CN114253621A

CN114253621A - Method for configuring operating environment of terminal, computer device and readable storage medium

Info

Publication number: CN114253621A
Application number: CN202010955185.7A
Authority: CN
Inventors: 卢刚; 罗科峰
Original assignee: Shenzhen TCL Digital Technology Co Ltd
Current assignee: Shenzhen TCL Digital Technology Co Ltd
Priority date: 2020-09-11
Filing date: 2020-09-11
Publication date: 2022-03-29

Abstract

The application relates to a configuration method of a running environment of a terminal, computer equipment and a readable storage medium, wherein the configuration method comprises the following steps: the terminal responds to a user instruction and acquires certificate information corresponding to the user instruction; the terminal verifies the certificate information; when the certificate information passes verification, the terminal configures the operation environment of the terminal as a first operation environment; the first operating environment is an environment in which the terminal can execute all instructions in a user instruction set, and the user instruction set comprises the user instructions. After the certificate information is verified, the operating environment of the terminal is configured to be the first operating environment, the terminal executes all instructions in the user instruction set under the first operating environment, if the operating environment of the terminal is not configured to be the first operating environment, the terminal does not execute all instructions in the user instruction set, and the execution of all instructions is controlled through the operating environment of the terminal, so that the safety of the terminal is improved.

Description

Method for configuring operating environment of terminal, computer device and readable storage medium

Technical Field

The present application relates to the field of intelligent home appliance technologies, and in particular, to a method for configuring a running environment of a terminal, a computer device, and a readable storage medium.

Background

With the development of the intelligent degree of the mobile terminal, the intelligent terminal system can already provide the running environment of various types of application software, for example, the system of the terminal such as a television adopts an embedded system, and boots hardware initialization and finishes starting the kernel of the operating system by a uboot (Universal boot loader). In the prior art, the instruction of the Uboot command line interface is directly executed, and the terminal is easily invaded due to the fact that the system content is easily changed, so that the terminal has the problem of low safety.

Therefore, the prior art is in need of improvement.

Disclosure of Invention

The invention aims to solve the technical problem of providing a configuration method of a terminal running environment, a computer device and a readable storage medium.

In a first aspect, an embodiment of the present invention provides a method for configuring an operating environment of a terminal, where the method includes:

the terminal responds to a user instruction and acquires certificate information corresponding to the user instruction;

the terminal verifies the certificate information;

when the certificate information passes verification, the terminal configures the operation environment of the terminal as a first operation environment; the first operating environment is an environment in which the terminal can execute all instructions in a user instruction set, and the user instruction set comprises the user instructions.

In a second aspect, an embodiment of the present invention provides a computer device, including a memory and a processor, where the memory stores a computer program, and the processor implements the following steps when executing the computer program:

the terminal verifies the certificate information;

In a fourth aspect, an embodiment of the present invention provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the following steps:

the terminal verifies the certificate information;

Compared with the prior art, the embodiment of the invention has the following advantages:

after the certificate information is verified, the operating environment of the terminal is configured to be the first operating environment, the terminal executes all instructions in the user instruction set under the first operating environment, if the operating environment of the terminal is not configured to be the first operating environment, the terminal does not execute all instructions in the user instruction set, and the execution of all instructions is controlled through the operating environment of the terminal, so that the safety of the terminal is improved.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments described in the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.

Fig. 1 is a flowchart of a configuration method of an operating environment of a terminal in an embodiment of the present invention;

FIG. 2 is a timing diagram illustrating a first configuration according to an embodiment of the present invention;

FIG. 3 is a timing diagram illustrating the execution of a hazard instruction according to one embodiment of the present invention;

FIG. 4 is a timing diagram illustrating a second configuration according to an embodiment of the present invention;

FIG. 5 is a diagram illustrating a certificate information generation process according to an embodiment of the present invention;

FIG. 6 is a diagram illustrating security authentication management according to an embodiment of the present invention;

fig. 7 is an internal structural diagram of a computer device in an embodiment of the present invention.

Detailed Description

In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

The inventor has found that an embedded system usually employs a uboot (Universal boot loader) to boot hardware initialization and complete booting of the operating system kernel. The Uboot is responsible for deploying the whole system and also provides a command line interface for man-machine interaction, the Uboot comprises a plurality of key functions (instructions influencing the functions are collectively called as dangerous instructions), including turning on/off SELinux, setting editing environment variables, setting serial ports, logs, customizing commands such as voice and the like, and because the instructions of the Uboot command line interface are directly executed, that is, the dangerous instructions are also directly executed, the system content is easily changed to invade the terminal, and therefore, the terminal has a safety problem.

Specifically, in the prior art, as shown in fig. 6, when an instruction is input on a command line interface of an uboot program, a terminal directly executes the instruction and does not perform security authentication.

In order to solve the above problem, in the embodiment of the present invention, in order to implement configuration of an operating environment of a terminal, the terminal responds to a user instruction, and obtains certificate information corresponding to the user instruction; the terminal verifies the certificate information; when the certificate information passes verification, the terminal configures the operation environment of the terminal as a first operation environment; the first operating environment is an environment in which the terminal can execute all instructions in a user instruction set, and the user instruction set comprises the user instructions. It should be noted that, after the certificate information is verified, the operating environment of the terminal is configured as the first operating environment, the terminal executes all the instructions in the user instruction set in the first operating environment, and if the operating environment of the terminal is not configured as the first operating environment, the terminal does not execute all the instructions in the user instruction set, and the execution of each instruction is controlled through the operating environment of the terminal, so that the security of the terminal is improved.

Specifically, as shown in fig. 6, in the present embodiment, the instruction is not directly executed, but is executed after being subjected to security authentication management, so that the security of the terminal is ensured.

It should be noted that the above application scenarios are only presented to facilitate understanding of the present invention, and the embodiments of the present invention are not limited in any way in this respect. Rather, embodiments of the present invention may be applied to any scenario where applicable.

Various non-limiting embodiments of the present invention are described in detail below with reference to the accompanying drawings.

Referring to fig. 1, a configuration method of an operating environment of a terminal in an embodiment of the present invention is shown. In this embodiment, the configuration method may include the following steps:

and S1, the terminal responds to the user instruction to acquire the certificate information corresponding to the user instruction.

Specifically, the user instruction refers to an operation instruction sent by a user to a terminal, and the certificate information refers to authentication information reflecting user identity information. When the user operates the terminal, the user sends the user instruction to the terminal, and the terminal acquires the certificate information corresponding to the user instruction. The certificate information may be preset in the terminal.

For example, the user generates certificate information from the original certificate application information of the user through a certificate generation system, and stores the certificate information in the terminal. When a user operates the terminal, the terminal responds to a user instruction and acquires certificate information corresponding to the user instruction.

The certificate information may also be stored in a flash disk, for example, in a USB flash disk (i.e., a USB disk), and when the USB disk is connected to the terminal through a USB port of the terminal, the USB disk serves as a USB module of the terminal, and the terminal responds to a user instruction and obtains certificate information corresponding to the user instruction, specifically, obtains certificate information of the USB module in the terminal.

In an implementation manner of this embodiment, the certificate information includes: original certificate application information and a signature corresponding to the original certificate application information; the original certificate application information is information reflecting the identity of a user and a terminal applied by the user, the certificate information is generated by a certificate generation system according to the original certificate application information and the signature, and the signature is obtained by encrypting the original certificate application information by the certificate generation system.

Specifically, the original certificate application information is information reflecting the user identity and the terminal that the user applies for to use, and in order to ensure the security of the terminal, when the user applies for the certificate information, the user is required to fill in the original certificate application information, which reflects the user identity and the terminal that the user applies for use, so as to ensure the security of the terminal in the use process of the user. The original certificate application information at least comprises user information and terminal information, wherein the user information is used for reflecting the identity of a user, and the terminal information is used for reflecting a terminal applied by the user. Specifically, when the user applies for generating the certificate information, the original certificate application information may include, for example: 1. user information; 2. terminal information; 3. certificate application time; 4. a certificate type; 5. a certificate lifetime. The certificate information is encrypted by RSA, specifically, the signature in the certificate information is encrypted by RSA, and the RSA encryption is asymmetric encryption. Decryption can be done without directly passing the key. This ensures the security of the information and avoids the risk of being cracked due to the direct transfer of the key. Asymmetric encryption is the encryption and decryption of data by two keys, a public key and a private key. Both public and private keys can be used for encryption or decryption, and therefore, there are two encryption methods, the first one: the public key is used for encryption and the private key is used for decryption. The second encryption mode: the private key is used for encryption and the public key is used for decryption.

In the first encryption method, the encryption process of RSA is as follows:

(1) a generates a pair of keys (public and private), the private key is not public, and A keeps itself. The public key is public and can be obtained by anyone.

(2) A passes its public key to B, which encrypts the message with A's public key.

(3) And A receives the message encrypted by B and decrypts the message by using the private key of A.

In the process, only 2 times of transmission processes are carried out, wherein the first time is that A transmits a public key to B, and the second time is that B transmits an encrypted message to A, even if the public key and the encrypted message are intercepted by an enemy, the danger is avoided, because only the private key of A can decrypt the message, and the leakage of the message content is prevented.

In the second encryption method, the RSA signature process is as follows:

(2) A signs the message by using the private key of the A to form a signature, and transmits the signed message and the message to the B together.

(3) And B, after receiving the message, checking the signature of the public key of A, and if the content checked out is consistent with the message, proving that the message is replied by A.

In the process, only 2 times of transmission processes are needed, the first time is that A transmits signed messages and messages to B, and the second time is that B acquires the public key of A, even if the messages are intercepted by an enemy, the danger is avoided, because only the private key of A can sign the messages, even if the message content is known, the signed replies cannot be forged to B, and the message content is prevented from being falsified.

By combining the two encryption modes, the first encryption mode can encrypt the dummy command by using the intercepted public key and then transmit the dummy command to the A although the intercepted message is not leaked. In the second encryption method, although the intercepted message cannot be tampered, the content of the message can be obtained by using a public key signature, and leakage cannot be prevented. Therefore, in practical application, the encryption and the signature can be used according to the situation, for example, both A and B have a set of own public key and private key, when A sends a message to B, the public key of B is used for encrypting the message, and then the private key of A is used for signing the encrypted message, so that the purposes of no leakage and no tampering are achieved, and the safety of the message can be ensured.

In an implementation manner of this embodiment, a generation process of the certificate information is described by taking a television certificate generation system as an example, which is specifically as follows:

(1) the television certificate generation system determines original certificate application information.

Specifically, the television certificate generation system may be a digital Certificate Authority (CA), which is an organization responsible for issuing and managing digital certificates. The original certificate application information comprises: 1. user information; 2. television information; 3. certificate application time; 4. a certificate type; 5. a certificate lifetime. After the user fills the user information and the television information in the television certificate generation system, the television certificate generation system generates the certificate application time, the certificate type and the certificate service life according to the user information and the television information.

(2) The television certificate generation system encrypts the original certificate application information by using a private key to obtain a signature.

In particular, the television certificate generation system generates a pair of keys, namely a public key and a private key. Specifically, OpenSSL (Open Secure Sockets Layer) may be used to generate a pair of keys. The private key is not public and the television certificate generation system remains. The public key is public and can be obtained by anyone. The television certificate generation system encrypts the original certificate application information by using a private key to obtain a signature, and specifically, as shown in fig. 5, after encrypting the original certificate application information by using the private key, the original certificate application information may be encoded by base64 to obtain the signature.

(3) And generating certificate information according to the signature and the original certificate application information.

Specifically, the signature and the original certificate application information are combined together to obtain the certificate information, and then the signature is used as the ciphertext of the certificate information, and the original certificate application information is used as the plaintext of the certificate information. When generating the certificate information, the public key may be added to the certificate information.

After obtaining the certificate information, the receiving party (e.g., a terminal in the present application) may decrypt the certificate information using the public key. Because the signature can be obtained only by encrypting through the private key, even if the original certificate application information and the public key are obtained, the original certificate application information cannot be encrypted to obtain the signature, and the certificate information cannot be forged, so that the falsification of the original certificate application information is prevented.

S2, the terminal verifies the certificate information.

Specifically, after the terminal acquires the certificate information, the certificate information is verified, and the purpose of verifying the certificate information is to clarify the identity of the user and configure the operating environment of the terminal. The verification result of the certificate information comprises verification passing and verification failing. And configuring the terminal as an operating environment corresponding to the verification result according to the verification result of the certificate information.

Step S2, the terminal verifies the certificate information, including:

and S21, the terminal decrypts the signature in the certificate information to obtain decrypted certificate application information.

S22, the terminal compares the decrypted certificate application information with the original certificate application information in the certificate information.

And S23, when the decrypted certificate application information is the same as the original certificate application information, the certificate information passes verification.

And S24, when the decrypted certificate application information is different from the original certificate application information, the certificate information is not verified.

Specifically, the certificate information includes original certificate application information (i.e., plaintext) and a signature (i.e., ciphertext), the terminal decrypts the signature through the public key to obtain decrypted certificate application information, and then compares the decrypted certificate application information with the original certificate application information in the certificate information. And when the decrypted certificate application information is consistent with the original certificate application information in the certificate information, the certificate information passes verification. And when the decrypted certificate application information is inconsistent with the original certificate application information in the certificate information, the certificate information is not verified. Of course, certificate information verification is also not passed when the certificate lifetime is exceeded.

For example, the certificate origin application information includes: 1. user information; 2. television information; 3. certificate application time; 4. a certificate type; 5. a certificate lifetime. For example, the certificate origin application information includes: the user information is Zhang III; the television information is the type: XXX; the certificate application time is as follows: y month in Y year; the certificate type is an after-sale certificate; the certificate lifetime is 3 years. If the decrypted certificate application information is consistent with the original certificate application information, that is, the decrypted certificate application information includes: the user information is Zhang III; the television information is the type: XXX; the certificate application time is as follows: y month in Y year; the certificate type is an after-sale certificate; and if the service life of the certificate is 3 years, the certificate information passes verification.

The certificate information verification pass indicates that the determined user is a safe user, and the safe user refers to a user which does not affect the safety of the terminal, so that the terminal can execute all instructions in a user instruction set sent by the user. The certificate information verification does not indicate that the user is not determined to be a safe user, and the user may affect the security of the terminal, so that the terminal only executes all the instructions in the user instruction subset issued by the user.

S3, when the certificate information passes verification, the terminal configures the operation environment of the terminal as a first operation environment; the first operating environment is an environment in which the terminal can execute all instructions in a user instruction set, and the user instruction set comprises the user instructions.

Specifically, the operating environment refers to an environment required by software to run on the terminal, and the user instruction set refers to a set of instructions corresponding to operations executable by the terminal. In a first operating environment, the terminal may support execution of all instructions in a user instruction set.

When the certificate information is verified, the operating environment of the terminal is configured as a first operating environment in which the terminal executes all instructions in a user instruction set input by a user. Of course, the terminal may also execute dangerous instructions input by the user. That is, after the certificate information is verified, all instructions in the user instruction set are authorized, and the terminal executes the instructions regardless of dangerous instructions or non-dangerous instructions. The dangerous instruction refers to an instruction which affects the safety of the terminal, and the non-dangerous instruction refers to an instruction which does not affect the safety of the terminal.

For example, when the television fails, after-sales personnel need to maintain the television, after the after-sales certificate information is verified, the operating environment of the terminal is configured as the first operating environment, and the terminal can execute all instructions in the user instruction set input by the after-sales personnel, so that the after-sales personnel can maintain the television conveniently.

S4, when the certificate information is not verified, the terminal configures the operation environment of the terminal as a second operation environment; wherein the second operating environment is an environment in which the terminal can execute all instructions in a user instruction subset, the user instruction subset is a subset of the user instruction set, and the user instruction subset does not include the user instruction.

In particular, the user instruction subset refers to a subset of a user instruction set, that is, the user instruction set includes the user instruction subset. In order to secure the terminal, a user other than the security user is prevented from breaking the security of the terminal, and therefore, a user instruction subset is set. Users other than secure users include users that may affect terminal security, such as hackers. The instructions in the user instruction subset are non-dangerous instructions which do not affect the security of the terminal, that is, the user instruction subset only includes non-dangerous instructions and does not include dangerous instructions. Therefore, under the second operation environment, the terminal can support the execution of all instructions in the user instruction subset, and since the user instruction subset only includes non-dangerous instructions and does not include dangerous instructions, the terminal only executes the non-dangerous instructions and does not execute the dangerous instructions, and the safety of the terminal is not affected.

When the certificate information is not verified, the operating environment of the terminal is configured as a second operating environment in which the terminal does not execute the dangerous instruction input by the user even if the user inputs the dangerous instruction because the user instruction subset includes only the non-dangerous instruction and does not include the dangerous instruction.

For example, an intruder such as a hacker enters a command line interface of a boot loader of a television, and the intruder forges certificate information, when the intruder inputs a boot loader instruction, since the certificate information of the intruder is forged, the certificate information of the intruder does not pass verification, the operating environment of the terminal is configured as a second operating environment, dangerous instructions input by the intruder are limited in the second operating environment of the intruder, the terminal cannot execute the dangerous instructions, and the intruder cannot intrude a system of the television, so that the security of the television is ensured.

It should be noted that, when an intruder such as a hacker enters the command line interface of the boot loader of the television, and the intruder inputs the boot loader instruction, because the certificate information corresponding to the boot loader instruction does not exist, the certificate information corresponding to the boot loader instruction cannot be acquired, and the verification cannot be passed, the operation environment of the terminal is configured as the second operation environment, and the security of the television is also ensured.

As shown in fig. 3, when a dangerous instruction is input on a command line interface of the boot loader, for example, a high-risk instruction, security authentication management is performed, and if the operating environment of the terminal is configured as the first operating environment, the dangerous instruction is directly executed by the instruction implementation module, and after the instruction execution is completed, an execution result is returned. And if the operating environment of the terminal is configured to be the second operating environment, the dangerous instruction is not executed, and an error message is prompted and returned.

In this embodiment, the user instruction includes a bootstrap loader instruction and/or a start instruction of the terminal, where the bootstrap loader instruction refers to an instruction executed in a command line interface of a bootstrap loader. The starting instruction of the terminal refers to an instruction for starting the terminal. The configuration of the operating environment of the terminal can be realized under both the two types of user instructions, that is, the specific configuration modes of the operating environment of the terminal can be classified into two types according to the user instructions, and the two specific configuration modes are described below.

The first configuration:

in an implementation manner of this embodiment, the user instruction is a Boot Loader instruction, the Boot Loader may be an uboot Boot Loader, the uboot is collectively called a Universal Boot Loader and is an open source code that complies with the terms of the GPL, and the uboot Boot Loader has main functions of completing initialization of hardware devices and code transfer of an operating system, and providing a command line interface and an instruction set to control the hardware devices before the operating system runs.

The certificate information comprises USB certificate information, the USB certificate information is stored in a USB module of the terminal, and the USB certificate information refers to the certificate information stored in the USB module of the terminal. For example, the USB module is a USB disk, USB certificate information is stored in the USB disk, and after the USB disk is inserted into a USB port of a television, the terminal may obtain the USB certificate information stored in the USB disk.

The certificate information is different according to different user terminals, so the USB certificate information is classified according to the user terminals. The USB certificate information includes: one or more of developer certificate information, tester certificate information, production certificate information, and after-market certificate information. Developers include manufacturers' developers and third party developers. The developer of the manufacturer refers to a person who performs research and development in the manufacturer that produces the terminal, and the third party developer refers to a person who performs research and development based on the terminal, except for the manufacturer and the user. The developer certificate information refers to the certificate information applied by the developer, the tester certificate information refers to the certificate information applied by the tester, the production certificate information refers to the certificate information applied by the production personnel, and the after-sales certificate information refers to the certificate information applied by the after-sales personnel.

Step S1, the terminal responds to the user instruction, and acquires the certificate information corresponding to the user instruction, including:

s11a, the terminal responds to the boot loader instruction, and obtains USB certificate information corresponding to the boot loader instruction.

Specifically, the boot loader instruction refers to an operation instruction for initializing the terminal so that another program can be executed on the terminal, and the other program refers to a program other than the boot loader. As shown in fig. 6, the boot loader instructions may include, for example: setnv (change or add environmental variables); bootargs _ set (environment variable value), etc. Some of the instructions in the user instruction set (e.g., on/off SELinux, setting editing environment variables, setting serial ports, logs, and customizing commands such as voice, etc.) relate to key functions of the terminal and are called dangerous instructions. When dangerous instructions are executed, the terminal may be out of order (such as system crash, data loss) or be subjected to intrusion risk. Thus, the bootstrap loader instructions are divided into dangerous instructions and non-dangerous instructions.

When the terminal is started, the terminal enters a command line interface of the boot loader, and a boot loader instruction can be input in the command line interface of the boot loader. When a user inputs a bootstrap loader instruction on a command line interface of a bootstrap loader, the terminal responds to the bootstrap loader instruction and acquires USB certificate information corresponding to the bootstrap loader instruction.

For example, when the television is started, a command line interface of the uboot program is entered. And the television responds to the uboot program instruction and acquires USB certificate information corresponding to the uboot program instruction. For example, after-sales personnel apply for after-sales certificate information, store the after-sales certificate information in a USB disk, and then insert the USB disk storing the after-sales certificate information into a USB port of a television, so that the television obtains the after-sales certificate information in the USB disk.

In an implementation manner of this embodiment, the certificate information further includes: first partition certificate information; and the first partition certificate information is stored in a partition module of the terminal. The partition certificate information refers to certificate information stored in a partition module of the terminal.

Specifically, the first partition certificate information is partition certificate information used in the boot loader, and since the situation that the partition certificate information cannot be acquired may occur when the USB certificate information is acquired, in order to prevent that the verification fails due to the fact that the USB certificate information cannot be acquired, the first partition certificate information is configured on the basis of the USB certificate information.

The certificate information is different according to different user terminals, so the first partition certificate information is classified according to the user terminals. The first partition certificate information includes: one or more of developer certificate information, tester certificate information, production certificate information, and after-market certificate information. Developers include manufacturers' developers and third party developers.

Step S2, the terminal verifies the certificate information, including:

s21a, the terminal verifies the USB certificate information.

Specifically, after the terminal acquires the USB certificate information corresponding to the bootstrap loader instruction, the terminal verifies the USB certificate information. Specifically, the public key is adopted to decrypt the signature in the USB certificate information to obtain decrypted certificate application information, the decrypted certificate application information is compared with original certificate application information in the USB certificate information, and if the decrypted certificate application information is consistent with the original certificate application information, the verification is passed; and if the decrypted certificate application information is inconsistent with the original certificate application information, the verification is failed.

Step S3, when the certificate information passes verification, the terminal configures the operating environment of the terminal as a first operating environment, including:

s31a, when the USB certificate information passes verification, the terminal configures the operation environment of the terminal as a first operation environment.

Specifically, when the USB certificate information passes verification, the terminal configures an operating environment of the terminal as a first operating environment. In a first execution environment, all instructions in the user instruction set are executed.

Specifically, after the execution environment of the first terminal is configured as the first execution environment, the terminal executes the boot loader instruction, and returns the execution result to the command line interface of the boot loader after the instruction execution is finished.

Step S4, when the certificate information is not verified, the terminal configures the operating environment of the terminal as a second operating environment, including:

s41a, when the USB certificate information is not verified, acquiring the first partition certificate information.

Specifically, in order to avoid errors occurring during verification of the USB certificate information and affecting correctness of configuration of the operating environment of the terminal, when the USB certificate information is not verified, the first partition certificate information is obtained, that is, the terminal obtains the first partition certificate information stored in the partition module, so as to further verify the first partition certificate information, thereby ensuring correctness of configuration of the operating environment of the terminal.

S42a, the terminal verifies the first partition certificate information.

S43a, when the first partition certificate information is not verified, the terminal configures the operation environment of the terminal as a second operation environment.

Specifically, the first partition certificate information is verified, and when the first partition certificate information is not verified, the terminal configures the operating environment of the terminal as a second operating environment.

Of course, when the first partition certificate information passes verification, the terminal configures the operation environment of the terminal as the first operation environment.

As shown in fig. 2, when a bootstrap loader instruction (for example, a specified instruction) is input on a command line interface of a bootstrap loader, security authentication management is entered, when a command implementation module executes the instruction, USB certificate information corresponding to the bootstrap loader instruction is obtained, the USB certificate information is verified, when the USB certificate information is verified, the terminal configures an operating environment of the terminal as a first operating environment, and the command implementation module completes the bootstrap loader instruction and returns an execution result after the instruction execution is completed. And when the USB certificate information is not verified, acquiring the first partition certificate information. And verifying the first partition certificate information, and when the first partition certificate information is not verified, configuring the operating environment of the terminal as a second operating environment by the terminal. And if the terminal cannot execute the instruction of the boot loader, returning and prompting error information. When the first partition certificate information passes verification, the terminal configures the running environment of the terminal as a first running environment, the command implementation module completes the boot loader instruction, and an execution result is returned after the instruction execution is finished.

The second configuration:

in an implementation manner of this embodiment, the user instruction is a start instruction of the terminal, that is, when the terminal is started, certificate information corresponding to the user instruction is obtained. The credential information comprises second partition credential information; and the second partition certificate information is stored in a partition module of the terminal.

The second partition certificate information is partition certificate information used before the terminal enters the boot loader, and the second configuration mode is to facilitate software development by a developer, and to obtain the second partition certificate information and verify the second partition certificate information before the terminal does not enter the boot loader in the terminal starting process by pressing a start button of the terminal, so as to configure the operating environment of the terminal. Compared with the first configuration mode, in the second configuration mode, the user does not need to start first and then input an instruction in the boot loader to configure the running environment of the terminal, and when the user starts the terminal, the user can configure the running environment of the terminal, so that the operation of the user is reduced. For example, in the process of developing software, a developer needs to use a terminal for multiple times, the terminal is often turned off and turned on, and when the terminal is turned on, the running environment is automatically configured, so that the operation of the developer is reduced, and the developer can use the terminal conveniently.

Since the second configuration is more convenient for the developer to develop the software, the second partition certificate information includes the developer certificate information, and of course, the second partition certificate information may include only the developer certificate information. In a possible implementation manner, the second partition certificate information may only include developer certificate information of a manufacturer, as shown in fig. 4, after the terminal is powered on and started, the terminal enters an uboot program, and obtains the second partition certificate information of the partition module. That is, at the time of startup, security authentication management is performed by default, and therefore, it is not necessary to store certificate information in the USB module.

s11b, the terminal responds to the starting instruction of the terminal, and the second partition certificate information corresponding to the starting instruction of the terminal is obtained.

Specifically, after receiving the start instruction, the terminal acquires the second partition certificate information corresponding to the start instruction from the partition module.

Step S2, the terminal verifies the certificate information, including:

s21b, the terminal verifies the second partition certificate information.

Specifically, after the terminal acquires second partition certificate information corresponding to a start instruction of the terminal, the second partition certificate information is verified. Specifically, the public key is adopted to decrypt the signature in the second partition certificate information to obtain decrypted certificate application information, the decrypted certificate application information is compared with the original certificate application information in the second partition certificate information, and if the decrypted certificate application information is consistent with the original certificate application information, the verification is passed; and if the decrypted certificate application information is inconsistent with the original certificate application information, the verification is failed.

s31b, when the second partition certificate information passes verification, the terminal configures the operation environment of the terminal as a first operation environment.

Specifically, when the second partition certificate information passes verification, the terminal configures the operating environment of the terminal as a first operating environment. In a first execution environment, all instructions in the user instruction set are executed.

s41b, when the second partition certificate information is not verified, the terminal configures the operation environment of the terminal as a second operation environment.

Specifically, when the second partition certificate information is not verified, the operation environment of the terminal is configured as a second operation environment in which the terminal executes all instructions in the user instruction subset input by the user. Of course, the user instruction subset does not include the dangerous instruction, and the terminal does not execute the dangerous instruction input by the user. That is, when the second partition certificate information is not verified, only the non-dangerous command of the user is authorized, and the dangerous command of the user is not authorized.

And when the configuration of the running environment of the terminal is finished, entering a command line interface for guiding a transfer-in program. If the operating environment of the terminal is configured as the first operating environment, all instructions of the user are executed on the command line interface. If the operating environment of the terminal is configured as the second operating environment, on the command line interface, not all instructions in the user instruction set are executed, but all instructions in the user instruction subset are executed, specifically, non-dangerous instructions are executed, and dangerous instructions are not executed, so that the security of the terminal is ensured, and the stability of the system is improved.

In one embodiment, the present invention provides a computer device, which may be a terminal, having an internal structure as shown in fig. 7. The computer device includes a processor, a memory, a network interface, a display screen, and an input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a method of configuring an operating environment of a terminal or the animation image generation method. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, a key, a track ball or a touch pad arranged on the shell of the computer equipment, an external keyboard, a touch pad or a mouse and the like.

Those skilled in the art will appreciate that the illustration in fig. 7 is merely a block diagram of a portion of the structure associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.

In one embodiment, a computer device is provided, comprising a memory storing a computer program and a processor; the processor, when executing the computer program, implements the steps of:

the terminal verifies the certificate information;

In one embodiment, a computer-readable storage medium is provided, having a computer program stored thereon; the computer program when executed by a processor implementing the steps of:

the terminal verifies the certificate information;

In summary, the present application relates to a configuration method of an operating environment of a terminal, a computer device and a readable storage medium thereof, where the configuration method includes: the terminal responds to a user instruction and acquires certificate information corresponding to the user instruction; the terminal verifies the certificate information; when the certificate information passes verification, the terminal configures the operation environment of the terminal as a first operation environment; the first operating environment is an environment in which the terminal can execute all instructions in a user instruction set, and the user instruction set comprises the user instructions. After the certificate information is verified, the operating environment of the terminal is configured to be the first operating environment, the terminal executes all instructions in the user instruction set under the first operating environment, if the operating environment of the terminal is not configured to be the first operating environment, the terminal does not execute all instructions in the user instruction set, and the execution of all instructions is controlled through the operating environment of the terminal, so that the safety of the terminal is improved.

It will be understood by those skilled in the art that all or part of the processes in the methods of the embodiments described above may be implemented by hardware related to instructions of a computer program, which may be stored in a computer readable storage medium, for example, in the storage medium of a computer system, and executed by at least one processor in the computer system, so as to implement the processes of the embodiments including the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like.

The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.

Claims

1. A configuration method of an operating environment of a terminal, the configuration method comprising:

the terminal verifies the certificate information;

2. The method for configuring the operating environment of the terminal according to claim 1, wherein after the terminal verifies the certificate information, the method further comprises:

when the certificate information is not verified, the terminal configures the operating environment of the terminal as a second operating environment; wherein the second operating environment is an environment in which the terminal can execute all instructions in a user instruction subset, the user instruction subset is a subset of the user instruction set, and the user instruction subset does not include the user instruction.

3. The method according to claim 2, wherein the user command is a bootstrap command, and the certificate information includes: USB certificate information, wherein the USB certificate information is stored in a USB module of the terminal;

the terminal responds to a user instruction, acquires certificate information corresponding to the user instruction, and comprises the following steps:

and the terminal responds to the boot loader instruction and acquires USB certificate information corresponding to the boot loader instruction.

4. The method for configuring the operating environment of the terminal according to claim 3, wherein the certificate information further comprises: first partition certificate information; the first partition certificate information is stored in a partition module of the terminal;

when the certificate information is not verified, the terminal configures the operating environment of the terminal as a second operating environment, including:

when the USB certificate information is not verified, acquiring the first partition certificate information;

the terminal verifies the first partition certificate information;

and when the first partition certificate information is not verified, the terminal configures the operating environment of the terminal as a second operating environment.

5. The method for configuring the runtime environment of the terminal according to claim 4, wherein after the terminal verifies the first partition certificate information, the method further comprises:

and when the first partition certificate information passes verification, the terminal configures the operation environment of the terminal as a first operation environment.

6. The method for configuring the operating environment of the terminal according to claim 4, wherein the USB certificate information comprises: one or more of developer certificate information, tester certificate information, production certificate information, and after-sale certificate information; the first partition certificate information includes: one or more of developer certificate information, tester certificate information, production certificate information, and after-market certificate information.

7. The method for configuring the operating environment of the terminal according to any one of claims 1 to 2, wherein the user command is a start command of the terminal; the credential information comprises second partition credential information; the second partition certificate information is stored in a partition module of the terminal;

and the terminal responds to the starting instruction of the terminal and acquires the second partition certificate information corresponding to the starting instruction of the terminal.

8. The method according to claim 7, wherein the second partition certificate information includes developer certificate information.

9. The method for configuring the operating environment of the terminal according to any one of claims 1 to 6, wherein the certificate information comprises: original certificate application information and a signature corresponding to the original certificate application information; the certificate information is generated by a certificate generating system according to the original certificate application information and the signature, and the signature is obtained by the certificate generating system through encryption processing according to the original certificate application information.

10. The method for configuring the operating environment of the terminal according to claim 9, wherein the verifying the certificate information by the terminal comprises:

the terminal decrypts the signature in the certificate information to obtain decrypted certificate application information;

the terminal compares the decrypted certificate application information with original certificate application information in the certificate information;

when the decrypted certificate application information is the same as the original certificate application information, the certificate information passes verification;

and when the decrypted certificate application information is different from the original certificate application information, the certificate information is not verified.

11. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor, when executing the computer program, carries out the steps of a method for configuring an operating environment of a terminal according to any one of claims 1 to 10.

12. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method for configuring the operating environment of a terminal according to any one of claims 1 to 10.