CN114218129A - Flash data access method and related equipment - Google Patents
Flash data access method and related equipment Download PDFInfo
- Publication number
- CN114218129A CN114218129A CN202111541542.6A CN202111541542A CN114218129A CN 114218129 A CN114218129 A CN 114218129A CN 202111541542 A CN202111541542 A CN 202111541542A CN 114218129 A CN114218129 A CN 114218129A
- Authority
- CN
- China
- Prior art keywords
- flash data
- data access
- access request
- flash
- storage area
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/02—Addressing or allocation; Relocation
- G06F12/0223—User address space allocation, e.g. contiguous or non contiguous base addressing
- G06F12/023—Free address space management
- G06F12/0238—Memory management in non-volatile memory, e.g. resistive RAM or ferroelectric memory
- G06F12/0246—Memory management in non-volatile memory, e.g. resistive RAM or ferroelectric memory in block erasable memory, e.g. flash memory
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1416—Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to the field of data processing, in particular to a Flash data access method and related equipment. Wherein, the method comprises the following steps: receiving a Flash data access request, wherein the Flash data access request comprises identity identification information and identification information of Flash data which is requested to be accessed; determining a storage area where the Flash data is located according to the identification information of the Flash data; the storage area of each flash memory is divided into a safe storage area and a non-safe storage area; if the storage area where the Flash data is located is a safe storage area, determining whether the Flash data access request is a legal request or not according to the identity identification information; and if the Flash data access request is a legal request, allowing the Flash data access request to access the Flash data. In the embodiment of the invention, the data security is ensured by dividing the secure storage area and the non-secure storage area and judging the legality of the access request for accessing the data in the secure storage area.
Description
[ technical field ] A method for producing a semiconductor device
The invention relates to the field of data processing, in particular to a Flash data access method and related equipment.
[ background of the invention ]
Flash Memory (Flash Memory) Memory is a common type of non-volatile Memory. The data stored in flash memory is deleted or adapted not in units of individual bytes but in units of fixed blocks, typically 256KB to 20MB in block size. Flash memory is commonly used to store control code, such as the Basic Input Output System (BIOS) in a personal computer. When the input-output system needs to be changed (rewritten), the flash memory can be rewritten in the size of the block, so that the flash memory can be updated more easily. In order to ensure that the control code stored in the Flash memory is not illegally tampered, in the prior art, a Trusted Firmware-M (TFM) technology is often adopted to protect Flash data in the Flash memory from being illegally tampered. Specifically, the TFM guarantees the security of the Flash data by operating in a hardware-isolated secure environment and providing secure services. Data corresponding to the secure world in the system is stored in a designated flash memory, which is hardware-isolated and is used only for storing data of the secure world. Therefore, the TFM technology needs to occupy more Flash resources in the Flash register, and for some chips with very limited Flash resources, the chip size and the chip cost are increased by using the TFM technology.
[ summary of the invention ]
In order to solve the above problem, embodiments of the present invention provide a Flash data access method and related device, which ensure data security in a secure storage area by changing a storage architecture of a Flash memory and an access procedure for data in the secure storage area.
In a first aspect, an embodiment of the present invention provides a Flash data access method, including:
receiving a Flash data access request, wherein the Flash data access request comprises identity identification information and identification information of Flash data which is requested to be accessed;
determining a storage area where the Flash data is located according to the identification information of the Flash data; the storage area of each flash memory is divided into a safe storage area and a non-safe storage area;
if the storage area where the Flash data is located is the safe storage area, determining whether the Flash data access request is a legal request or not according to the identity identification information;
and if the Flash data access request is a legal request, allowing the Flash data access request to access the Flash data.
In the embodiment of the invention, the storage space in each flash memory is divided into the safe storage area and the non-safe storage area, and the request for accessing the data in the safe storage area is judged according to the legality of the request for accessing the data in the safe storage area so as to isolate the stored data in the safe storage area and the non-safe storage area, thereby ensuring the safety of the data in the safe storage area.
In a possible implementation manner, determining a storage area where the Flash data is located according to the identification information of the Flash data includes:
calling a real-time operating system (RTOS) service driver, wherein the RTOS service driver is used for addressing data according to the identification information of the Flash data;
and determining the storage area of the Flash data according to the addressing result of the service driver of the real-time operating system.
In a possible implementation manner, determining whether the Flash data access request is a legal request according to the identification information includes:
determining whether the Flash data access request is an authorized data access request or not according to the identity identification information;
if the Flash data access request is an authorized data access request, determining that the Flash data access request is a legal request;
and if the Flash data access is not an authorized data access request, determining that the Flash data access request is an illegal request.
In a possible implementation manner, allowing the Flash data access request to access the Flash data includes:
if the Flash data access request is a legal request, calling a security drive service, wherein the security drive service is used for accessing the Flash data according to the Flash data access request;
obtaining an access result of the safety drive service to the Flash data;
and replying the Flash data access request according to the access result of the Flash data.
In a possible implementation manner, before determining the storage area where the Flash data is located according to the identification information of the Flash data, the method further includes:
performing identity verification on the Flash data access request according to the identity identification information;
and if the visitor corresponding to the identity identification information is not in the visitor white list, determining that the identity verification of the Flash data access request is not passed, and blocking the Flash data access request.
In a second aspect, an embodiment of the present invention provides a Flash data access device, including:
the communication module is used for receiving a Flash data access request, wherein the Flash data access request comprises identity identification information and identification information of Flash data which is requested to be accessed;
the processing module is used for determining a storage area where the Flash data is located according to the identification information of the Flash data; the storage area of each flash memory is divided into a safe storage area and a non-safe storage area;
the processing module is further configured to determine whether the Flash data access request is a legal request according to the identity identification information if the storage area where the Flash data is located is the secure storage area;
and the processing module is also used for allowing the Flash data access request to access the Flash data if the Flash data access request is a legal request.
In a possible implementation manner, the processing module is specifically configured to:
calling a real-time operating system (RTOS) service driver, wherein the RTOS service driver is used for addressing data according to the identification information of the Flash data;
and determining the storage area of the Flash data according to the addressing result of the service driver of the real-time operating system.
In a possible implementation manner, the processing module is specifically configured to:
determining whether the Flash data access request is an authorized data access request or not according to the identity identification information;
if the Flash data access request is an authorized data access request, determining that the Flash data access request is a legal request;
and if the Flash data access is not an authorized data access request, determining that the Flash data access request is an illegal request.
In a third aspect, an embodiment of the present invention provides an electronic device, including:
at least one processor; and
at least one memory communicatively coupled to the processor, wherein:
the memory stores program instructions executable by the processor, and the processor calls the program instructions to execute the method of the first to second aspects.
In a fourth aspect, an embodiment of the present invention provides a computer-readable storage medium, where the computer-readable storage medium stores computer instructions, and the computer instructions cause the computer to execute the method according to the first aspect to the second aspect.
It should be understood that the second to fourth aspects of the embodiment of the present invention are consistent with the technical solution of the first aspect of the embodiment of the present invention, and the beneficial effects obtained by the aspects and the corresponding possible implementation manners are similar, and are not described again.
[ description of the drawings ]
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a flowchart of a Flash data access method according to an embodiment of the present invention;
fig. 2 is a schematic view of an access flow of a Flash data access method according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a Flash data access device according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
[ detailed description ] embodiments
For better understanding of the technical solutions in the present specification, the following detailed description of the embodiments of the present invention is provided with reference to the accompanying drawings.
It should be understood that the described embodiments are only a few embodiments of the present specification, and not all embodiments. All other embodiments obtained by a person skilled in the art based on the embodiments in the present specification without any inventive step are within the scope of the present invention.
The terminology used in the embodiments of the invention is for the purpose of describing particular embodiments only and is not intended to be limiting of the specification. As used in the examples of the present invention and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
In the embodiment of the invention, the coexistence of the safe world resources and the non-safe world resources is realized by dividing the storage space in the flash memory into the safe storage area and the non-safe storage area, and the data corresponding to the safe world and the non-safe world are isolated, so that the data safety is effectively protected.
Fig. 1 is a flowchart of a Flash data access method provided in an embodiment of the present invention, and as shown in fig. 1, processing steps of the method include:
And 102, determining a storage area where the Flash data is located according to the identification information of the Flash data. The storage area of each flash memory is divided into a secure storage area and a non-secure storage area. And then, performing addressing operation on the Flash data according to the identification information of the Flash data, and determining a storage area where the Flash data is located according to the result of the addressing operation and the division of the internal storage space of the Flash storage area where the Flash data is located. For example, if the identification information of the Flash data is the name of the Flash data, the addressing result obtained after the addressing operation is performed according to the name of the Flash data is 1230 addresses of the Flash memory 01, and the storage area of the Flash memory 01 is 5000, where 0-2500 addresses are secure storage areas, and 2501-5000 addresses are non-secure storage areas, it can be determined that the storage area where the Flash data is located is a secure storage area.
In some embodiments, in order to further ensure the security of the stored data, the identification information of the Flash data may also be implemented in the form of a virtual address of the Flash data, and the virtual address of the Flash data and a physical address where the Flash data is actually stored are associated in a mapping manner. And then, the physical address of the Flash data can be determined according to the virtual address carried in the Flash data access request and through a mapping relation, so that the Flash data can be addressed and the storage area where the Flash data is located can be determined.
In a specific example, the identification information in the Flash data access request can be obtained and the addressing operation can be completed by calling a corresponding service driver. The specific processing steps include calling a Real Time Operating System (RTOS) service driver, where the RTOS service driver is used to address data according to identification information of Flash data, and determining a storage area where the Flash data is located according to an addressing result of the RTOS service driver. The RTOS service driver may perform data transfer between the secure world and the non-secure world.
And 103, if the storage area where the Flash data is located is a safe storage area, determining whether the Flash data access request is a legal request according to the identity identification information. Specifically, whether the Flash data access request is an authorized data access request or not can be determined according to the identity identification information. And if the Flash data access request is an authorized data access request, determining that the Flash data access request is a legal request. And if the Flash data access is not the authorized data access request, determining that the Flash data access request is an illegal request. Wherein, authorized means that the system or the user manually gives corresponding access rights to the software or the process. The software or process may then obtain access to the data in the secure storage area and perform specific data access. Optionally, an authorized list may be established, and after receiving the Flash data access request, the Flash data access request may be determined whether to be a legal request by comparing the identity information carried in the request with the authorized list. Optionally, the identification information of the Flash data access request may include authorized related authentication information, and when the Flash data access request is received, the authentication information may be confirmed, so as to determine whether the Flash data access request is a legal request. In the embodiment of the invention, the storage area in the flash memory is divided into the safe storage area and the non-safe storage area, and only authorized data access requests have authority to access the data in the safe storage area, so that the data safety is effectively protected.
In some embodiments, if the storage area where the Flash data is located is a non-secure storage area, which indicates that the Flash data is not sensitive data that needs to be protected, it is not necessary to perform validity verification on the Flash data access request, so as to improve the data access efficiency.
And 104, if the Flash data access request is a legal request, allowing the Flash data access request to access the Flash data. Specifically, if the Flash data access request is a legal request, a security drive service is called, and the security drive service is used for accessing the Flash data according to the Flash data access request. And then obtaining the access result of the security drive service to the Flash data. And replying the Flash data access request according to the access result of the Flash data. The secure drive service is only responsible for erasing, reading or writing data in the secure storage area.
In a specific example, the Flash data access method provided by the embodiment of the present invention may be applied to Advanced reduced instruction set processor (ARM) series processing devices. The ARM series processor uses a chip-level hardware isolation technology, the execution environment of the processor is divided into a secure world and a non-secure world, and access to important sensitive data such as an operating system kernel can only be executed in the secure world. The same can only be performed in the secure world when the unsecure world wants to access data within the unsecure storage area. When an access request for data in the non-secure storage area is received, the corresponding data can be accessed through a Flash service interface corresponding to the non-secure world. The ARM series processor usually processes a data access request generated by a user operation in a non-secure world (for example, the user performs video browsing or music listening operation on the internet). Wherein the data in the secure storage area is accessible only by data access requests authenticated by the system or data access requests from within the secure world. The specific data access steps are as follows: when the ARM processor main thread (main program) receives the data access request, the RTOS service driver is called. And the RTOS service driver addresses the data accessed by the data access request and returns an addressing result to the main thread of the ARM processor. Thereby enabling the main thread to determine whether the data that the data access request is intended to access is data in the secure storage area. If the data is in the non-secure storage area, the main thread calls a flash driver corresponding to the non-secure storage area to execute specific data access operation, and returns an access result to the data request. If the data that the data access request wants to access is data in the secure storage area, the main thread needs to make a validity judgment on the data access request. Specifically, if the data access request is an access request from the inside of the secure world or an access request of the non-secure world authorized by authentication, the data access request is determined to be a legal request. Fig. 2 is a schematic view illustrating an access flow of a data access request from an unsecure world according to an embodiment of the present invention. As shown in fig. 2, after determining that the data access request wants to access is data in the secure storage area, the main thread of the processor determines whether the data access request is an access request authorized by authentication through the RTOS service driver. After the verification is passed, the main thread jumps from the non-secure world to the internal secure world through the service interface to execute access to the data in the secure storage area. Specifically, the access operation on the data in the Secure storage area is realized by calling a Secure drive service corresponding to the Secure storage area, for example, a Secure interface flash driver (Secure spi flash driver), and using the Secure spi flash driver. The Secure spi flash driver is only controlled by the Secure world and is responsible for performing specific erasing, reading or writing operations on data stored in the Secure storage area. Thereafter, the Secure spi flash driver returns the execution results to the main thread. And the main thread returns the execution result to the data access request, so that the data access is completed.
In some embodiments, the storage space may be further divided into a plurality of storage blocks in the secure storage area, and each storage block is isolated by using a hardware isolation or software isolation method, so as to further increase the security of the Flash data in the secure storage area.
In the embodiment of the invention, a flash driver (Secure spi flash driver) corresponding to the Secure storage area is operated in the Secure world and is only responsible for erasing, reading or writing data in the Secure storage area, so that the flash driver is changed into the Secure driver, and the purpose of Secure protection of flash resources (data stored in the Secure storage area) is achieved.
In some embodiments, the Flash memory further has hardware isolation, and before determining the storage area where the Flash data is located according to the identification information of the Flash data, the Flash memory may perform authentication according to the identification information carried in the Flash data access request. And if the visitor corresponding to the identity identification information is not in the visitor white list any more, determining that the identity verification of the Flash data access request is not passed, and blocking the Flash data access request. If the visitor corresponding to the identity identification information is in the visitor white list, the storage area where the Flash data is located can be determined according to the identification information of the Flash data, and whether the validity of the Flash data access request needs to be judged according to the storage area where the Flash data is located is determined.
Corresponding to the Flash data access method, the embodiment of the invention provides Flash data access equipment. As shown in fig. 3, the apparatus includes: a communication module 301 and a processing module 302.
The communication module 301 is configured to receive a Flash data access request, where the Flash data access request includes identification information and identification information of Flash data requested to be accessed.
And the processing module 302 is configured to determine a storage area where the Flash data is located according to the identification information of the Flash data. The storage area of each flash memory is divided into a secure storage area and a non-secure storage area.
The processing module 302 is further configured to determine whether the Flash data access request is a legal request according to the identity information if the storage area where the Flash data is located is a secure storage area.
The processing module 302 is further configured to allow the Flash data access request to access the Flash data if the Flash data access request is a legal request.
In some embodiments, the processing module 302 is specifically configured to:
and calling RTS service driver of the real-time operating system, wherein the RTS service driver is used for addressing data according to the identification information of the Flash data.
And determining the storage area where the Flash data is located according to the addressing result of the service driver of the real-time operating system.
In some embodiments, the processing module 302 is specifically configured to:
and determining whether the Flash data access request comes from the secure world or not according to the identity identification information.
And determining whether the Flash data access request is an authorized data access request or not according to the identity identification information.
And if the Flash data access request is an authorized data access request, determining that the Flash data access request is a legal request.
And if the Flash data access is not the authorized data access request, determining that the Flash data access request is an illegal request.
The Flash data access device provided in the embodiment shown in fig. 3 may be used to execute the technical solutions of the method embodiments shown in fig. 1 to fig. 2 in this specification, and further reference may be made to the relevant descriptions in the method embodiments for implementing the principles and technical effects.
Fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the present invention, and as shown in fig. 4, the electronic device may include at least one processor and at least one memory communicatively connected to the processor, where: the memory stores program instructions executable by the processor, and the processor calls the program instructions to execute the Flash data access method provided by the embodiments shown in fig. 1 to 2 in the present specification.
As shown in fig. 4, the electronic device is in the form of a general purpose computing device. Components of the electronic device may include, but are not limited to: one or more processors 410, a communication interface 420, and a memory 430, a communication bus 440 that connects the various system components (including the memory 430, the communication interface 420, and the processing unit 410).
Electronic devices typically include a variety of computer system readable media. Such media may be any available media that is accessible by the electronic device and includes both volatile and nonvolatile media, removable and non-removable media.
A program/utility having a set (at least one) of program modules, including but not limited to an operating system, one or more application programs, other program modules, and program data, may be stored in memory 430, each of which examples or some combination may include an implementation of a network environment. The program modules generally perform the functions and/or methodologies of the embodiments described herein.
The processor 410 executes various functional applications and data processing by running programs stored in the memory 430, for example, implementing the Flash data access method provided by the embodiments shown in fig. 1 to 2 in this specification.
The embodiment of the present specification provides a computer-readable storage medium, which stores computer instructions, and the computer instructions enable the computer to execute the Flash data access method provided by the embodiment shown in fig. 1 to 2 of the present specification.
The computer-readable storage medium described above may take any combination of one or more computer-readable media. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a Read Only Memory (ROM), an Erasable Programmable Read Only Memory (EPROM), a flash Memory, an optical fiber, a portable compact disc Read Only Memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
In the description of the specification, reference to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the specification. In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.
Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In the description of the present specification, "a plurality" means at least two, e.g., two, three, etc., unless explicitly defined otherwise.
Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing steps of a custom logic function or process, and alternate implementations are included within the scope of the preferred embodiment of the present description in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the embodiments of the present description.
The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination" or "in response to a detection", depending on the context. Similarly, the phrases "if determined" or "if detected (a stated condition or event)" may be interpreted as "when determined" or "in response to a determination" or "when detected (a stated condition or event)" or "in response to a detection (a stated condition or event)", depending on the context.
It should be noted that the apparatuses referred to in the embodiments of the present disclosure may include, but are not limited to, a Personal Computer (Personal Computer; hereinafter, PC), a Personal Digital Assistant (Personal Digital Assistant; hereinafter, PDA), a wireless handheld apparatus, a Tablet Computer (Tablet Computer), a mobile phone, an MP3 display, an MP4 display, and the like.
In the several embodiments provided in this specification, it should be understood that the disclosed system, apparatus, and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and there may be other divisions in actual implementation, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
In addition, functional units in the embodiments of the present description may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.
The integrated unit implemented in the form of a software functional unit may be stored in a computer readable storage medium. The software functional unit is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a connector, or a network device) or a Processor (Processor) to execute some steps of the methods described in the embodiments of the present disclosure. And the aforementioned storage medium includes: a U disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above description is only a preferred embodiment of the present disclosure, and should not be taken as limiting the present disclosure, and any modifications, equivalents, improvements, etc. made within the spirit and principle of the present disclosure should be included in the scope of the present disclosure.
Claims (10)
1. A Flash data access method is characterized by comprising the following steps:
receiving a Flash data access request, wherein the Flash data access request comprises identity identification information and identification information of Flash data which is requested to be accessed;
determining a storage area where the Flash data is located according to the identification information of the Flash data; the storage area of each flash memory is divided into a safe storage area and a non-safe storage area;
if the storage area where the Flash data is located is the safe storage area, determining whether the Flash data access request is a legal request or not according to the identity identification information;
and if the Flash data access request is a legal request, allowing the Flash data access request to access the Flash data.
2. The method according to claim 1, wherein determining the storage area where the Flash data is located according to the identification information of the Flash data comprises:
calling a real-time operating system (RTOS) service driver, wherein the RTOS service driver is used for addressing data according to the identification information of the Flash data;
and determining the storage area of the Flash data according to the addressing result of the service driver of the real-time operating system.
3. The method of claim 1, wherein determining whether the Flash data access request is a valid request according to the identification information comprises:
determining whether the Flash data access request is an authorized data access request or not according to the identity identification information;
if the Flash data access request is an authorized data access request, determining that the Flash data access request is a legal request;
and if the Flash data access is not an authorized data access request, determining that the Flash data access request is an illegal request.
4. The method of claim 1, wherein allowing the Flash data access request to access the Flash data comprises:
if the Flash data access request is a legal request, calling a security drive service, wherein the security drive service is used for accessing the Flash data according to the Flash data access request;
obtaining an access result of the safety drive service to the Flash data;
and replying the Flash data access request according to the access result of the Flash data.
5. The method according to any one of claims 1 to 4, wherein before determining the storage area where the Flash data is located according to the identification information of the Flash data, the method further comprises:
performing identity verification on the Flash data access request according to the identity identification information;
and if the visitor corresponding to the identity identification information is not in the visitor white list, determining that the identity verification of the Flash data access request is not passed, and blocking the Flash data access request.
6. A Flash data access device, comprising:
the communication module is used for receiving a Flash data access request, wherein the Flash data access request comprises identity identification information and identification information of Flash data which is requested to be accessed;
the processing module is used for determining a storage area where the Flash data is located according to the identification information of the Flash data; the storage area of each flash memory is divided into a safe storage area and a non-safe storage area;
the processing module is further configured to determine whether the Flash data access request is a legal request according to the identity identification information if the storage area where the Flash data is located is the secure storage area;
and the processing module is also used for allowing the Flash data access request to access the Flash data if the Flash data access request is a legal request.
7. The device of claim 6, wherein the processing module is specifically configured to:
calling a real-time operating system (RTOS) service driver, wherein the RTOS service driver is used for addressing data according to the identification information of the Flash data;
and determining the storage area of the Flash data according to the addressing result of the service driver of the real-time operating system.
8. The device of claim 6, wherein the processing module is specifically configured to:
determining whether the Flash data access request is an authorized data access request or not according to the identity identification information;
if the Flash data access request is an authorized data access request, determining that the Flash data access request is a legal request;
and if the Flash data access is not an authorized data access request, determining that the Flash data access request is an illegal request.
9. An electronic device, comprising:
at least one processor; and
at least one memory communicatively coupled to the processor, wherein:
the memory stores program instructions executable by the processor, the processor invoking the program instructions to perform the method of any of claims 1 to 5.
10. A computer-readable storage medium storing computer instructions for causing a computer to perform the method of any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111541542.6A CN114218129A (en) | 2021-12-16 | 2021-12-16 | Flash data access method and related equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111541542.6A CN114218129A (en) | 2021-12-16 | 2021-12-16 | Flash data access method and related equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114218129A true CN114218129A (en) | 2022-03-22 |
Family
ID=80702894
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111541542.6A Pending CN114218129A (en) | 2021-12-16 | 2021-12-16 | Flash data access method and related equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114218129A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114785611A (en) * | 2022-05-10 | 2022-07-22 | 山东高速信息集团有限公司 | Communication protocol configuration method, equipment and medium for intelligent monitoring terminal |
-
2021
- 2021-12-16 CN CN202111541542.6A patent/CN114218129A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114785611A (en) * | 2022-05-10 | 2022-07-22 | 山东高速信息集团有限公司 | Communication protocol configuration method, equipment and medium for intelligent monitoring terminal |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9317450B2 (en) | Security protection for memory content of processor main memory | |
| US9087188B2 (en) | Providing authenticated anti-virus agents a direct access to scan memory | |
| EP3761208B1 (en) | Trust zone-based operating system and method | |
| US8407476B2 (en) | Method and apparatus for loading a trustable operating system | |
| KR100970040B1 (en) | A secure terminal, a routine and a method of protecting a secret key | |
| KR100692347B1 (en) | System and method for resetting a platform configuration register | |
| EP2666116B1 (en) | System and method for supporting jit in a secure system with randomly allocated memory ranges | |
| JP4937339B2 (en) | Method and system for directly rendering an image and correlating it with a corresponding user input in a secure memory area | |
| US8359443B2 (en) | Secure memory access system and method | |
| JP7213879B2 (en) | Memory protection device for indirect access memory controller | |
| WO2021055290A1 (en) | Controlled access to data stored in a secure partition | |
| CN112749397A (en) | System and method | |
| US20190370439A1 (en) | Secure system on chip for protecting software program from tampering, rehosting and piracy and method for operating the same | |
| CN112417470A (en) | Method and device for realizing GPU data security access, electronic equipment and storage medium | |
| CN114218129A (en) | Flash data access method and related equipment | |
| CN111459673A (en) | Secure memory expansion and release method and device and electronic equipment | |
| JP2008546122A (en) | Mechanism for evaluating token-enabled computer systems | |
| US7389427B1 (en) | Mechanism to secure computer output from software attack using isolated execution | |
| CN106203087B (en) | Injection protection method, system, terminal and storage medium | |
| CN114065257A (en) | Address space protection method, protection device, equipment and storage medium | |
| EP1535124B1 (en) | Computer architecture for executing a program in a secure of insecure mode | |
| US20240119139A1 (en) | Securing critical data in a storage device of a computer system | |
| CN111382433B (en) | Module loading method, device, equipment and storage medium | |
| CN111008375B (en) | Data protection method and device | |
| AU2013202876A1 (en) | System and method for supporting JIT in a secure system with randomly allocated memory ranges |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |