CN114416145A - Solid state disk starting program storage method and solid state disk starting method - Google Patents
Solid state disk starting program storage method and solid state disk starting method Download PDFInfo
- Publication number
- CN114416145A CN114416145A CN202111556487.8A CN202111556487A CN114416145A CN 114416145 A CN114416145 A CN 114416145A CN 202111556487 A CN202111556487 A CN 202111556487A CN 114416145 A CN114416145 A CN 114416145A
- Authority
- CN
- China
- Prior art keywords
- metric value
- value
- solid state
- state disk
- hash value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
- G06F8/654—Updates using techniques specially adapted for alterable solid state memories, e.g. for EEPROM or flash memories
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
Landscapes
- Engineering & Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
Abstract
The invention discloses a solid state disk starting program storage method and a solid state disk starting method. The method for storing the solid state disk starting program comprises the following steps: acquiring a boot loader of a solid state disk and calculating a first hash value of the boot loader; storing the boot loader and the first hash value into a first NorFlash in a main control chip of the solid state disk; acquiring a starting program and starting data, and calculating a second hash value of the starting program and/or the starting data; and generating a metric value through a preset algorithm based on the first hash value and the second hash value, and storing the metric value, the starting program and the starting data into a second NorFlash outside the main control chip of the solid state disk. According to the scheme, the trust chain is established by taking the first hash value of the loaded bootstrap program as the trusted root, so that the trust chain of the trusted software system is established and transferred, and the security of starting the solid state disk is improved.
Description
Technical Field
The invention relates to the field of storage, in particular to a solid state disk starting program storage method and a solid state disk starting method.
Background
Solid state disk is used as a new generation of storage, and with the development of technologies such as internet, cloud computing and the like, the solid state disk is widely applied. The solid state disk has powerful functions, large firmware code amount and needs much key data in the starting process, so that the firmware and the data are stored in a NorFlash (a non-volatile flash memory) with larger capacity outside a chip (not inside a main control chip), and the firmware and the key data can be read from the NorFlash outside the chip in the starting process of the solid state disk. However, the off-chip device is easily modified by an adversary by adopting a forced means, so that an illegal program and data are loaded for starting in the starting process of the solid state disk, and great potential safety hazards exist.
Disclosure of Invention
In view of the above, it is desirable to provide a method for storing a boot program of a solid state disk and a method for booting a solid state disk.
According to a first aspect of the present invention, a method for storing a boot program of a solid state disk is provided, where the method for storing a boot program of a solid state disk includes:
acquiring a boot loader of a solid state disk and calculating a first hash value of the boot loader;
storing the boot loader and the first hash value into a first NorFlash in a main control chip of the solid state disk;
acquiring a starting program and starting data, and calculating a second hash value of the starting program and/or the starting data;
and generating a metric value through a preset algorithm based on the first hash value and the second hash value, and storing the metric value, the starting program and the starting data into a second NorFlash outside the main control chip of the solid state disk.
In some embodiments, the boot program includes a patch segment, a secondary boot segment, and a firmware segment, and the boot data includes first critical data and second critical data, where the first critical data represents data required before the firmware is started, and the second critical data represents data required when the firmware is started.
In some embodiments, the step of acquiring the boot program and the boot data, and calculating the second hash value of the boot program and/or the boot data comprises:
acquiring the patch segment and calculating the hash value of the patch segment;
acquiring the secondary guide segment and calculating the hash value of the secondary guide segment;
acquiring the firmware segment and calculating the hash value of the firmware segment;
acquiring the first key data and calculating a hash value of the first key data;
and acquiring the second key data and calculating the hash value of the second key data.
In some embodiments, the step of generating a metric value based on the first hash value and the second hash value by using a preset algorithm, and storing the metric value, the boot program, and the boot data in a second NorFlash outside the main control chip of the solid state disk includes:
splicing the first hash value and the hash value of the patch segment to obtain a first metric value;
splicing the first metric value and the hash value of the secondary guide section to obtain a second metric value;
splicing the second metric value and the hash value of the first key data to obtain a third metric value;
splicing the third measurement value and the hash value of the firmware section to obtain a fourth measurement value;
splicing the fourth metric value and the hash value of the second key data to obtain a fifth metric value;
and adding the first metric value, the second metric value, the third metric value, the fourth metric value and the fifth metric value to the patch section, the secondary guide section, the firmware section, the first key data and the second key data respectively according to a preset rule and storing the first metric value, the second metric value, the third metric value, the fourth metric value and the fifth metric value in the second NorFlash.
According to a second aspect of the present invention, there is provided a method for starting a solid state disk, where the solid state disk has a start program, and the start program is stored by using the above method for storing the start program of the solid state disk, and the method for starting the solid state disk includes:
reading a boot loader and a first Hash value from a first NorFlash in a main control chip of the solid state disk, and operating the boot loader;
reading a starting program and starting data from a second NorFlash outside a main control chip of the solid state disk, and calculating a third Hash value of the starting program and the starting data;
generating a metric value to be verified through a preset algorithm based on the first hash value and the third hash value;
reading the metric value from a second NorFlash outside the main control chip of the solid state disk and comparing the metric value with the metric value to be verified;
and if the comparison is successful, executing the starting process based on the starting program and the starting data, otherwise powering down the solid state disk to terminate the starting process.
In some embodiments, the boot program includes a patch segment, a secondary boot segment, and a firmware segment, and the boot data includes first critical data and second critical data, where the first critical data represents data required before the firmware is started, and the second critical data represents data required when the firmware is started.
In some embodiments, the step of reading a boot program and boot data from a second NorFlash outside the main control chip of the solid state disk, and calculating a third hash value of the boot program and the boot data includes:
reading the patch segment from the second NorFlash and calculating the hash value of the read patch segment;
reading the secondary guide segment from the second NorFlash and calculating the hash value of the read secondary guide segment;
reading the firmware segment from the second NorFlash and calculating the hash value of the read firmware segment;
reading the first key data from a second NorFlash and calculating a hash value of the read first key data;
and reading the second key data from the second NorFlash and calculating the hash value of the read second key data.
In some embodiments, the step of generating the metric value to be verified through a preset algorithm based on the first hash value and the third hash value includes:
splicing the first hash value and the read hash value of the patch section to obtain a first metric value to be verified;
obtaining a second metric value to be verified by the first metric value to be verified and the read hash value of the second guide segment;
splicing the second metric value to be verified and the read hash value of the first key data to obtain a third metric value to be verified;
splicing the third metric value to be verified and the read hash value of the firmware section to obtain a fourth metric value to be verified;
and splicing the fourth metric value to be verified and the read hash value of the second key data to obtain a fifth metric value to be verified.
In some embodiments, the step of reading the metric value from a second NorFlash outside the main control chip of the solid state disk and comparing the metric value with the metric value to be verified includes:
comparing the first metric value with the first to-be-verified metric value to judge whether the first metric value and the first to-be-verified metric value are the same;
comparing the second metric value with the second to-be-verified metric value to judge whether the two metric values are the same;
comparing the third metric value with the third to-be-verified metric value to judge whether the third metric value and the third to-be-verified metric value are the same;
comparing the fourth metric value with the fourth to-be-verified metric value to judge whether the fourth metric value and the fourth to-be-verified metric value are the same;
and comparing the fifth metric value with the fifth to-be-verified metric value to judge whether the fifth metric value and the fifth to-be-verified metric value are the same.
In some embodiments, when the comparison is successful, the first metric value is the same as the first metric value to be verified, the second metric value is the same as the second metric value to be verified, the third metric value is the same as the third metric value to be verified, the fourth metric value is the same as the fourth metric value to be verified, and the fifth metric value is the same as the fifth metric value to be verified.
The method for storing the boot program of the solid state disk comprises the steps of storing a first Hash value for loading the boot program in a first NorFlash in a main control chip of the solid state disk, generating a measurement value based on a second Hash value and the first Hash value of the boot program and boot data and through a preset algorithm, storing the measurement value, the boot program and the boot data in a second NorFlash outside the main control chip of the solid state disk, establishing a trust chain by taking the first Hash value for loading the boot program as a trusted root, and performing active security measurement on a software environment depending on the boot of the solid state disk by using the measurement value, so that the trust chain of a trusted software system is established and transmitted, the stored data is used for verification when the program is started, and the security of the boot of the solid state disk is improved.
According to the solid state disk starting method, by means of the special storage mode of the starting program, the verification link is added to the loaded program or data in the starting process, the starting process can be continuously executed when the calculated metric value is verified to be passed, the starting process is actively stopped under the condition that the metric value cannot be verified, the solid state disk can only be started by using a legal and safe program, and the safety of the solid state disk is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other embodiments can be obtained by using the drawings without creative efforts.
Fig. 1 is a flowchart illustrating a method 100 for storing a boot program of a solid state disk according to an embodiment of the present invention;
FIG. 2A is a schematic diagram of a first NorFlash memory frame according to another embodiment of the present invention;
FIG. 2B is a schematic diagram of a second NorFlash memory frame according to another embodiment of the present invention;
fig. 3 is a flowchart illustrating a solid state disk boot method 200 according to another embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the following embodiments of the present invention are described in further detail with reference to the accompanying drawings.
It should be noted that all expressions using "first" and "second" in the embodiments of the present invention are used for distinguishing two entities with the same name but different names or different parameters, and it should be noted that "first" and "second" are merely for convenience of description and should not be construed as limitations of the embodiments of the present invention, and they are not described in any more detail in the following embodiments.
In an embodiment, referring to fig. 1, the present invention provides a method for storing a boot program of a solid state disk, and specifically, the method includes the following steps:
in this embodiment, the BootLoader is BootLoader, which is a first section of code executed by the embedded system after power-up, and after it completes initialization of the CPU and related hardware, the BootLoader loads an operating system image or a cured embedded application program into the memory and then jumps to a space where the operating system is located, and starts the operating system to run. The way of calculating the first hash value of the boot loader is to represent the boot loader by binary number, and the first hash value is the hash value obtained by operating the binary data by a hash algorithm.
102, storing the boot loader and the first hash value into a first NorFlash in a main control chip of the solid state disk;
in this embodiment, the first hash value may be added to the end, the beginning, or a preset intermediate position of the bootloader, and the specific position and manner of storing the first hash value and the second hash value are not limited in the present invention.
103, acquiring a starting program and starting data, and calculating a second hash value of the starting program and/or the starting data;
in this embodiment, the boot program refers to a program required when the solid state disk is started, and generally includes a firmware segment, a secondary boot segment, and a patch, the boot data refers to data required when the solid state disk is started, and generally the data includes critical data and non-critical data, and for the critical data, the data that may be modified in the boot process and data that may not be modified in the boot process are also included, in a specific implementation process, only one of the boot programs, for example, the firmware segment, may be subjected to hash calculation, only some kind of data or all data in the boot data may be subjected to hash value calculation, and certainly, second hash value calculation may be performed on each selected part of contents in the boot program and the boot data. In addition, in the specific implementation process, the hash value calculation may be performed on all the three program segments in the startup program, or one or two degree segments may be selected for the hash value calculation, as well as the selection of the startup data.
And 104, generating a metric value through a preset algorithm based on the first hash value and the second hash value, and storing the metric value, the starting program and the starting data into a second NorFlash outside the main control chip of the solid state disk.
In this embodiment, when the calculated second hash value includes a plurality of second hash values, a way of calculating the metric value step by step may be adopted, for example, a way of performing cumulative calculation in which the metric value of each program section depends on the metric value of the previous program section may be adopted, and a way of splicing the hash value of each stage with the first hash value may also be adopted, and in a specific implementation process, the second hash value may be flexibly set according to the requirement of a user and a required security level.
The method for storing the boot program of the solid state disk comprises the steps of storing a first Hash value for loading the boot program in a first NorFlash in a main control chip of the solid state disk, generating a measurement value based on a second Hash value and the first Hash value of the boot program and boot data and through a preset algorithm, storing the measurement value, the boot program and the boot data in a second NorFlash outside the main control chip of the solid state disk, establishing a trust chain by taking the first Hash value for loading the boot program as a trusted root, and performing active security measurement on a software environment depending on the boot of the solid state disk by using the measurement value, so that the trust chain of a trusted software system is established and transmitted, the stored data is used for verification when the program is started, and the security of the boot of the solid state disk is improved.
In some embodiments, the boot program includes a patch segment, a secondary boot segment, and a firmware segment, the boot data includes first critical data, second critical data, and non-critical data, where the first critical data represents data required before firmware boot, and the second critical data represents data required when firmware boot, and since the non-critical data has little influence on operations before or after the program boot, the present embodiment does not measure the non-critical data, that is, only hash values are calculated for all types of boot programs and all types of boot data except for the critical data, and the specific foregoing step 103 specifically includes the following sub-steps:
step 1031, obtaining the patch segment and calculating the hash value of the patch segment;
step 1032, acquiring the secondary boot segment and calculating a hash value of the secondary boot segment;
step 1033, obtaining the firmware segment and calculating a hash value of the firmware segment;
step 1034, acquiring the first key data and calculating a hash value of the first key data;
step 1035, obtain the second critical data and calculate a hash value of the second critical data.
In some embodiments, the foregoing step 104 specifically includes the following sub-steps:
step 1041, splicing the first hash value and the hash value of the patch segment to obtain a first metric value;
1042, splicing the first metric value and the hash value of the secondary guide segment to obtain a second metric value;
step 1043, splicing the second metric value and the hash value of the first key data to obtain a third metric value;
step 1044 of splicing the third metric value and the hash value of the firmware segment to obtain a fourth metric value;
step 1045, splicing the fourth metric value and the hash value of the second key data to obtain a fifth metric value;
step 1046, adding the first metric value, the second metric value, the third metric value, the fourth metric value, and the fifth metric value to the patch segment, the secondary boot segment, the firmware segment, the first critical data, and the second critical data according to a preset rule, and storing the added values in the second NorFlash.
In another embodiment, please refer to fig. 2A and fig. 2B, because a trust chain is to be established, it is necessary to calculate the metric value of each stage according to the boot sequence of the solid state disk, and it is not assumed that the loading sequence of the program and the data of the solid state disk is sequentially: the method for storing the boot program of the solid state disk comprises the following steps of BootLoader, a patch section, a secondary boot section, first key data, a firmware section and second key data required by firmware boot, wherein the boot program storage method of the solid state disk comprises the following steps:
(1) the manufacturer calculates the BLHash value according to the BootLoader code, the BootLoader code is only known by the manufacturer, the calculated BLHash cannot be leaked, and the credibility of the BLHash is ensured, so that a credible chain can be established by taking the BLHash as a credible root. Calculating a hash value of 1 according to the patch segment code compiled during firmware compilation, calculating a metric value of 1 according to an agreed hash algorithm (such as SM3, SHA1-256, etc.) and the following formula, and adding the metric value to the end of the patch segment. The BootLoader code and the hash value corresponding to the BootLoader code are burned into a first NorFlash in a main control chip of the solid state disk, which is specifically shown in fig. 2A.
A formula of the measurement value Hash (the measurement value of the previous stage | | | the code Hash value of the present stage);
wherein the symbol "|", indicates that two sets of data are connected together.
(2) Calculating a Hash value Hash2 according to the code of the secondary boot segment, calculating a metric value of the secondary boot segment, namely, measurement2 by using the same algorithm Hash (measurement1| | Hash2), and adding the metric value of the secondary boot segment to the tail of the secondary boot segment.
(3) According to the first key data, a Hash value Hash3 is calculated, and a metric value measure 3 of the first key data is calculated by using the same algorithm Hash (measure 2| | Hash3) and added to the end of the boot segment.
(4) And by analogy, calculating the metric values of the firmware segment and the second key data in sequence. And burning the organized codes and data into off-chip NorFlash of the solid state disk for loading and using when the SSD is started. And finally, the structure of a second NorFlash medium burnt outside the main control chip of the solid state disk is shown in FIG. 2B.
It should be noted that, in this embodiment, the non-critical data is not stored in the manner of the metric, and when the solid state disk is higher in the startup security level, the non-critical data may also be stored in the same manner after the metric of the second critical data is calculated.
The method for storing the solid state disk starting program is different from a traditional starting program storage mode, a trusted root and verification data are added when a NorFlash storage program inside and outside a main control chip is used, a verification link is required to be added when the program is started by the aid of the storage mode, metric values corresponding to all program segments and data are built and transmitted step by step, and starting safety of the solid state disk is improved.
In some embodiments, please refer to fig. 3, the present invention further provides a method for starting a solid state disk, where the solid state disk has a start program, and the start program is stored by using the method for storing the start program of the solid state disk, and the method for starting the solid state disk specifically includes the following steps:
According to the solid state disk starting method, by means of the special storage mode of the starting program, the verification link is added to the loaded program or data in the starting process, the starting process can be continuously executed when the calculated metric value is verified to be passed, the starting process is actively stopped under the condition that the metric value cannot be verified, the solid state disk can only be started by using a legal and safe program, and the safety of the solid state disk is improved.
In some embodiments, the boot program includes a patch segment, a secondary boot segment, and a firmware segment, and the boot data includes a first key data and a second key data, where the first key data represents data required before the firmware is started, and the second key data represents data required when the firmware is started.
In some embodiments, the foregoing step 202 specifically includes the following sub-steps:
step 2021, reading the patch segment from the second NorFlash and calculating the hash value of the read patch segment;
step 2022, reading the secondary boot segment from the second NorFlash and calculating a hash value of the read secondary boot segment;
step 2023, reading the firmware segment from the second NorFlash and calculating the hash value of the read firmware segment;
step 2024, reading the first critical data from the second NorFlash and calculating a hash value of the read first critical data;
step 2025, reading the second critical data from the second NorFlash and calculating the hash value of the read second critical data.
In some embodiments, the foregoing step 203 specifically includes the following sub-steps:
step 2031, splicing the first hash value and the read hash value of the patch segment to obtain a first metric value to be verified;
step 2032, for the first to-be-verified metric value and the read hash value of the secondary boot segment, to obtain a second to-be-verified metric value;
step 2033, splicing the second to-be-verified metric value and the read hash value of the first key data to obtain a third to-be-verified metric value;
step 2034, splicing the third metric value to be verified and the read hash value of the firmware segment to obtain a fourth metric value to be verified;
step 2035, the fourth to-be-verified metric value and the read hash value of the second key data are spliced to obtain a fifth to-be-verified metric value.
In some embodiments, the aforementioned step 204 comprises the following sub-steps:
step 2041, comparing the first metric value with the first metric value to be verified to determine whether the two metric values are the same;
step 2042, comparing the second metric value with the second to-be-verified metric value to determine whether the two are the same;
step 2043, comparing a third metric value with the third to-be-verified metric value to judge whether the two are the same;
step 2044, comparing the fourth metric value with the fourth metric value to be verified to determine whether the two metric values are the same;
step 2045, compare the fifth metric value with the fifth to-be-verified metric value to determine whether the two are the same.
In some embodiments, when the comparison is successful, the first metric value is the same as the first metric value to be verified, the second metric value is the same as the second metric value to be verified, the third metric value is the same as the third metric value to be verified, the fourth metric value is the same as the fourth metric value to be verified, and the fifth metric value is the same as the fifth metric value to be verified.
In another embodiment, taking the boot program using the architecture storage of fig. 2A and 2B as an example, the solid state disk boot method at this time is as follows:
(1) and starting the BootLoader, and reading the hash value BLHash of the BootLoader stored in the nonvolatile memory in the main control.
(2) Code and data are loaded from NorFlash to a designated area in DDR.
(3) Reading a patch segment code from a DDR, calculating a Hash value Hash1 (only the code is calculated during calculation, and a MEASUREMENT value MEASUREMENT1 of a fixed byte at the tail of the patch segment code is not included), calculating a MEASUREMENT value MEASUREMENT1 of the patch segment according to the Hash (BLHash | | Hash1), comparing the MEASUREMENT value MEASUREMENT1 with the MEASUREMENT value MEASUREMENT1 at the tail of the patch segment code during firmware burning, and if the MEASUREMENT value MEASUREMENT is consistent, indicating that the patch segment is not tampered. And continuing the starting process, otherwise, terminating the starting process.
(4) Reading the secondary boot segment code from the DDR, calculating a Hash value Hash2, calculating a metric value MEASUREMENT2 of the secondary boot segment according to the Hash (MEASUREMENT1| | Hash2), comparing the metric value MEASUREMENT2 with the metric value MEASUREMENT2 at the end of the secondary boot segment code when firmware is burned, and if the two metric values are consistent, indicating that the secondary boot segment is not tampered. And continuing the starting process, otherwise, terminating the starting process.
(5) Reading first key data from a DDR, calculating a Hash value Hash3 of the first key data, calculating a metric value MEASUREMENT3 of the first key data according to the Hash (MEASUREMENT2| | Hash3), comparing the metric value MEASUREMENT3 with self-contained MEASUREMENT3 during firmware burning, and if the first key data is consistent with the Hash value MEASUREMENT3, indicating that the first key data is not tampered. And continuing the starting process, otherwise, terminating the starting process.
(6) And by analogy, sequentially calculating the metric values of the firmware section and the second key data and comparing the metric values with the metric values carried by the tail, if the metric values are consistent, continuing the next flow, and otherwise, powering off to terminate the starting flow.
In addition, it should be noted that some critical data may be modified according to actual conditions (for example, second critical data) during the operation of the solid state disk, and at this time, if the critical data is updated into the second NorFlash, a new metric value needs to be recalculated according to the metric value of the previous stage and the hash value of the critical data and stored together in the second NorFlash, so as to be verified at the next power-on start.
The solid state disk starting method at least has the following beneficial technical effects: the hash value of BootLoader known only by the manufacturer is used as a credible root, and the calculation of the measurement value of each stage depends on the measurement value of the previous credible stage to determine the credibility of the stage, thereby forming a trust chain. The trust chain can acquire various codes or data influencing the credibility of the platform through a credibility measurement mechanism, and judge the credibility of the platform by comparing the data with expected data; the safety of the solid state disk starting process is guaranteed, and the starting process is prevented from being influenced by changing the data of NorFlash.
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (10)
1. A method for storing a solid state disk boot program is characterized by comprising the following steps:
acquiring a boot loader of a solid state disk and calculating a first hash value of the boot loader;
storing the boot loader and the first hash value into a first NorFlash in a main control chip of the solid state disk;
acquiring a starting program and starting data, and calculating a second hash value of the starting program and/or the starting data;
and generating a metric value through a preset algorithm based on the first hash value and the second hash value, and storing the metric value, the starting program and the starting data into a second NorFlash outside the main control chip of the solid state disk.
2. The method for storing the boot program of the solid state disk according to claim 1, wherein the boot program comprises a patch segment, a secondary boot segment and a firmware segment, and the boot data comprises a first key data and a second key data, wherein the first key data represents data required before the firmware is booted, and the second key data represents data required when the firmware is booted.
3. The method for storing the boot program of the solid state disk according to claim 2, wherein the step of obtaining the boot program and the boot data and calculating the second hash value of the boot program and/or the boot data comprises:
acquiring the patch segment and calculating the hash value of the patch segment;
acquiring the secondary guide segment and calculating the hash value of the secondary guide segment;
acquiring the firmware segment and calculating the hash value of the firmware segment;
acquiring the first key data and calculating a hash value of the first key data;
and acquiring the second key data and calculating the hash value of the second key data.
4. The method for storing the boot program of the solid state disk according to claim 3, wherein the step of generating the metric value based on the first hash value and the second hash value by a preset algorithm, and storing the metric value, the boot program, and the boot data in a second NorFlash outside the main control chip of the solid state disk comprises:
splicing the first hash value and the hash value of the patch segment to obtain a first metric value;
splicing the first metric value and the hash value of the secondary guide section to obtain a second metric value;
splicing the second metric value and the hash value of the first key data to obtain a third metric value;
splicing the third measurement value and the hash value of the firmware section to obtain a fourth measurement value;
splicing the fourth metric value and the hash value of the second key data to obtain a fifth metric value;
and adding the first metric value, the second metric value, the third metric value, the fourth metric value and the fifth metric value to the patch section, the secondary guide section, the firmware section, the first key data and the second key data respectively according to a preset rule and storing the first metric value, the second metric value, the third metric value, the fourth metric value and the fifth metric value in the second NorFlash.
5. A solid state disk boot method, characterized in that the solid state disk has a boot program, the boot program is stored by the solid state disk boot program storage method of any one of claims 1 to 4, the solid state disk boot method comprises:
reading a boot loader and a first Hash value from a first NorFlash in a main control chip of the solid state disk, and operating the boot loader;
reading a starting program and starting data from a second NorFlash outside a main control chip of the solid state disk, and calculating a third Hash value of the starting program and the starting data;
generating a metric value to be verified through a preset algorithm based on the first hash value and the third hash value;
reading the metric value from a second NorFlash outside the main control chip of the solid state disk and comparing the metric value with the metric value to be verified;
and if the comparison is successful, executing the starting process based on the starting program and the starting data, otherwise powering down the solid state disk to terminate the starting process.
6. The method for starting the solid state disk according to claim 5, wherein the boot program comprises a patch segment, a secondary boot segment and a firmware segment, and the boot data comprises first key data and second key data, wherein the first key data represents data required before the firmware is started, and the second key data represents data required when the firmware is started.
7. The method for booting the solid state disk according to claim 6, wherein the step of reading the boot program and the boot data from a second NorFlash outside the main control chip of the solid state disk and calculating a third hash value of the boot program and the boot data includes:
reading the patch segment from the second NorFlash and calculating the hash value of the read patch segment;
reading the secondary guide segment from the second NorFlash and calculating the hash value of the read secondary guide segment;
reading the firmware segment from the second NorFlash and calculating the hash value of the read firmware segment;
reading the first key data from a second NorFlash and calculating a hash value of the read first key data;
and reading the second key data from the second NorFlash and calculating the hash value of the read second key data.
8. The method for starting the solid state disk according to claim 7, wherein the step of generating the metric value to be verified through a preset algorithm based on the first hash value and the third hash value comprises:
splicing the first hash value and the read hash value of the patch section to obtain a first metric value to be verified;
obtaining a second metric value to be verified by the first metric value to be verified and the read hash value of the second guide segment;
splicing the second metric value to be verified and the read hash value of the first key data to obtain a third metric value to be verified;
splicing the third metric value to be verified and the read hash value of the firmware section to obtain a fourth metric value to be verified;
and splicing the fourth metric value to be verified and the read hash value of the second key data to obtain a fifth metric value to be verified.
9. The method for booting the solid state disk according to claim 8, wherein the step of reading the metric value from a second NorFlash outside the main control chip of the solid state disk and comparing the metric value with the metric value to be verified includes:
comparing the first metric value with the first to-be-verified metric value to judge whether the first metric value and the first to-be-verified metric value are the same;
comparing the second metric value with the second to-be-verified metric value to judge whether the two metric values are the same;
comparing the third metric value with the third to-be-verified metric value to judge whether the third metric value and the third to-be-verified metric value are the same;
comparing the fourth metric value with the fourth to-be-verified metric value to judge whether the fourth metric value and the fourth to-be-verified metric value are the same;
and comparing the fifth metric value with the fifth to-be-verified metric value to judge whether the fifth metric value and the fifth to-be-verified metric value are the same.
10. The method of claim 9, wherein when the comparison is successful, the first metric value is the same as the first metric value to be verified, the second metric value is the same as the second metric value to be verified, the third metric value is the same as the third metric value to be verified, the fourth metric value is the same as the fourth metric value to be verified, and the fifth metric value is the same as the fifth metric value to be verified.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111556487.8A CN114416145A (en) | 2021-12-17 | 2021-12-17 | Solid state disk starting program storage method and solid state disk starting method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111556487.8A CN114416145A (en) | 2021-12-17 | 2021-12-17 | Solid state disk starting program storage method and solid state disk starting method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114416145A true CN114416145A (en) | 2022-04-29 |
Family
ID=81266905
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111556487.8A Pending CN114416145A (en) | 2021-12-17 | 2021-12-17 | Solid state disk starting program storage method and solid state disk starting method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114416145A (en) |
-
2021
- 2021-12-17 CN CN202111556487.8A patent/CN114416145A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9881162B2 (en) | System and method for auto-enrolling option ROMS in a UEFI secure boot database | |
| JP6319609B2 (en) | Reliable kernel booting method and apparatus | |
| US11163886B2 (en) | Information handling system firmware bit error detection and correction | |
| US7908469B2 (en) | Method for executing power on self test on a computer system and updating SMBIOS information partially | |
| CN105205401A (en) | Trusted computer system based on safe password chip and trusted guiding method thereof | |
| KR100872175B1 (en) | Secure booting apparatus and method of mobile platform using TPM | |
| WO2021249359A1 (en) | Data integrity protection method and apparatus | |
| US20100131694A1 (en) | Secure Boot ROM Emulation | |
| CN112789574B (en) | Secure boot via system and power management microcontroller | |
| JP2015022521A (en) | Secure boot method, built-in apparatus, secure boot device and secure boot program | |
| CN113127011A (en) | Electronic device and operation method of electronic device | |
| KR101197152B1 (en) | Electronic device, electronic device system and control method thereof | |
| US20030188146A1 (en) | Method of ordered execution of firmware modules in a pre-memory execution environment | |
| KR102598510B1 (en) | Method and apparatus for verify software integrity | |
| CN100504901C (en) | Embedded type platform safety guiding mechanism supported by star-shape trust chain | |
| CN113238790B (en) | Firmware program updating method and system based on SD card and EEPROM | |
| CN113901473A (en) | Method, device and equipment for safely starting server and readable medium | |
| CN114416145A (en) | Solid state disk starting program storage method and solid state disk starting method | |
| JP5465738B2 (en) | System firmware update method and computer | |
| CN110825421A (en) | Firmware upgrading method and system and readable storage medium | |
| CN115878199A (en) | Method, device and equipment for starting operating system of chip and storage medium | |
| JP6708596B2 (en) | Electronic control device and control program verification method | |
| TW202044027A (en) | Computer system and a booting method for the same | |
| CN109254799B (en) | Boot program starting method and device and communication equipment | |
| US7490232B2 (en) | Disk device using disk to rewrite firmware and firmware determination method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |