), and system is a system partition of the external memory card (that is, a system partition to be replaced).

Step 401, the terminal runs the portable system in the system partition to execute an android starting stage of starting the portable system;

it is easy to understand that, since the terminal replaces the system partition downloaded from the local directory with the system partition of the external memory card, the current system partition operated by the local system is actually a portable system in the external memory card.

As an optional implementation manner, after the terminal replaces the system partition downloaded in the local directory with the system partition of the external memory card in the hanging procedure stage of the local system, the method further includes: and the terminal creates a preset link of a preset directory under the system partition directory.

In practice, creating some key links to key directories under a system directory, such as a/product directory, requires pointing to/system/product directories, such as mount-o bind/system/product/product.

Step 402, the terminal interrupts the flow of the mounting data partition of the local system in the android starting stage of the portable system;

step 403, the terminal uses the device identifier of the external memory card to mount the data partition;

After the terminal operates the portable system in the system partition, the current local system is actually started by the portable system in the external memory card, so that the version number of the current operating portable system can be checked in the process of starting the portable system. However, before checking the version number of the portable system, the process of mounting the data partition by the local system needs to be interrupted, because the local system needs to use the configuration file when mounting the data partition, and the configuration file is stored in the vendor partition, because the configuration file in the vendor partition has high coupling with the driver and the hardware, the data in the vendor partition is not replaced in the implementation, and if the process of mounting the data partition by the local system is normally executed, the read configuration file is user data in the data partition of the local system and is not the data partition of the external memory card.

Therefore, the terminal of the embodiment interrupts the flow of mounting the data partition of the local system, and uses the device identifier of the external memory card to mount the data partition, thereby completing the replacement of the data partition, and reading the user data in the data partition of the external memory card.

Step 404, the terminal decrypts the data partition according to the existing mode and after the data partition is decrypted successfully, the portable system notifies the driver in a node writing mode, and the written node content can be that the version number of the portable system running currently is encrypted according to the encryption algorithm of the portable system running currently to obtain the encryption system version number;

Step 405, after receiving the encryption system version number, the driver compares whether the original system version number is consistent with the encryption system version number; if yes, executing step 406, otherwise executing step 407;

step 406, continuing to start the portable system;

step 407, the portable system is started by interruption, and the system is restarted to return to the local system.

As shown in fig. 5, this embodiment also provides a method for complete verification of a portable system, and a specific implementation procedure is as follows:

step 500, starting up and powering up the terminal;

Step 501, according to the monitoring event of inserting the external memory card, determining whether to start the interface of the portable system after inserting the external memory card into the terminal;

step 502, receiving an instruction for starting the portable system, and restarting the system;

step 503, in a kernel starting stage of restarting the local system, reading each partition of an external memory card, wherein the external memory card comprises a system partition, a data partition, a first check partition and a second check partition;

Step 504, performing a first check on each partition information of the external memory card according to the partition table information stored in the first check partition;

step 505, judging whether the first check passes, if so, executing step 506, otherwise, executing step 515;

step 506, creating a temporary directory in a hanging process stage started by the local system, and hanging the second check partition on the temporary directory;

Step 507, reading a system check file stored in the second check partition, wherein the terminal determines a check value of data in the system partition according to a preset check algorithm;

Step 508, comparing whether the check code stored in the system check file is consistent with the check value, if so, executing step 509, otherwise, executing step 515;

Step 509, in the hanging procedure stage of the local system, replacing the system partition which is downloaded and mounted in the local directory with the system partition of the external memory card, and running the portable system in the system partition to execute the android starting stage of starting the portable system;

Step 510, the terminal interrupts the process of mounting the data partition of the local system in the android starting stage of the portable system, and uses the device identifier of the external memory card to mount the data partition;

step 511, performing decryption operation on the data partition in a preset manner;

the preset mode is the same as the encryption and decryption operation of the data partition in the prior art;

step 512, after the decryption is successful, verifying the version number of the portable system in the system partition according to the original system version number in the first verification partition;

Step 513, judging whether the verification is passed, if the verification is passed, executing step 514, otherwise executing step 515;

Optionally, if the terminal does not acquire the original system version number and/or the portable system version number within a preset time, determining that verification fails; or alternatively, the first and second heat exchangers may be,

And the terminal encrypts the version number of the current running portable system according to the encryption algorithm of the current running portable system to obtain an encryption system version number, and if the original system version number is the same as the encryption system version number, the terminal determines that the verification is passed, namely, whether the original system version number is consistent with the encryption system version number is compared.

Step 514, the portable system is continuously started.

Step 515, the portable system is started by interruption, and the system is restarted to return to the local system.

Example two

Based on the same inventive concept, the embodiment of the present invention further provides a terminal for system verification, and since the terminal is the terminal in the method in the embodiment of the present invention and the principle of the terminal for solving the problem is similar to that of the method, the implementation of the terminal can refer to the implementation of the method, and the repetition is omitted.

As shown in fig. 6, the terminal includes: a processor 600 and an external interface 601, wherein the processor 600 is configured to perform the following:

As an alternative embodiment, the processor 600 is specifically configured to:

As an alternative embodiment, the processor 600 is specifically further configured to:

As an alternative embodiment, the processor 600 is specifically configured to:

Example III

Based on the same inventive concept, the embodiment of the present invention further provides a system verification device, and since the device is the device in the method in the embodiment of the present invention, and the principle of the device for solving the problem is similar to that of the method, the implementation of the device may refer to the implementation of the method, and the repetition is omitted.

As shown in fig. 7, the apparatus includes: a reading unit 700, a first checking unit 701 and a second checking unit 702, wherein:

The reading unit 700 is configured to monitor that an external memory card including a portable system is inserted, and after a user selects to start the portable system, restart the local system, and in a kernel start stage of restarting the local system, read each partition of the external memory card, where the external memory card includes a system partition, a data partition, a first check partition, and a second check partition;

The first verification unit 701 is configured to perform a first verification on each partition information of the external memory card according to partition table information stored in a first verification partition;

The second checking unit 702 is configured to perform a second check on the system partition of the external memory card according to the system check file stored in the second check partition after the first check is determined to pass, and if the second check is passed, then start the portable system.

As an alternative embodiment, the second verification unit 702 is specifically configured to:

And encrypting the version number of the current running portable system according to the encryption algorithm of the current running portable system to obtain an encryption system version number, and checking the encryption system version number according to the original system version number.

Example IV

As shown in fig. 8, the terminal 800 includes: radio Frequency (RF) circuitry 810, a power supply 820, a processor 830, a memory 840, an input unit 850, a display unit 860, a camera 870, a communication interface 880, a wireless fidelity (WIRELESS FIDELITY, wi-Fi) module 890, and the like. It will be appreciated by those skilled in the art that the structure of the terminal shown in fig. 8 is not limiting of the terminal, and that the terminal provided by the embodiments of the present application may include more or less components than those illustrated, or may combine some components, or may be arranged in different components.

The following describes the components of the terminal 800 in detail with reference to fig. 8:

The RF circuitry 810 may be used for receiving and transmitting data during a communication or session. In particular, the RF circuit 810 receives downlink data from a base station and then sends the downlink data to the processor 830 for processing; in addition, uplink data to be transmitted is transmitted to the base station. Typically, the RF circuitry 810 includes, but is not limited to, an antenna, at least one amplifier, a transceiver, a coupler, a low noise amplifier (Low Noise Amplifier, LNA), a duplexer, and the like.

In addition, the RF circuitry 810 may also communicate with networks and other terminals via wireless communications. The wireless communication may use any communication standard or protocol including, but not limited to, global system for mobile communications (Global System of Mobile communication, GSM), general Packet Radio Service (GPRS), code division multiple access (Code Division Multiple Access, CDMA), wideband code division multiple access (Wideband Code Division Multiple Access, WCDMA), long term evolution (Long Term Evolution, LTE), email, short message Service (Short MESSAGING SERVICE, SMS), etc.

The Wi-Fi technology belongs to a short-distance wireless transmission technology, and the terminal 800 can be connected with an Access Point (AP) through a Wi-Fi module 890, so as to realize Access to a data network. The Wi-Fi module 890 may be used to receive and transmit data during communication.

The terminal 800 may be physically connected to other terminals through the communication interface 880. Optionally, the communication interface 880 is connected to the communication interfaces of the other terminals through a cable, so as to implement data transmission between the terminal 800 and the other terminals.

Since in the embodiment of the present application, the terminal 800 can implement a communication service and send information to other contacts, the terminal 800 needs to have a data transmission function, that is, the terminal 800 needs to include a communication module. Although fig. 8 shows the RF circuit 810, the Wi-Fi module 890, and the communication interface 880 as communication modules, it is understood that at least one of the above components or other communication modules (e.g., bluetooth modules) for enabling communication exist in the terminal 800 for data transmission.

For example, when the terminal 800 is a mobile phone, the terminal 800 may include the RF circuit 810 and may further include the Wi-Fi module 890; when the terminal 800 is a computer, the terminal 800 may include the communication interface 880 and may further include the Wi-Fi module 890; when the terminal 800 is a tablet computer, the terminal 800 may include the Wi-Fi module.

The memory 840 may be used to store software programs and modules. The processor 830 executes various functional applications and data processing of the terminal 800 by running software programs and modules stored in the memory 840, and when the processor 830 executes the program codes in the memory 840, part or all of the processes in embodiment 1 of the present invention can be implemented.

Alternatively, the memory 840 may mainly include a storage program area and a storage data area. The storage program area can store an operating system, various application programs and the like; the storage data area may store data created according to the use of the terminal, such as use time length information of an application, and the like.

In addition, the memory 840 may include high-speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid-state storage device.

The input unit 850 may be used to receive numeric or character information input by a user and to generate key signal inputs related to user settings and function controls of the terminal 800.

Alternatively, the input unit 850 may include a touch panel 851 and other input terminals 852.

The touch panel 851, also referred to as a touch screen, may collect touch operations on or near the touch panel 851 by a user (such as operations of the user on or near the touch panel 851 using any suitable object or accessory such as a finger, a stylus, etc.), and drive the corresponding connection device according to a preset program. Alternatively, the touch panel 851 may include two parts, a touch detection device and a touch controller. The touch detection device detects the touch azimuth of a user, detects a signal brought by touch operation and transmits the signal to the touch controller; the touch controller receives touch information from the touch detection device and converts it into touch point coordinates, which are then sent to the processor 830, and can receive commands from the processor 830 and execute them. In addition, the touch panel 851 may be implemented in various types such as resistive, capacitive, infrared, and surface acoustic wave.

Alternatively, the other input terminals 852 may include, but are not limited to, one or more of a physical keyboard, function keys (e.g., volume control keys, switch keys, etc.), a trackball, mouse, joystick, etc.

The display unit 860 may be used to display information input by a user or information provided to the user and various menus of the terminal 800. The display unit 860 is a display system of the terminal 800, and is configured to present an interface, so as to implement man-machine interaction.

The display unit 860 may include a display panel 861. Alternatively, the display panel 861 may be configured in the form of a Liquid crystal display (Liquid CRYSTAL DISPLAY, LCD), an Organic Light-Emitting Diode (OLED), or the like.

Further, the touch panel 851 may cover the display panel 861, and after the touch panel 851 detects a touch operation thereon or thereabout, the touch panel is transferred to the processor 830 to determine a type of a touch event, and then the processor 830 provides a corresponding visual output on the display panel 861 according to the type of the touch event.

Although in fig. 8, the touch panel 851 and the display panel 861 are implemented as two separate components to implement the input and output functions of the terminal 800, in some embodiments, the touch panel 851 may be integrated with the display panel 861 to implement the input and output functions of the terminal 800.

The processor 830 is a control center of the terminal 800, connects various components using various interfaces and lines, and performs various functions of the terminal 800 and processes data by running or executing software programs and/or modules stored in the memory 840 and calling data stored in the memory 840, thereby implementing various services based on the terminal.

Optionally, the processor 830 may include one or more processing units. Alternatively, the processor 830 may integrate an application processor that primarily processes operating systems, user interfaces, applications, etc., with a modem processor that primarily processes wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor 830.

The camera 870 is configured to implement a shooting function of the terminal 800, and shoot pictures or videos. The camera 870 may also be used to implement a scanning function of the terminal 800 to scan a scanning object (two-dimensional code/barcode).

The terminal 800 also includes a power source 820 (e.g., a battery) for powering the various components. Optionally, the power supply 820 may be logically connected to the processor 830 through a power management system, so as to implement functions of managing charging, discharging, and power consumption through the power management system.

It should be noted that, in the embodiment of the present invention, the processor 830 may perform the following:

Detecting the insertion of an external memory card containing a portable system, restarting the local system after the user selects to start the portable system, and reading each partition of the external memory card in a kernel starting stage of restarting the local system, wherein the external memory card comprises a system partition, a data partition, a first check partition and a second check partition;

As an alternative embodiment, the processor is specifically configured to:

The embodiment of the present invention also provides a computer-readable non-volatile storage medium including program code for causing a computing terminal to execute the steps of:

It will be appreciated by those skilled in the art that embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, magnetic disk storage, optical storage, and the like) having computer-usable program code embodied therein.

The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

It will be apparent to those skilled in the art that various modifications and variations can be made to the present invention without departing from the spirit or scope of the invention. Thus, it is intended that the present invention also include such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.

Claims

1. A method of system verification, the method comprising:

After the terminal is powered on, determining whether to start an interface of the portable system after detecting the insertion of the external memory card containing the portable system according to a monitoring event of the insertion of the external memory card; restarting the local system after the terminal receives an instruction of starting the portable system by a user, and reading each partition of an external memory card in a kernel starting stage of restarting the local system, wherein the external memory card comprises a system partition, a data partition, a first check partition and a second check partition;

the terminal performs first verification on the partition information of the external memory card according to the partition table information stored in the first verification partition; the first check partition further includes an original system version number;

After the first verification is confirmed to pass, the terminal carries out second verification on the system partition of the external memory card according to the system verification file stored in the second verification partition, and if the second verification is passed, the portable system is started;

After the local system executes the verification of the local system partition successfully, reading each partition of the external memory card, and carrying out first verification on each partition information of the external memory card according to the partition table information stored in the first verification partition; or alternatively, the first and second heat exchangers may be,

In a kernel starting stage of starting a local system, the local system executes verification of a local system partition, reads each partition of an external memory card, performs first verification on each partition information of the external memory card according to partition table information stored in a first verification partition, and starts a portable system if the local system partition is successfully verified and the first verification is passed, the terminal performs second verification on the system partition of the external memory card according to a system verification file stored in a second verification partition, and if the second verification is passed;

the terminal checks the version number of the portable system in the system partition according to the original system version number in the first check partition in the android starting stage of starting the portable system; if the terminal does not acquire the original system version number and/or the portable system version number within the preset time, determining that verification fails; or the terminal encrypts the version number of the current running portable system according to the encryption algorithm of the current running portable system to obtain an encryption system version number, and if the original system version number is the same as the encryption system version number, the verification is determined to pass;

the terminal is in the android starting stage of starting the portable system, the portable system sends the portable system version number recorded in the system to the driver for verification, and the method comprises the following steps:

The driver does not acquire the portable system version number within preset time and/or determines that the verification fails if the original system version number in the first verification partition is not acquired; if the driver acquires the portable system version number and the original system version number in the preset time, comparing the portable system version number with the original system version number, if the portable system version number is consistent with the original system version number, checking the portable system version number, otherwise, interrupting the current local starting process, and restarting the system to return to the local system; the process of verifying the version number of the portable system by the terminal is executed after the device identification mounting data partition of the external memory card is used in the android starting stage of starting the portable system.

2. The method of claim 1, wherein the terminal performs a second check on the system partition of the external memory card according to the system check file stored in the second check partition, including:

3. The method of claim 1, wherein if the second verification passes, then starting the portable system, comprising:

4. A terminal for system verification, the terminal comprising: a processor and an external interface, wherein:

The processor is configured to perform the following:

After the terminal is powered on, determining whether to start an interface of the portable system after detecting the insertion of the external memory card containing the portable system according to a monitoring event of the insertion of the external memory card; restarting the local system after the terminal receives an instruction of starting the portable system by a user, and reading all partitions of an external memory card on an external interface in a kernel starting stage of restarting the local system, wherein the external memory card comprises a system partition, a data partition, a first check partition and a second check partition;

performing first verification on each partition information of the external memory card according to the partition table information stored in the first verification partition; the first check partition further includes an original system version number;

after the first verification is confirmed to pass, a second verification is carried out on the system partition of the external memory card according to the system verification file stored in the second verification partition, and if the second verification is passed, the portable system is started;

the terminal checks the version number of the portable system in the system partition according to the original system version number in the first check partition in the android starting stage of starting the portable system;

The terminal encrypts the version number of the current running portable system according to the encryption algorithm of the current running portable system to obtain an encryption system version number, and if the original system version number is the same as the encryption system version number, the verification is confirmed to pass;

5. The terminal of claim 4, wherein the processor is specifically configured to:

6. The terminal of claim 4, wherein the processor is specifically configured to: