CN114357463A - Information processing method and electronic equipment - Google Patents
Information processing method and electronic equipment Download PDFInfo
- Publication number
- CN114357463A CN114357463A CN202111678011.1A CN202111678011A CN114357463A CN 114357463 A CN114357463 A CN 114357463A CN 202111678011 A CN202111678011 A CN 202111678011A CN 114357463 A CN114357463 A CN 114357463A
- Authority
- CN
- China
- Prior art keywords
- processor
- related file
- file
- verification result
- storage unit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Stored Programmes (AREA)
Abstract
The method is applied to electronic equipment, the electronic equipment is provided with a first processor and a second processor, in the system starting process of the electronic equipment, after the first processor is started, a related file of the second processor is obtained in a preset storage unit, the first processor verifies the related file, and if the verification is passed, the system is started.
Description
Technical Field
The present application relates to the field of information technologies, and in particular, to an information processing method and an electronic device.
Background
At present, the problem of low security of electronic equipment exists because a processor cannot verify files related to the processor.
Disclosure of Invention
In view of the above, the present application provides an information processing method, comprising:
an information processing method for an electronic device including a first processor and a second processor, the method comprising:
in the system starting process of the electronic equipment, a first processor is started, and a related file of a second processor is acquired in a preset storage unit;
the first processor verifies the related file to obtain a verification result;
and characterizing that the related file passes the verification based on the verification result, and starting the system.
Optionally, in the foregoing method, the verifying the relevant document by the first processor to obtain a verification result includes:
the first processor decodes the related file to obtain decoding information;
comparing the decoding information with pre-stored information;
based on the decoding information is consistent with the pre-stored information, the obtained verification result represents that the related file passes the verification;
and based on the inconsistency between the decoding information and the pre-stored information, the obtained verification result represents that the related file is not verified.
Optionally, in the foregoing method, the verifying the relevant file by the first processor to obtain a verification result includes:
the related file is characterized to be verified based on the fact that the first processor verifies at least one of the original file and the backup file in the related file;
and representing that the related file is not verified based on that the first processor fails to verify the original file and the backup file in the related file.
Optionally, in the foregoing method, the first processor performs verification on the relevant file, and after obtaining a verification result, the method further includes:
and the first processor writes a verification result into the preset storage unit, and the verification result is stored in correspondence with the related file.
Optionally, the method further includes:
after the system is started, the preset storage unit receives and writes the related file to be updated, and generates a first message, wherein the first message represents that the preset storage unit updates the related file.
Optionally, in the method, after the preset storage unit receives and writes the relevant file to be updated, the method further includes:
in the process of restarting a system of the electronic equipment, the first processor verifies the updated related file in the preset storage unit to obtain a verification result;
the preset storage unit correspondingly stores the verification result and the updated related file;
prohibiting the electronic equipment system from starting based on the first message, and restarting the electronic equipment system;
in the process of restarting the electronic equipment system, the second processor detects a verification result in the preset storage unit based on the first message;
and the second processor copies the updated related file to a storage area in the second processor based on the verification result that the updated related file passes the verification, so that after the electronic equipment system is restarted, the second processor operates based on the updated related file in the storage area.
Optionally, the method further includes:
and based on the verification result that the related file is not verified, the system prohibits starting.
Optionally, after the system prohibits starting, the method further includes:
in the process of restarting a system of the electronic equipment, the first processor is started, and the updated related file is acquired in the preset storage unit;
the first processor verifies the updated related file to obtain a verification result;
the updated related file is verified based on the verification result, the electronic equipment system is prohibited to be started based on a first message, the electronic equipment system is restarted, and the first message represents the preset storage unit to update the related file;
in the process of restarting the electronic equipment system, the second processor detects a verification result in the preset storage unit based on the first message, and the verification result is stored corresponding to the updated related file;
and the second processor copies the updated related file to a storage area in the second processor based on the verification result that the updated related file passes the verification, so that after the electronic equipment system is restarted, the second processor operates based on the updated related file in the storage area.
Optionally, the method further includes:
and based on the verification result that the related file is not verified, starting the system, and the second processor operates based on the historical related file stored in the storage area.
An electronic device, comprising:
the system comprises a first processor, a second processor and a preset storage unit, wherein the preset storage unit stores related files of the second processor;
in the system starting process of the electronic equipment, a first processor is started, and a related file of a second processor is acquired in a preset storage unit;
the first processor verifies the related file to obtain a verification result;
and characterizing that the related file passes the verification based on the verification result, and starting the system.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on the provided drawings without creative efforts.
Fig. 1 is a flowchart of an information processing method according to embodiment 1 of the present application;
fig. 2 is a flowchart of an information processing method according to embodiment 2 of the present application;
fig. 3 is a flowchart of an information processing method according to embodiment 3 of the present application;
fig. 4 is a flowchart of an information processing method according to embodiment 4 of the present application;
fig. 5 is a flowchart of an embodiment 5 of an information processing method provided in the present application;
fig. 6 is a flowchart of an embodiment 6 of an information processing method provided in the present application;
fig. 7 is a flowchart of an embodiment 7 of an information processing method provided in the present application;
fig. 8 is a schematic structural diagram of an embodiment of an electronic device provided in the present application;
fig. 9 is a schematic view of an application scenario of an electronic device provided in the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
As shown in fig. 1, a flowchart of embodiment 1 of an information processing method provided by the present application is applied to an electronic device, where the electronic device includes a first processor and a second processor, and the method includes the following steps:
step S101: in the system starting process of the electronic equipment, a first processor is started, and a related file of a second processor is acquired in a preset storage unit;
in the system starting process of the electronic equipment, after the first processor is powered on and started, the related file of the second processor is acquired at the preset storage unit.
Specifically, the preset storage unit may be a Serial Peripheral Interface (SPI) ROM (Read Only Memory image).
Taking the second processor as an EC (Embedded Controller) as an example, the related file of the second processor may be a firmware (EC image) of the EC.
Specifically, the first processor may be an ME (Management Engine) provided in an SOC (System on Chip), the ME being a processor independent from a CPU (central processing unit) in the SOC, and a Hardware encryption Engine (Hardware encryption Engine) provided in the first processor.
Step S102: the first processor verifies the related file to obtain a verification result;
and after acquiring the related file of the second processor, the first processor verifies the related file to obtain a verification result.
It should be noted that, in this embodiment, the verification of the related file of the second processor is performed by the first processor without the second processor itself, and therefore, even if the second processor cannot perform the verification process, the verification of the related file of the second processor is not affected.
Specifically, the SPI ROM stores the firmware of the EC, and the EC firmware stored in the SPI ROM needs to be verified during the system start-up process of the electronic device.
Specifically, when the second processor is a conventional EC, the EC does not support hardware encryption and cannot support RoT, and the verification of the firmware of the EC is performed by the first processor, and the EC can verify the firmware of the EC without performing an encryption and decryption process.
The preset storage unit can store the original file and the backup file of the related file, and when the related file is verified, the related file can be judged to be verified as long as one file is verified.
Wherein, the step S102 specifically includes:
the related file is characterized to be verified based on the fact that the first processor verifies at least one of the original file and the backup file in the related file;
and representing that the related file is not verified based on that the first processor fails to verify the original file and the backup file in the related file.
In the verification process, the first processor firstly acquires an original file of the related file from a preset storage unit and verifies the original file; if the original file passes the verification, judging that the related file passes the verification; if the original file is not verified, acquiring a backup file of the related file in a preset storage unit, and verifying the backup file; and if the backup file passes the verification, judging that the related file passes the verification, and if the backup file does not pass the verification, judging that the related file does not pass the verification.
Step S103: and characterizing that the related file passes the verification based on the verification result, and starting the system.
If the verification result of the relevant file indicates that the relevant file passes verification, a system of the electronic equipment is started, and the equipment operates normally.
The first processor can also write the verification result into a preset storage unit, and the preset storage unit correspondingly stores the verification result and the verified related file.
Specifically, the verification result includes a result of verifying an original file in the related file, and the verification result is stored in correspondence with the original file; the verification result comprises the verification result of the original file and the backup file in the related files, and the verification result is stored corresponding to the original file and the backup file.
For example, when the original file passes verification, writing a signature (signature) corresponding to the original file in a preset storage unit as verification success (such as process);
for example, if the original file fails to be verified, writing a signature corresponding to the original file in the preset storage unit as verification failure (e.g., fail); and the backup file passes the verification, and the signature corresponding to the backup file is written as the verification success (such as the process).
In summary, the information processing method provided in this embodiment is applied to an electronic device, where the electronic device has a first processor and a second processor, and in a system start process of the electronic device, after the first processor is started, a related file of the second processor is obtained in a preset storage unit, and the first processor verifies the related file, and if the verification passes, the system starts.
Root of Trust (RoT, an architectural approach to establish a source that can be trusted in cryptographic systems) is now implemented using an EC chip (chip), but it must do the encryption and decryption functions by means of the EC hardware chip's own encryption engine. However, the conventional EC cannot support hardware encryption, so that most EC chips cannot support the RoT, and the security of the conventional EC firmware cannot be guaranteed. If the scheme provided by this embodiment is adopted, the second processor is an EC, and the related file is firmware of the EC, then the process of verifying the first firmware of the second processor is executed by the first processor, and when the second processor is the EC, the EC firmware can be verified by using other processors with information processing capability in the electronic device, so that even if the EC firmware does not support hardware encryption, the non-EC processor can implement RoT, and the security of the EC firmware is ensured.
As shown in fig. 2, a flowchart of embodiment 2 of an information processing method provided by the present application includes the following steps:
step S201: in the system starting process of the electronic equipment, a first processor is started, and a related file of a second processor is acquired in a preset storage unit;
step S201 is the same as step S101 in embodiment 1, and details are not described in this embodiment.
Step S202: the first processor decodes the related file to obtain decoding information;
it should be noted that this step in this embodiment is an explanation of the process of the first processor verifying the relevant file of the second processor.
After the first processor acquires the related file of the second processor, the related file is decoded to obtain decoding information.
Specifically, the kernel of the first processor is provided with a hardware encryption engine, and the hardware encryption engine decrypts the encrypted related file stored in the preset storage unit to obtain the decoding information.
Step S203: comparing the decoding information with pre-stored information;
based on the decoding information is consistent with the pre-stored information, the obtained verification result represents that the related file passes the verification; and based on the inconsistency between the decoding information and the pre-stored information, the obtained verification result represents that the related file is not verified.
Wherein, the first processor is provided with relevant information for judging whether the decoding information can pass the verification.
For example, the pre-stored information is information for determining whether the decoding information is complete, and if it is determined based on the pre-stored information that the decoding information is consistent with the pre-stored information, the decoding information is complete, and the related file passes the verification; if the decoding information is judged to be inconsistent with the prestored information based on the prestored information, the decoding information is incomplete, and the related file is not verified.
For example, the pre-stored information may be correct information after decoding the related file, and if it is determined that the decoded information is consistent with the pre-stored information based on the pre-stored information, the decoded information is consistent with the correct information, and the related file passes the verification; if the decoding information is judged to be inconsistent with the prestored information based on the prestored information, the decoding information is consistent with correct information, and the related file is not verified.
It should be noted that, if the relevant file stored in the preset storage unit passes the verification, it indicates that the electronic device can safely operate, and if the relevant file is not applied after passing the verification, the safe operation of the electronic device may be threatened.
Step S204: and characterizing that the related file passes the verification based on the verification result, and starting the system.
Step S204 is the same as step S103 in embodiment 1, and details are not described in this embodiment.
In summary, in an information processing method provided in this embodiment, the verifying the relevant file by the first processor to obtain a verification result includes: the first processor decodes the related file to obtain decoding information; comparing the decoding information with pre-stored information; based on the decoding information is consistent with the pre-stored information, the obtained verification result represents that the related file passes the verification; and based on the inconsistency between the decoding information and the pre-stored information, the obtained verification result represents that the related file is not verified. In the scheme, after the first processor acquires the relevant file of the second processor, the first processor decodes the relevant file to obtain the decoding information, and judges whether the relevant file stored in the preset storage unit is safe or not based on whether the decoding information is consistent with the pre-stored information or not.
As shown in fig. 3, a flowchart of embodiment 3 of an information processing method provided by the present application includes the following steps:
step S301: in the system starting process of the electronic equipment, a first processor is started, and a related file of a second processor is acquired in a preset storage unit;
step S302: the first processor verifies the related file to obtain a verification result;
step S303: the related file is characterized to pass verification based on the verification result, and a system is started;
steps S301 to S303 are the same as step S101 in embodiment 1, and are not described in detail in this embodiment.
Step S304: and after the system is started, the preset storage unit receives and writes the relevant file to be updated.
And generating a first message based on updating the related file for a preset storage unit, wherein the first message represents that the preset storage unit updates the related file.
In this embodiment, the process of normally updating the firmware of the second processor in the electronic device is described.
After the system of the electronic device is started, in the normal operation process of the system, the related file to be updated can be received, so that the related file in the preset storage unit can be updated.
Specifically, the related file to be updated is written into the preset storage unit, and the storage area of the preset storage unit is updated, so that the original file of the related file stored in the preset storage unit is updated to the related file to be updated.
Specifically, the backup file in the preset storage unit is also updated, so that the original file and the backup file in the preset storage unit are saved consistently.
In summary, in the information processing method provided in this embodiment, after the system is started, the preset storage unit receives and writes the relevant file to be updated, so as to update the relevant file in the preset storage unit.
As shown in fig. 4, a flowchart of embodiment 4 of an information processing method provided by the present application includes the following steps:
step S401: in the system starting process of the electronic equipment, a first processor is started, and a related file of a second processor is acquired in a preset storage unit;
step S402: the first processor verifies the related file to obtain a verification result;
step S403: the related file is characterized to pass verification based on the verification result, and a system is started;
step S404: and after the system is started, the preset storage unit receives and writes the relevant file to be updated.
Steps S401 to 404 are the same as steps S301 to 304 in embodiment 3, and are not described in detail in this embodiment.
Step S405: in the process of restarting a system of the electronic equipment, the first processor verifies the updated related file in the preset storage unit to obtain a verification result;
after the electronic device is normally shut down, the first processor verifies the relevant files in the preset storage unit to obtain a verification result in the process that the system of the electronic device is restarted.
Wherein, the relevant file in the preset storage unit is updated by executing step S404 on the relevant file stored in the preset storage unit.
The process of verifying the updated related file by the first processor refers to the explanation of step S102 in embodiment 1 and the explanation of embodiment 2, which are not described in detail in this embodiment.
Step S406: the preset storage unit correspondingly stores the verification result and the updated related file;
specifically, after verification, the preset storage unit correspondingly stores the verification result and the updated related file.
Step S407: prohibiting the electronic equipment system from starting based on the first message, and restarting the electronic equipment system;
and the system of the electronic equipment is prohibited from starting based on the first message, and is restarted, so that the related file stored by the second processor is updated in the restarting process.
Step S408: in the process of restarting the electronic equipment system, the second processor detects a verification result in the preset storage unit based on the first message;
and in the process of restarting the electronic equipment system, the second processor does not power down.
In specific implementation, after the relevant file stored in the preset storage unit is updated, the system sends a first message to the second processor.
And the second processor detects the verification result of the related file in a preset storage unit based on the first message.
Since the updated related file is a correct file, the updated related file is verified, and thus the corresponding related file is verified as a result of the verification stored in the preset storage unit.
Step S409: the updated related file is verified based on the verification result, and the second processor copies the updated related file to a storage area in the second processor;
and the second processor copies the related files stored in the preset storage unit to a storage area in the second processor based on the verification result stored in the preset storage unit representing that the corresponding related files pass verification.
For example, in a specific implementation, a section of code (flash code) is preset in a storage area (flash) in the second processor (EC), and the code is responsible for obtaining a verification result and copying a related file to the flash of the EC.
In the step S408-409, in the restart process of the electronic device, the first processor is powered off and then powered on again.
Step S410: and after the electronic equipment system is restarted, the second processor operates based on the updated related file in the storage area.
Wherein, after the electronic equipment system is restarted, the second processor operates based on the related file in the storage area of the second processor.
It should be noted that, after the electronic device system is restarted, the first processor executes a process of verifying the relevant file stored in the preset storage unit again and writes the verification result into the preset storage unit.
In summary, in the information processing method provided in this embodiment, after the relevant file in the preset storage unit is updated, in the process of restarting the electronic device after the system is normally powered off, the first processor verifies the updated relevant file in the preset storage unit to obtain a verification result, and stores the verification result in the preset storage unit in correspondence to the relevant file; the electronic equipment system is prohibited to be started based on a first message for updating the related file of the preset storage unit, and the electronic equipment system is restarted; in the process of restarting the electronic equipment system, the second processor detects that the verification result in the preset storage unit represents that the updated related file passes verification based on the first message, and copies the updated related file to the storage area in the second processor, so that after the electronic equipment is restarted, the second processor operates based on the updated related file in the storage area. In the scheme, after the related file in the preset storage unit is normally updated, the second processor copies the updated related file to the internal storage area thereof so as to operate the process based on the updated related file.
As shown in fig. 5, a flowchart of embodiment 5 of an information processing method provided by the present application includes the following steps:
step S501: in the system starting process of the electronic equipment, a first processor is started, and a related file of a second processor is acquired in a preset storage unit;
step S502: the first processor verifies the related file to obtain a verification result;
step S503: the related file is characterized to pass verification based on the verification result, and a system is started;
steps S501 to 503 are the same as steps S101 to 103 in embodiment 1, and are not described in detail in this embodiment.
Step S504: and based on the verification result that the related file is not verified, the system prohibits starting.
If the verification result of the relevant file indicates that the relevant file passes the verification, the system of the electronic equipment is prohibited from being started, so that the relevant file which does not pass the verification is prevented from influencing the operation of the electronic equipment, and the safety of the system is ensured.
The first processor can also write the verification result into a preset storage unit, and the preset storage unit correspondingly stores the verification result and the verified related file.
Specifically, the verification result includes a result of verifying an original file in the related file, and the verification result is stored in correspondence with the original file; the verification result comprises the verification result of the original file and the backup file in the related files, and the verification result is stored corresponding to the original file and the backup file.
For example, the original file is not verified, and a signature corresponding to the original file is written as verification failure (such as fail); if the backup file is not verified, the signature corresponding to the backup file is written as a verification failure (e.g., fail).
It should be noted that, if the verification result indicates that the relevant file is not verified, both the original file and the backup file that represent the relevant file in the preset storage unit fail to be verified, and the reason for this may be that all the firmware in the SIP ROM is damaged, and the security of the firmware in the SIP ROM of the second processor EC cannot be guaranteed, so that the EC cannot perform RoT based on the firmware.
In summary, the information processing method provided in this embodiment further includes: and based on the verification result that the related file is not verified, the system prohibits starting. In the scheme, as all the related files stored in the preset storage unit are damaged, the security of the related files cannot be ensured, and the EC cannot perform RoT based on the firmware stored in the SPI ROM, the system is prohibited from being started, so that the system security is ensured.
As shown in fig. 6, a flowchart of embodiment 6 of an information processing method provided by the present application includes the following steps:
step S601: in the system starting process of the electronic equipment, a first processor is started, and a related file of a second processor is acquired in a preset storage unit;
step S602: the first processor verifies the related file to obtain a verification result;
step S603: the related file is characterized to pass verification based on the verification result, and a system is started;
step S604: and based on the verification result that the related file is not verified, the system prohibits starting.
Steps S601 to 604 are the same as steps S501 to 504 in embodiment 5, and are not described in detail in this embodiment.
Step S605: in the process of restarting a system of the electronic equipment, the first processor is started, and the updated related file is acquired in the preset storage unit;
it should be noted that, if the verification result indicates that the related file fails to be verified, both the original file and the backup file that represent the related file in the preset storage unit fail to be verified, and the reason for this may be that all the firmware in the preset storage unit is damaged and the preset storage unit needs to be re-burned.
The burning needs to be performed by a professional, for example, after the system is prohibited from being started and the electronic device is shut down, the SPI ROM is burned at a service end (service), and a correct related file is burned to the SPI ROM, so that all firmware in the SPI ROM is updated.
Specifically, in the burning process, both the original file and the backup file in the preset storage unit can be updated, so that the original file and the backup file in the preset storage unit are stored consistently.
It should be noted that, after updating the firmware in the SPI ROM, the system of the electronic device can receive/detect the update and generate the first message to indicate that the firmware in the SPI ROM is the updated firmware.
And after the first processor is powered on and started, acquiring the updated related file from the burnt preset storage unit in the process that the user presses the power key to restart the system of the electronic equipment.
Step S606: the first processor verifies the updated related file to obtain a verification result;
and the first processor verifies the relevant files in the preset storage unit to obtain a verification result in the process that the electronic equipment is normally started again after being shut down and the system is started again.
The process of verifying the updated related file by the first processor refers to the explanation of step S102 in embodiment 1 and the explanation of embodiment 2, which are not described in detail in this embodiment.
Step S607: the updated related file is verified based on the verification result, the electronic equipment system is prohibited to be started based on the first message, and the electronic equipment system is restarted;
and the first message represents that the preset storage unit updates the related file.
And if the verification result indicates that the updated related file passes the verification, the updated related file is safe. The updated relevant file needs to be copied to the second processor.
Therefore, the system booting of the electronic device is prohibited based on the first message for updating the relevant file with respect to the preset storage unit, and the system of the electronic device is rebooted so that the second processor copies the relevant file during the rebooting.
Step S608: in the process of restarting the electronic equipment system, the second processor detects a verification result in the preset storage unit based on the first message, and the verification result is stored corresponding to the updated related file;
and in the process of restarting the electronic equipment system, the second processor does not power down.
In specific implementation, after the relevant file stored in the preset storage unit is updated, the system sends a first message to the second processor.
And the second processor detects the verification result of the related file in a preset storage unit based on the first message.
Since the updated related file is a correct file, the updated related file is verified, and thus the corresponding related file is verified as a result of the verification stored in the preset storage unit.
Step S609: the updated related file is verified based on the verification result, and the updated related file is copied to the second processor for storage;
and the second processor copies the related files stored in the preset storage unit to a storage area in the second processor based on the verification result stored in the preset storage unit representing that the corresponding related files pass verification.
In a specific implementation, a section of code (flash code) is embedded in a storage area (flash) in the second processor (EC), and the code is responsible for acquiring a verification result and copying a related file to the flash of the EC.
In the restart process of the electronic device, the steps S608 to S609 are executed at a time before the first processor is powered off and then powered on again.
Step S610: and after the electronic equipment is restarted, the second processor operates based on the updated related file in the storage area.
Wherein, after the electronic equipment system is restarted, the second processor operates based on the related file in the storage area of the second processor.
It should be noted that, after the electronic device system is restarted, the first processor executes a process of verifying the relevant file stored in the preset storage unit again and writes the verification result into the preset storage unit.
In summary, the information processing method provided in this embodiment further includes: in the process of restarting a system of the electronic equipment, the first processor is started, and the updated related file is acquired in the preset storage unit; the first processor verifies the updated related file to obtain a verification result; the updated related file is verified based on the verification result, the electronic equipment system is prohibited to be started based on a first message, the electronic equipment system is restarted, and the first message represents the preset storage unit to update the related file; in the process of restarting the electronic equipment system, the second processor detects a verification result in the preset storage unit based on the first message, and the verification result is stored corresponding to the updated related file; and the second processor copies the updated related file to a storage area in the second processor based on the verification result that the updated related file passes the verification, so that after the electronic equipment system is restarted, the second processor operates based on the updated related file in the storage area. According to the scheme, how to copy the updated related file to the internal storage area of the second processor after burning and updating the related file in the preset storage unit is definitely explained, so that the operation process is performed based on the updated related file.
As shown in fig. 7, a flowchart of embodiment 7 of an information processing method provided by the present application includes the following steps:
step S701: in the system starting process of the electronic equipment, a first processor is started, and a related file of a second processor is acquired in a preset storage unit;
step S702: the first processor verifies the related file to obtain a verification result;
step S703: the related file is characterized to pass verification based on the verification result, and a system is started;
steps S701 to 703 are the same as steps S101 to 103 in embodiment 1, and are not described in detail in this embodiment.
Step S704: and based on the verification result that the related file is not verified, starting the system, and the second processor operates based on the historical related file stored in the storage area.
It should be noted that, this time, the verification of the relevant file in the preset storage unit is not passed, but a history relevant file is stored in the storage area of the second processor itself, the history relevant file is verified, the security of the history relevant file is guaranteed, the system continues to be started, and the EC operates based on the history firmware stored in the storage area (EC flash) of the EC itself, so that the system can be guaranteed to operate safely.
Therefore, the system still starts up when the verification of the relevant file for the preset storage unit fails, but the second processor operates based on the historical relevant file stored in the local storage area of the second processor.
In specific implementation, when the verification of the related file fails, the system may further generate a prompt message to prompt the user that the related file in the preset storage unit is damaged and needs to be updated.
In the subsequent process, the user knows that the related file in the preset storage unit is damaged based on the prompt message, and can update the related file in the preset storage unit.
For example, after updating the relevant files in the preset storage unit, the system generates a first message to prompt ME and EC that the firmware in the SPI ROM is updated.
It should be noted that, after the firmware in the SPI ROM is updated, the processing procedure thereof may refer to steps S605-609 in embodiment 6, and details in this embodiment are not described again.
In summary, the information processing method provided in this embodiment further includes: and based on the verification result that the related file is not verified, starting the system, and the second processor operates based on the historical related file stored in the storage area. In the scheme, although all the related files stored in the preset storage unit are damaged, the security of the related files cannot be guaranteed, the storage area of the second processor stores the history related files, the history related files are verified, the security of the history related files is guaranteed, the system is continuously started, and the EC operates based on the history firmware stored in the storage area of the EC, so that the system can be guaranteed to operate safely.
Corresponding to the embodiment of the information processing method provided by the application, the application also provides an embodiment of the electronic equipment applying the information processing method.
Fig. 8 is a schematic structural diagram of an embodiment of an electronic device provided in the present application, where the electronic device includes the following structures: a first processor 801, a second processor 802, and a preset storage unit 803;
the preset storage unit stores the related file of the second processor;
in the system starting process of the electronic equipment, a first processor is started, and a related file of a second processor is acquired in a preset storage unit;
the first processor verifies the related file to obtain a verification result;
and characterizing that the related file passes the verification based on the verification result, and starting the system.
In particular, the second processor may be an EC; the preset storage unit can be an SPI ROM, and firmware of the EC is stored in the preset storage unit; the first processor may be an ME disposed in the SOC, the ME being a CPU-independent processor in the SOC, the first processor having disposed therein a hardware encryption engine capable of decrypting the firmware of the EC stored in the SIPROM to enable the first processor to verify the firmware of the EC.
Optionally, the verifying the relevant file by the first processor to obtain a verification result includes:
the first processor decodes the related file to obtain decoding information;
comparing the decoding information with pre-stored information;
based on the decoding information is consistent with the pre-stored information, the obtained verification result represents that the related file passes the verification;
and based on the inconsistency between the decoding information and the pre-stored information, the obtained verification result represents that the related file is not verified.
Optionally, the verifying the related file by the first processor to obtain a verification result includes:
the related file is characterized to be verified based on the fact that the first processor verifies at least one of the original file and the backup file in the related file;
and representing that the related file is not verified based on that the first processor fails to verify the original file and the backup file in the related file.
Optionally, the first processor verifies the relevant file, and after a verification result is obtained, the first processor writes the verification result into the preset storage unit, and the verification result is stored in correspondence with the relevant file.
Optionally, after the system is started, the preset storage unit receives and writes the relevant file to be updated, and generates a first message, where the first message represents that the preset storage unit updates the relevant file.
Optionally, after the preset storage unit receives and writes the relevant file to be updated, the system of the electronic device is restarted, and in the restarting process, the first processor verifies the updated relevant file in the preset storage unit to obtain a verification result;
the preset storage unit correspondingly stores the verification result and the updated related file;
prohibiting the electronic equipment system from starting based on the first message, and restarting the electronic equipment system;
in the process of restarting the electronic equipment system, the second processor detects a verification result in the preset storage unit based on the first message;
and the second processor copies the updated related file to a storage area in the second processor based on the verification result that the updated related file passes the verification, so that after the electronic equipment system is restarted, the second processor operates based on the updated related file in the storage area.
Optionally, the system prohibits starting based on the verification result that the related file is not verified.
Optionally, after the system is prohibited from being started, in a process of restarting the system of the electronic device, the first processor is started, and the updated related file is acquired in the preset storage unit;
the first processor verifies the updated related file to obtain a verification result;
the updated related file is verified based on the verification result, the electronic equipment system is prohibited to be started based on a first message, the electronic equipment system is restarted, and the first message represents the preset storage unit to update the related file;
in the process of restarting the electronic equipment system, the second processor detects a verification result in the preset storage unit based on the first message, and the verification result is stored corresponding to the updated related file;
and the second processor copies the updated related file to a storage area in the second processor based on the verification result that the updated related file passes the verification, so that after the electronic equipment system is restarted, the second processor operates based on the updated related file in the storage area.
Optionally, the related file is characterized by not being verified based on the verification result, the system is started, and the second processor operates based on the historical related file stored in the storage area.
The functions of each structure in the electronic device refer to the explanations in the foregoing method embodiments, and are not described in detail in this embodiment.
In specific implementation, the structures in the electronic device are connected through the SPI.
Fig. 9 is a schematic view of an application scenario of an electronic device, where the first processor is specifically an ME in an SOC, the second processor is specifically an EC, a flash storage area is disposed in the EC, a flash code is prestored in the flash storage area, the preset storage unit adopts an SPI ROM, a firmware original file and a backup file of the EC are stored in the SPI ROM, and a signature is correspondingly stored in each file, where the signature is a result of verifying the firmware by the ME. The ME and the SPI ROM are connected through the SPI, the SPI ROM and the EC are connected through the ESPI (Enhanced Serial Peripheral Interface).
In summary, in the electronic device provided in this embodiment, the first processor and the second processor are provided, and in a system starting process of the electronic device, after the first processor is started, the related file of the second processor is obtained in the preset storage unit, and the first processor verifies the related file, and if the verification passes, the system is started. The second processor is an EC, the relevant file is firmware of the EC, and then the process of verifying the first firmware of the second processor is executed by the first processor, and when the second processor is the EC, the EC firmware can be verified by using other processors with information processing capability in the electronic device, so that even if the EC firmware does not support hardware encryption, the non-EC processor can implement RoT, and the security of the EC firmware is ensured.
The embodiments in the present description are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. For the device provided by the embodiment, the description is relatively simple because the device corresponds to the method provided by the embodiment, and the relevant points can be referred to the method part for description.
The previous description of the provided embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features provided herein.
Claims (10)
1. An information processing method for an electronic device including a first processor and a second processor, the method comprising:
in the system starting process of the electronic equipment, a first processor is started, and a related file of a second processor is acquired in a preset storage unit;
the first processor verifies the related file to obtain a verification result;
and characterizing that the related file passes the verification based on the verification result, and starting the system.
2. The method of claim 1, the first processor verifying the associated document to obtain a verification result, comprising:
the first processor decodes the related file to obtain decoding information;
comparing the decoding information with pre-stored information;
based on the decoding information is consistent with the pre-stored information, the obtained verification result represents that the related file passes the verification;
and based on the inconsistency between the decoding information and the pre-stored information, the obtained verification result represents that the related file is not verified.
3. The method of claim 1, the first processor performing authentication on the associated document to obtain an authentication result, comprising:
the related file is characterized to be verified based on the fact that the first processor verifies at least one of the original file and the backup file in the related file;
and representing that the related file is not verified based on that the first processor fails to verify the original file and the backup file in the related file.
4. The method of claim 1, wherein the first processor performs authentication on the related document, and after obtaining the authentication result, the method further comprises:
and the first processor writes a verification result into the preset storage unit, and the verification result is stored in correspondence with the related file.
5. The method of claim 1, further comprising:
after the system is started, the preset storage unit receives and writes the related file to be updated, and generates a first message, wherein the first message represents that the preset storage unit updates the related file.
6. The method of claim 5, wherein after the preset storage unit receives and writes the relevant file to be updated, the method further comprises:
in the process of restarting a system of the electronic equipment, the first processor verifies the updated related file in the preset storage unit to obtain a verification result;
the preset storage unit correspondingly stores the verification result and the updated related file;
prohibiting the electronic equipment system from starting based on the first message, and restarting the electronic equipment system;
in the process of restarting the electronic equipment system, the second processor detects a verification result in the preset storage unit based on the first message;
and the second processor copies the updated related file to a storage area in the second processor based on the verification result that the updated related file passes the verification, so that after the electronic equipment system is restarted, the second processor operates based on the updated related file in the storage area.
7. The method of claim 1, further comprising:
and based on the verification result that the related file is not verified, the system prohibits starting.
8. The method of claim 7, after the system disables booting, further comprising:
in the process of restarting a system of the electronic equipment, the first processor is started, and the updated related file is acquired in the preset storage unit;
the first processor verifies the updated related file to obtain a verification result;
the updated related file is verified based on the verification result, the electronic equipment system is prohibited to be started based on a first message, the electronic equipment system is restarted, and the first message represents the preset storage unit to update the related file;
in the process of restarting the electronic equipment system, the second processor detects a verification result in the preset storage unit based on the first message, and the verification result is stored corresponding to the updated related file;
and the second processor copies the updated related file to a storage area in the second processor based on the verification result that the updated related file passes the verification, so that after the electronic equipment system is restarted, the second processor operates based on the updated related file in the storage area.
9. The method of claim 1, further comprising:
and based on the verification result that the related file is not verified, starting the system, and the second processor operates based on the historical related file stored in the storage area.
10. An electronic device, comprising:
the system comprises a first processor, a second processor and a preset storage unit, wherein the preset storage unit stores related files of the second processor;
in the system starting process of the electronic equipment, a first processor is started, and a related file of a second processor is acquired in a preset storage unit;
the first processor verifies the related file to obtain a verification result;
and characterizing that the related file passes the verification based on the verification result, and starting the system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111678011.1A CN114357463A (en) | 2021-12-31 | 2021-12-31 | Information processing method and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111678011.1A CN114357463A (en) | 2021-12-31 | 2021-12-31 | Information processing method and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114357463A true CN114357463A (en) | 2022-04-15 |
Family
ID=81105258
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111678011.1A Pending CN114357463A (en) | 2021-12-31 | 2021-12-31 | Information processing method and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114357463A (en) |
-
2021
- 2021-12-31 CN CN202111678011.1A patent/CN114357463A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10225426B2 (en) | Image forming apparatus having firmware update function, method of controlling the same, program for executing the method, and storage medium | |
| JP4769608B2 (en) | Information processing apparatus having start verification function | |
| JP3724577B2 (en) | Information processing apparatus, control method for information processing apparatus, and control program for information processing apparatus | |
| JP4994903B2 (en) | Encryption key recovery method, information processing apparatus, and encryption key recovery program | |
| KR102062073B1 (en) | Information processing apparatus and method of controlling the apparatus | |
| US20020157010A1 (en) | Secure system and method for updating a protected partition of a hard drive | |
| JP6391439B2 (en) | Information processing apparatus, server apparatus, information processing system, control method, and computer program | |
| JP2011165175A (en) | Method of downloading software | |
| WO2020037613A1 (en) | Security upgrade method, apparatus and device for embedded program, and storage medium | |
| US20210367781A1 (en) | Method and system for accelerating verification procedure for image file | |
| CN112114842A (en) | Information processing apparatus, control method thereof, and storage medium | |
| US20190325138A1 (en) | Information processing apparatus, control method, and storage medium | |
| JP6930884B2 (en) | BIOS management device, BIOS management system, BIOS management method, and BIOS management program | |
| JP7508571B2 (en) | VEHICLE SAFE START METHOD, SAFE START DEVICE, ELECTRONIC CONTROL UNIT, AND STORAGE MEDIUM | |
| CN114357463A (en) | Information processing method and electronic equipment | |
| CN116775145A (en) | Method, device, equipment and storage medium for starting and recovering server | |
| TWI789142B (en) | Controller, computing device, bios recovery and backup method | |
| KR102386614B1 (en) | IoT Device Firmware Update System, IoT Device Firmware Update Method, and IoT Device Booting Method | |
| JP2020053002A (en) | Information processing apparatus, control method thereof, and program | |
| JP2020154601A (en) | Information processing device and its control method, and program | |
| JP7215116B2 (en) | Information processing device, information processing method and program | |
| KR102680666B1 (en) | Vehicle security starting methods, devices, electronic control units and storage media | |
| CN117932623B (en) | Safe booting method and system for operating system | |
| JP7176379B2 (en) | Information processing device, information processing method, and program | |
| US11971991B2 (en) | Information processing apparatus, control method for controlling the same and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |