CN114448794B - Method and device for safely upgrading firmware based on chip trusted root - Google Patents

Method and device for safely upgrading firmware based on chip trusted root Download PDF

Info

Publication number
CN114448794B
CN114448794B CN202210018072.3A CN202210018072A CN114448794B CN 114448794 B CN114448794 B CN 114448794B CN 202210018072 A CN202210018072 A CN 202210018072A CN 114448794 B CN114448794 B CN 114448794B
Authority
CN
China
Prior art keywords
image file
firmware image
firmware
key
public
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210018072.3A
Other languages
Chinese (zh)
Other versions
CN114448794A (en
Inventor
王瑾
麻付强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Suzhou Inspur Intelligent Technology Co Ltd
Original Assignee
Suzhou Inspur Intelligent Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Suzhou Inspur Intelligent Technology Co Ltd filed Critical Suzhou Inspur Intelligent Technology Co Ltd
Priority to CN202210018072.3A priority Critical patent/CN114448794B/en
Publication of CN114448794A publication Critical patent/CN114448794A/en
Application granted granted Critical
Publication of CN114448794B publication Critical patent/CN114448794B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0813Configuration setting characterised by the conditions triggering a change of settings
    • H04L41/082Configuration setting characterised by the conditions triggering a change of settings the condition being updates or upgrades of network functionality
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a method and a device for safely upgrading firmware based on a chip trusted root, belonging to the technical field of firmware safety, wherein the method comprises the following steps: selecting whether to encrypt the firmware image file according to the requirement, packaging the firmware image file according to a set format, acquiring a public and private key pair forming a key ring, signing the firmware image file package by using a ring signature algorithm according to the public and private key pair, issuing the firmware image file package, and storing each public key in a disposable key storage area of a firmware chip; when the firmware chip is required to be upgraded, acquiring each public key stored in the firmware chip; and measuring the firmware image file issued by the signature by using a ring signature verification algorithm according to each public key, and upgrading after the measurement is successful. According to the invention, the public keys are selected from the plurality of public keys to carry out ring signature verification, so that the difficulty of guessing the trusted root is improved, and the safety of the firmware chip is improved; the method for selectively encrypting the image file realizes the selective encryption algorithm and parameter and flexible application.

Description

Method and device for safely upgrading firmware based on chip trusted root
Technical Field
The invention belongs to the technical field of firmware security, and particularly relates to a method and a device for carrying out security upgrade on firmware based on a chip trusted root.
Background
ROT is an abbreviation of Root of Trust, trust Root.
In a computing and communication system, a terminal device is usually a server and a memory, and security can be effectively improved only by comprehensively taking security measures from firmware such as a chip, a main board and bottom software. The trusted computing technology is widely studied in order to solve the problem, and the basic idea is that firstly, a trust root is constructed based on a hardware security module in a system, and the credibility of the trust root is jointly ensured by physical security, technical security and management security; and establishing a trust chain from a trust root to a software and hardware platform to an operating system and to a specific application, wherein the first-level measurement authenticates the first-level, and the first-level trust extends the trust to the whole computer system, thereby ensuring the trusted starting of the whole computer system. The integrity and legality protection of the hardware, firmware software, virtualization software, operating system software and application software of the embedded terminal, storage device and server is measured at the starting time, and the falsification attack or abnormality is prevented.
One of the current popular schemes is to sign the firmware at release time using digital signature technology. The electronic equipment manufacturer generates a pair of public and private key pairs, signs the original firmware package by using the private key and then issues the mirror image package. The corresponding public key is stored in the hardware ROT or a protected section of flash. When the device upgrades the firmware, the public key used as the trusted root decrypts the signed image package to carry out signature verification, so as to prevent tampering. Only firmware packages that pass signature verification can be upgraded. The scheme solves the problem of tamper resistance in the upgrading process, but if private key leakage occurs, a server must return to a factory to upgrade a trusted root, and only one-time ROT can be replaced. And the ROT has only one for verification, the probability of being guessed is high.
The second approach that is currently popular is that the firmware chip has its own hardware trusted root, and several trusted roots, e.g., 8, can be typically stored inside it. Eight pairs of public and private key pairs are generated by an electronic equipment manufacturer, one private key is used for signing an original firmware package, and then a mirror image package is issued. The corresponding eight public keys are stored in the firmware chip as trusted roots. But is applied to the measurement and signature verification of the mirror image package by using the first trusted root to decrypt the signature when the device is started, and if the verification fails, the next trusted root is used for verification until the verification is successful or all the trusted roots are verified. And only firmware packets that pass signature verification can be properly booted by the system. The use of multiple public keys in this manner increases the difficulty of the public keys in the ROT being guessed, requiring one-by-one verification of the attempt process. However, since only one public key is actually used, the possibility of being guessed exists after verification one by one
This is a deficiency of the prior art, and therefore, it is necessary to provide a method and apparatus for securely upgrading firmware based on a chip trusted root.
Disclosure of Invention
Aiming at the defects that the prior method for storing the public key in the disposable key storage area is guessed and the firmware upgrading process is tampered and potential safety hazards exist in the prior art, the invention provides a method and a device for safely upgrading firmware based on a chip trusted root, and aims to solve the technical problems.
In a first aspect, the present invention provides a method for securely upgrading firmware based on a chip trusted root, including the steps of:
s1, selecting whether to encrypt a firmware image file according to requirements, packaging the firmware image file according to a set format, acquiring a public and private key pair forming a key ring, signing the firmware image file package by using a ring signature algorithm according to the public and private key pair, issuing the firmware image file package, and storing each public key in a disposable key storage area of a firmware chip;
s2, when the firmware chip is required to be upgraded, acquiring each public key stored in a disposable key storage area in the firmware chip;
S3, verifying the firmware image file issued by the signature by using a ring signature verification algorithm according to each public key, and upgrading the firmware image file after the measurement is successful.
Further, the specific steps of step S1 are as follows:
s11, acquiring a firmware mirror image file, a file key and parameter information; the parameter information is provided with a digest algorithm, an encryption algorithm and a ciphertext key1 of the file key;
s12, judging whether the encryption algorithm of the parameter information is empty or not;
if yes, go to step S14;
if not, go to step S13;
s13, encrypting the firmware image file by using a file key and an encryption algorithm in the parameter information, calculating the encrypted firmware image file and the parameter information by using a hash algorithm to obtain a firmware image file abstract value, and entering step S15;
s14, calculating the firmware image file and the parameter information by using a hash algorithm to obtain a firmware image file abstract value;
s15, a public and private key pair generated by a key management system is obtained, and a signature value is generated after the digest value of the firmware image file is signed according to a ring signature algorithm by using the public and private key pair;
s16, assembling a firmware image file package according to the formats of the firmware image file, the parameter information and the signature value, and publishing the firmware image file package;
S17, storing public key2 of public and private key centering measurement public key and decryption ciphertext key1 corresponding to an encryption algorithm into a firmware chip according to a certain sequence. The encryption algorithm is used for realizing the encryption options of the firmware image file, when the encryption algorithm exists, the firmware image file needs to be encrypted, and when the encryption algorithm does not exist, the firmware image file does not need to be encrypted, so that the flexibility of the encryption of the firmware image file is realized, the encryption algorithm is flexible, the parameter information is flexible, and whether the encryption is selected or not is flexible; the ring signature algorithm uses a ring sequence consisting of a private key and a plurality of public keys to sign; whether encryption algorithm exists in the encryption parameters or not, the public key2 corresponding to the decrypted ciphertext key1 is stored in the one-time key storage area together with the measured public key, and when the firmware chip cannot be burned after leaving the factory, whether the firmware image file is encrypted or not can be flexibly selected according to whether the encryption algorithm is added in the encryption parameters or not.
Further, the specific steps of step S15 are as follows:
s151, acquiring N measurement public and private key pairs forming a key ring generated by a key management system, and taking M measurement public keys and a K measurement private key participating in signature out of the N measurement public keys according to a preset measurement public key selection algorithm;
S152, forming a sequence ring by the M measurement public keys and the K measurement private keys, and generating a signature value after ring signing the digest value by adopting a parameter information encryption algorithm. The algorithm for extracting M public and private keys from N public key pairs can determine how to extract the information according to the release time of the version, the product model number, the service life of the device and the like. During the product life cycle, different M may be extracted.
Further, the specific steps of step S16 are as follows:
s161, judging whether a parameter information encryption algorithm is empty or not;
if yes, go to step S162;
if not, go to step S163;
s162, assembling a firmware image file packet according to the formats of the firmware image file, the parameter information and the signature value, and entering step S164;
s163, assembling a firmware image file packet according to the format of the encrypted firmware image file, the parameter information and the signature value;
s164, publishing the firmware image file package. When the firmware image file is selected to be encrypted, the firmware image file is encrypted in the issued firmware image file package, and when the firmware image file is selected not to be encrypted, the firmware image file is in the issued firmware image file package.
Further, in step S1, a trusted root management module is provided in the firmware chip;
The trusted root management module comprises a one-time key storage area, a one-time key control area, a microcontroller and a ROM area;
the disposable key storage area stores the measurement public key in a burning mode;
and when the encryption algorithm in the parameter information is not empty, the public key2 of the decryption key1 is also stored in the one-time key storage area. If the design version is issued, the encryption function is included, that is, when the encryption algorithm in the parameter information is not empty, the public key2 of the decryption key1 is burnt in the one-time key storage area together with the metric public key.
Further, the specific steps of step S2 are as follows:
s21, when firmware chip upgrading is required, acquiring a published firmware image file packet, and storing the firmware image file packet into a flash temporary zone of the BMC;
s22, accessing the disposable key storage area through the disposable key control area by the microcontroller, and reading all public keys in the disposable key storage area. The disposable key storage area is burnt before the product leaves the factory, write protection is opened after the product leaves the factory, the disposable key storage area can not be modified, the public key in the disposable key storage area can not be directly accessed through a Jtag port or firmware, and the disposable key storage area must be accessed through a disposable key control area.
Further, the specific steps of step S3 are as follows:
s31, taking out a firmware image file signature value from the firmware image file packet;
s32, M measurement public keys are taken out from N measurement public keys read from the disposable key storage area according to a preset public key selection algorithm, and signature verification is carried out on the firmware image file signature value by using the M measurement public keys and a ring signature verification algorithm to generate a signature verification abstract value;
s33, taking out the firmware image file and the parameter information from the firmware image file packet, and performing hash calculation by using a preset digest algorithm to obtain a digest value to be verified;
s34, comparing whether the digest value of the tag verification is consistent with the digest value to be verified, and upgrading the firmware by using the firmware image file when the digest value is consistent with the digest value to be verified. The N public and private key pairs of the ring signature are extracted from M public key selection algorithms according to the preset, M is changed, and the signature values of the issuing packets are different according to the strategy.
Further, the specific steps of step S34 are as follows:
s341, comparing whether the summary value of the tag verification is consistent with the summary value to be verified;
if so, go to step S342;
if not, go to step S347;
s342, judging that the firmware image file measurement is successful;
s343, restarting the BMC chip, and judging whether ciphertext key1 exists in the parameter information;
If yes, go to step S344;
if not, go to step S345;
s344, in the starting process, storing the encrypted firmware image file into an internal SRAM, acquiring a public key2 from a disposable key storage area, decrypting the ciphertext key1 through the public key2 to obtain a file key, decrypting the firmware image file through the file key to obtain the firmware image file, and entering step S346;
s345, storing the firmware image file into an internal SRAM in the starting process;
s346, upgrading firmware through the firmware image file, and entering step S348;
s347, judging that the firmware image file fails in measurement;
s348, recording the firmware chip upgrading measurement result into a log. The firmware image file which passes through the one-time key storage area measurement can be upgraded, so that the firmware image file is prevented from being tampered, and potential safety hazards of firmware chip upgrading are avoided.
In a second aspect, the present invention provides a device for securely upgrading firmware based on a chip trusted root, comprising the steps of:
the firmware image file packaging unit is used for selecting whether to encrypt the firmware image file according to the requirement, packaging the firmware image file according to a set format, acquiring a public key pair forming a key ring, signing the firmware image file package by using a ring signature algorithm according to the public key pair, issuing the firmware image file package, and storing each public key in a disposable key storage area of the firmware chip;
The public key acquisition unit is used for acquiring each public key stored in the one-time key storage area in the firmware chip when the firmware chip is required to be upgraded;
and the firmware image file signing verification unit is used for verifying the firmware image file issued by the signature by using a ring signature verification algorithm according to each public key, and upgrading the firmware image file after the measurement is successful.
Further, the firmware image file packaging unit includes:
the firmware image file and parameter information acquisition subunit is used for acquiring the firmware image file, the file key and the parameter information; the parameter information is provided with a digest algorithm, an encryption algorithm and a ciphertext key1 of the file key;
an encryption selection judging subunit, configured to judge whether the encryption algorithm for the parameter information is null;
the first calculating subunit of the abstract value is used for encrypting the firmware image file by using the file key and the encryption algorithm in the parameter information when the encryption algorithm in the parameter information is not empty, and calculating the encrypted firmware image file and the parameter information by using the hash algorithm to obtain the abstract value of the firmware image file;
the second calculation subunit of the abstract value is used for calculating the firmware image file and the parameter information by using a hash algorithm when the parameter information encryption algorithm is empty, so as to obtain the abstract value of the firmware image file;
The signature value generation subunit is used for acquiring the public and private key pair generated by the key management system, and generating a signature value after signing the firmware image file abstract value according to the ring signature algorithm by using the public and private key pair;
the firmware image file package release subunit is used for assembling the firmware image file package according to the formats of the firmware image file, the parameter information and the signature value and releasing the firmware image file package;
the key storage subunit is used for storing the public key2 of the public key centering measurement public key and the decryption ciphertext key1 corresponding to the encryption algorithm into the firmware chip according to a certain sequence;
the public key acquisition unit includes:
the firmware image file packet storage subunit is used for acquiring the issued firmware image file packet and storing the firmware image file packet in the flash temporary zone of the BMC when the firmware chip is required to be upgraded;
the public key reading subunit is used for accessing the disposable key storage area through the disposable key control area by the microcontroller and reading all public keys in the disposable key storage area;
the firmware image file verification unit comprises:
a signature value extraction subunit, configured to extract a firmware image file signature value from the firmware image file packet;
the signature verification digest value generation subunit is used for taking out M measurement public keys from N measurement public keys read from the one-time key storage area according to a preset public key selection algorithm, and performing signature verification on the firmware image file signature value by using the M measurement public keys and a ring signature verification algorithm to generate a signature verification digest value;
The to-be-verified summary value generation subunit is used for taking out the firmware image file and the parameter information from the firmware image file package, and performing hash calculation by using a predetermined summary algorithm to obtain the to-be-verified summary value;
and the firmware upgrading subunit is used for comparing whether the verification signature digest value is consistent with the digest value to be verified or not, and upgrading the firmware by using the firmware image file when the verification signature digest value is consistent with the digest value to be verified.
The invention has the advantages that,
according to the method and the device for safely upgrading the firmware based on the chip trusted root, M public keys in N public keys stored in the firmware chip are used, and the ring signature algorithm is adopted to verify the firmware image file, so that the difficulty in guessing the public key is improved, the possibility of tampering the firmware image file is reduced, the security of the firmware chip is improved, and meanwhile, the uniqueness of a summary algorithm and an asymmetric encryption algorithm is not limited in the firmware chip; meanwhile, an optional firmware image file encryption method is provided, and the encryption algorithm is optional, encryption parameters are optional and flexible application is realized through parameter information transmission.
In addition, the invention has reliable design principle, simple structure and very wide application prospect.
It can be seen that the present invention has outstanding substantial features and significant advances over the prior art, as well as the benefits of its implementation.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required to be used in the description of the embodiments or the prior art will be briefly described below, and it will be obvious to those skilled in the art that other drawings can be obtained from these drawings without inventive effort.
Fig. 1 is a flow chart of an embodiment 1 of a method for securely upgrading firmware based on a chip trusted root of the present invention.
Fig. 2 is a flow chart of embodiment 2 of a method for securely upgrading firmware based on a chip trusted root of the present invention.
Fig. 3 is a schematic diagram of a device for securely upgrading firmware based on a chip trusted root according to the present invention.
In the figure, 1-a firmware image file packaging unit; 1.1-a firmware image file and a parameter information acquisition subunit; 1.2-an encryption selection judgment subunit; 1.3-digest-value first calculation subunit; 1.4-digest-value second calculation subunit; 1.5-signature value generation subunit; 1.6-firmware image package publishing subunit; 1.7-a key storage subunit; 2-a public key acquisition unit; 2.1-firmware image package storage subunit; 2.2-public key reading subunit; 3-a firmware mirror image file signature verification unit; 3.1-signature value retrieval subunit; 3.2-a signature summary value generation subunit; 3.3-generating a subunit for generating the abstract value to be checked; 3.4-firmware upgrade sub-unit.
Detailed Description
In order to make the technical solution of the present invention better understood by those skilled in the art, the technical solution of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present invention without making any inventive effort, shall fall within the scope of the present invention.
Example 1:
as shown in fig. 1, the invention provides a method for safely upgrading firmware based on a chip trusted root, which comprises the following steps:
s1, selecting whether to encrypt a firmware image file according to requirements, packaging the firmware image file according to a set format, acquiring a public and private key pair forming a key ring, signing the firmware image file package by using a ring signature algorithm according to the public and private key pair, issuing the firmware image file package, and storing each public key in a disposable key storage area of a firmware chip;
s2, when the firmware chip is required to be upgraded, acquiring each public key stored in a disposable key storage area in the firmware chip;
S3, verifying the firmware image file issued by the signature by using a ring signature verification algorithm according to each public key, and upgrading the firmware image file after the measurement is successful.
Example 2:
as shown in fig. 2, the invention provides a method for safely upgrading firmware based on a chip trusted root, which comprises the following steps:
s1, selecting whether to encrypt a firmware image file according to requirements, packaging the firmware image file according to a set format, acquiring a public and private key pair forming a key ring, signing the firmware image file package by using a ring signature algorithm according to the public and private key pair, issuing the firmware image file package, and storing each public key in a disposable key storage area of a firmware chip; the method comprises the following specific steps:
s11, acquiring a firmware mirror image file, a file key and parameter information; the parameter information is provided with a digest algorithm, an encryption algorithm and a ciphertext key1 of the file key;
s12, judging whether the encryption algorithm of the parameter information is empty or not;
if yes, go to step S14;
if not, go to step S13;
s13, encrypting the firmware image file by using a file key and an encryption algorithm in the parameter information, calculating the encrypted firmware image file and the parameter information by using a hash algorithm to obtain a firmware image file abstract value, and entering step S15;
S14, calculating the firmware image file and the parameter information by using a hash algorithm to obtain a firmware image file abstract value;
s15, a public and private key pair generated by a key management system is obtained, and a signature value is generated after the digest value of the firmware image file is signed according to a ring signature algorithm by using the public and private key pair; the method comprises the following specific steps:
s151, acquiring N measurement public and private key pairs forming a key ring generated by a key management system, and taking M measurement public keys and a K measurement private key participating in signature out of the N measurement public keys according to a preset measurement public key selection algorithm;
s152, forming a sequence ring by M measurement public keys and a Kth measurement private key, and generating a signature value after ring signing the abstract value by adopting a parameter information encryption algorithm; the algorithm for extracting M public and private keys from N public key pairs can determine how to extract the information according to the release time of the version, the product model number, the service life of the device and the like. Different M can be extracted during the product life cycle;
s16, assembling a firmware image file package according to the formats of the firmware image file, the parameter information and the signature value, and publishing the firmware image file package; the method comprises the following specific steps:
s161, judging whether a parameter information encryption algorithm is empty or not;
If yes, go to step S162;
if not, go to step S163;
s162, assembling a firmware image file packet according to the formats of the firmware image file, the parameter information and the signature value, and entering step S164;
s163, assembling a firmware image file packet according to the format of the encrypted firmware image file, the parameter information and the signature value;
s164, publishing the firmware mirror image file package; when the firmware image file is selected to be encrypted, the firmware image file is encrypted in the issued firmware image file package, and when the firmware image file is selected not to be encrypted, the firmware image file is in the issued firmware image file package;
s17, storing public key2 of public and private key centering measurement public keys and decryption ciphertext key1 corresponding to an encryption algorithm into a firmware chip according to a certain sequence; the encryption algorithm is used for realizing the encryption options of the firmware image file, when the encryption algorithm exists, the firmware image file needs to be encrypted, and when the encryption algorithm does not exist, the firmware image file does not need to be encrypted, so that the flexibility of the encryption of the firmware image file is realized, the encryption algorithm is flexible, the parameter information is flexible, and whether the encryption is selected or not is flexible; the ring signature algorithm uses a ring sequence consisting of a private key and a plurality of public keys to sign; whether an encryption algorithm exists in the encryption parameters or not, the public key2 corresponding to the decrypted ciphertext key1 is stored in a one-time key storage area together with the measured public key, and when a firmware chip cannot be burned after leaving a factory, whether the firmware image file is encrypted or not can be flexibly selected according to whether the encryption algorithm is added in the encryption parameters or not;
A trusted root management module is arranged in the firmware chip;
the trusted root management module comprises a one-time key storage area, a one-time key control area, a microcontroller and a ROM area;
the disposable key storage area stores the measurement public key in a burning mode;
when the encryption algorithm in the parameter information is not empty, the public key2 of the decryption key1 is also stored in the one-time key storage area; if the design version is issued, the encryption function is included, namely when the encryption algorithm in the parameter information is not empty, the public key2 of the decryption key1 and the measurement public key are burnt in the disposable key storage area;
s2, when the firmware chip is required to be upgraded, acquiring each public key stored in a disposable key storage area in the firmware chip; the method comprises the following specific steps:
s21, when firmware chip upgrading is required, acquiring a published firmware image file packet, and storing the firmware image file packet into a flash temporary zone of the BMC;
s22, accessing a disposable key storage area through a disposable key control area by a microcontroller, and reading all public keys in the disposable key storage area; the disposable key storage area is burnt before the product leaves the factory, write protection is opened after the product leaves the factory, the disposable key storage area cannot be modified, a public key in the disposable key storage area cannot be directly accessed through a Jtag port or firmware, and the disposable key storage area must be accessed through a disposable key control area;
S3, verifying the firmware image file issued by the signature by using a ring signature verification algorithm according to each public key, and upgrading the firmware image file after the measurement is successful; the method comprises the following specific steps:
s31, taking out a firmware image file signature value from the firmware image file packet;
s32, M measurement public keys are taken out from N measurement public keys read from the disposable key storage area according to a preset public key selection algorithm, and signature verification is carried out on the firmware image file signature value by using the M measurement public keys and a ring signature verification algorithm to generate a signature verification abstract value;
s33, taking out the firmware image file and the parameter information from the firmware image file packet, and performing hash calculation by using a preset digest algorithm to obtain a digest value to be verified;
s34, comparing whether the summary value of the tag verification is consistent with the summary value to be verified, and upgrading the firmware by using the firmware image file when the summary value is consistent with the summary value to be verified; the N public and private key pairs of the ring signature are extracted from M according to a preset public key selection algorithm, M is changed, and signature values of the issuing package are different according to a strategy; the method comprises the following specific steps:
s341, comparing whether the summary value of the tag verification is consistent with the summary value to be verified;
if so, go to step S342;
if not, go to step S347;
S342, judging that the firmware image file measurement is successful;
s343, restarting the BMC chip, and judging whether ciphertext key1 exists in the parameter information;
if yes, go to step S344;
if not, go to step S345;
s344, in the starting process, storing the encrypted firmware image file into an internal SRAM, acquiring a public key2 from a disposable key storage area, decrypting the ciphertext key1 through the public key2 to obtain a file key, decrypting the firmware image file through the file key to obtain the firmware image file, and entering step S346;
s345, storing the firmware image file into an internal SRAM in the starting process;
s346, upgrading firmware through the firmware image file, and entering step S348;
s347, judging that the firmware image file fails in measurement;
s348, recording a firmware chip upgrading measurement result into a log;
the firmware image file which passes through the one-time key storage area measurement can be upgraded, so that the firmware image file is prevented from being tampered, and potential safety hazards of firmware chip upgrading are avoided.
Example 3:
as shown in fig. 2, the invention provides a method for safely upgrading firmware based on a chip trusted root, which comprises the following steps:
s1, selecting whether to encrypt a firmware image file according to requirements, packaging the firmware image file according to a set format, acquiring a public and private key pair forming a key ring, signing the firmware image file package by using a ring signature algorithm according to the public and private key pair, issuing the firmware image file package, and storing each public key in a disposable key storage area of a firmware chip; the method comprises the following specific steps:
S11, acquiring a firmware mirror image file, a file key and parameter information; the parameter information is provided with a digest algorithm, an encryption algorithm and a ciphertext key1 of the file key;
s12, judging whether the encryption algorithm of the parameter information is empty or not;
if yes, go to step S14;
if not, go to step S13;
s13, encrypting the firmware image file by using a file key and an encryption algorithm in the parameter information, calculating the encrypted firmware image file and the parameter information by using a hash algorithm to obtain a firmware image file abstract value, and entering step S15;
s14, calculating the firmware image file and the parameter information by using a hash algorithm to obtain a firmware image file abstract value;
s15, a public and private key pair generated by a key management system is obtained, and a signature value is generated after the digest value of the firmware image file is signed according to a ring signature algorithm by using the public and private key pair; the method comprises the following specific steps:
s151, acquiring N measurement public and private key pairs forming a key ring generated by a key management system, and taking M measurement public keys and a K measurement private key participating in signature out of the N measurement public keys according to a preset measurement public key selection algorithm;
s152, forming a sequence ring by M measurement public keys and a Kth measurement private key, and generating a signature value after ring signing the abstract value by adopting a parameter information encryption algorithm;
The algorithm for carrying out one-way hash calculation on the firmware image file and the parameter information can be a sha256 digest algorithm or a sha384 digest algorithm, the private key signature in the ring signature algorithm can be an RAS asymmetric encryption algorithm or an elliptic curve digital algorithm, and the encryption algorithm can be an AES256 or 3DES and the like, or an ASE256 algorithm or an IV algorithm; taking sha384 digest algorithm and RAS asymmetric encryption algorithm as examples, RAS public key is stored in the one-time key storage area; taking ASE256 or IV algorithm as an example of an encryption algorithm, if a firmware image file is issued after being encrypted, the used encryption algorithm and IV value are recorded in parameter information and are decrypted before the firmware is upgraded, and the symmetrical encryption algorithm and the IV value are not fixed and are selected according to the design of a client;
before the firmware image file is released, firstly, carrying out sha384 abstract calculation on the firmware image file and parameter information to obtain an abstract value, namely abstract value=sha (firmware image file+parameter information);
the equipment manufacturer produces N public and private key pairs, wherein M public and private key pairs are extracted according to a preset public key selection algorithm to form a ring U, the algorithm for extracting M public and private keys from the N public key pairs can be determined according to information such as release time of versions, product types, service life of equipment and the like, when the equipment runs for a few years in a production network, the newly released firmware versions can re-extract M public keys, and the service frequency of the actual public and private key pairs is reduced; given a ring The public-private key pair for each user in the ring is (+.>) I=1, 2, …, m; n RSA public-private keys may be generated herein by the equipment manufacturer to form a ring; will->I=1, 2, …, n; stored inside the one-time key store,/-, a->I=1, 2, …, n; the method is safely stored in a manufacturer;
ring-sign algorithm whose input is the message q to be signed, public key of all members in the ringI=1, 2, …, m; private key of true signer->Its output->The ring signature delta of the message q is the signature value,the message q to be signed is the abstract value of the firmware image file;
s16, assembling a firmware image file package according to the formats of the firmware image file, the parameter information and the signature value, and publishing the firmware image file package; the method comprises the following specific steps:
s161, judging whether a parameter information encryption algorithm is empty or not;
if yes, go to step S162;
if not, go to step S163;
s162, assembling a firmware image file packet according to the formats of the firmware image file, the parameter information and the signature value, and entering step S164;
s163, assembling a firmware image file packet according to the format of the encrypted firmware image file, the parameter information and the signature value;
s164, publishing the firmware mirror image file package;
S17, storing public key2 of public and private key centering measurement public keys and decryption ciphertext key1 corresponding to an encryption algorithm into a firmware chip according to a certain sequence;
a trusted root management module is arranged in the firmware chip;
the trusted root management module comprises a one-time key storage area, a one-time key control area, a microcontroller and a ROM area;
the disposable key storage area stores the measurement public key in a burning mode;
when the encryption algorithm in the parameter information is not empty, the public key2 of the decryption key1 is also stored in the one-time key storage area;
s2, when the firmware chip is required to be upgraded, acquiring each public key stored in a disposable key storage area in the firmware chip; the method comprises the following specific steps:
s21, when firmware chip upgrading is required, acquiring a published firmware image file packet, and storing the firmware image file packet into a flash temporary zone of the BMC;
s22, accessing a disposable key storage area through a disposable key control area by a microcontroller, and reading all public keys in the disposable key storage area;
s3, verifying the firmware image file issued by the signature by using a ring signature verification algorithm according to each public key, and upgrading the firmware image file after the measurement is successful; the method comprises the following specific steps:
s31, taking out a firmware image file signature value from the firmware image file packet;
S32, M measurement public keys are taken out from N measurement public keys read from the disposable key storage area according to a preset public key selection algorithm, and signature verification is carried out on the firmware image file signature value by using the M measurement public keys and a ring signature verification algorithm to generate a signature verification abstract value;
s33, taking out the firmware image file and the parameter information from the firmware image file packet, and performing hash calculation by using a preset digest algorithm to obtain a digest value to be verified;
s34, comparing whether the summary value of the tag verification is consistent with the summary value to be verified, and upgrading the firmware by using the firmware image file when the summary value is consistent with the summary value to be verified; the method comprises the following specific steps:
s341, comparing whether the summary value of the tag verification is consistent with the summary value to be verified;
if so, go to step S342;
if not, go to step S347;
s342, judging that the firmware image file measurement is successful;
s343, restarting the BMC chip, and judging whether ciphertext key1 exists in the parameter information;
if yes, go to step S344;
if not, go to step S345;
s344, in the starting process, storing the encrypted firmware image file into an internal SRAM, acquiring a public key2 from a disposable key storage area, decrypting the ciphertext key1 through the public key2 to obtain a file key, decrypting the firmware image file through the file key to obtain the firmware image file, and entering step S346;
S345, storing the firmware image file into an internal SRAM in the starting process;
s346, upgrading firmware through the firmware image file, and entering step S348;
s347, judging that the firmware image file fails in measurement;
s348, recording a firmware chip upgrading measurement result into a log;
ring-verify algorithm ring-verify whose input is the message signature to be verified (q, delta), q being the digest value, delta being the signature value, public keys of all members in the ringI=1, 2, …, m; its output is 0 or 1, where 1 indicates that the signature value is valid, 0 indicates that the signature value is invalid, and the record acts as: 1or0 = ring-verify ()>)。
Example 4:
as shown in fig. 3, the present invention provides a device for securely upgrading firmware based on a chip trusted root, comprising the following steps:
the firmware image file packaging unit 1 is used for selecting whether to encrypt the firmware image file according to requirements, packaging the firmware image file according to a set format, obtaining a public and private key pair forming a key ring, signing the firmware image file package by using a ring signature algorithm according to the public and private key pair, publishing the firmware image file package, and storing each public key in a disposable key storage area of a firmware chip; the firmware image file packaging unit 1 includes:
The firmware image file and parameter information obtaining subunit 1.1 is used for obtaining the firmware image file, the file key and the parameter information; the parameter information is provided with a digest algorithm, an encryption algorithm and a ciphertext key1 of the file key;
an encryption selection judging subunit 1.2, configured to judge whether the encryption algorithm in the parameter information is null;
the first calculating subunit 1.3 of the digest value is used for encrypting the firmware image file by using the file key and the encryption algorithm in the parameter information when the encryption algorithm in the parameter information is not empty, and calculating the encrypted firmware image file and the parameter information by using the hash algorithm to obtain the digest value of the firmware image file;
the second calculating subunit 1.4 of the abstract value is used for calculating the firmware image file and the parameter information by using a hash algorithm when the encryption algorithm of the parameter information is empty, so as to obtain the abstract value of the firmware image file;
the signature value generation subunit 1.5 is used for acquiring a public and private key pair generated by the key management system, signing the firmware image file abstract value according to a ring signature algorithm by using the public and private key pair, and generating a signature value;
a firmware image file package publishing subunit 1.6, configured to assemble a firmware image file package according to the formats of the firmware image file, the parameter information and the signature value, and publish the firmware image file package;
The key storage subunit 1.7 is used for storing the public key2 of the public key centering measurement public key and the decryption ciphertext key1 corresponding to the encryption algorithm into the firmware chip according to a certain sequence;
a public key obtaining unit 2, configured to obtain each public key stored in a one-time key storage area in a firmware chip when a firmware chip update is required; the public key acquisition unit 2 includes:
the firmware image file packet storage subunit 2.1 is used for acquiring the issued firmware image file packet and storing the firmware image file packet in a flash temporary zone of the BMC when the firmware chip is required to be upgraded;
the public key reading subunit 2.2 is used for accessing the one-time key storage area through the one-time key control area by the microcontroller and reading all public keys in the one-time key storage area;
the firmware image file verification unit 3 is used for verifying the firmware image file issued by the signature by using a ring signature verification algorithm according to each public key, and upgrading the firmware image file after the measurement is successful; the firmware image file verification unit 3 includes:
a signature value extraction subunit 3.1, configured to extract a firmware image file signature value from the firmware image file packet;
the signature verification digest value generation subunit 3.2 is configured to take out M measurement public keys from the N measurement public keys read from the one-time key storage area according to a preset public key selection algorithm, and perform signature verification on the firmware image file signature value by using the M measurement public keys and a ring signature verification algorithm to generate a signature verification digest value;
The to-be-verified summary value generation subunit 3.3 is configured to take out a firmware image file and parameter information from the firmware image file packet, and perform hash computation by using a predetermined summary algorithm to obtain a to-be-verified summary value;
and the firmware upgrading subunit 3.4 is used for comparing whether the verification tag digest value is consistent with the digest value to be verified, and upgrading the firmware by using the firmware image file when the verification tag digest value is consistent with the digest value to be verified.
Although the present invention has been described in detail by way of preferred embodiments with reference to the accompanying drawings, the present invention is not limited thereto. Various equivalent modifications and substitutions may be made in the embodiments of the present invention by those skilled in the art without departing from the spirit and scope of the present invention, and it is intended that all such modifications and substitutions be within the scope of the present invention/be within the scope of the present invention as defined by the appended claims. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (8)

1. The method for safely upgrading the firmware based on the chip trusted root is characterized by comprising the following steps:
S1, selecting whether to encrypt a firmware image file according to requirements, packaging the firmware image file according to a set format, acquiring a public and private key pair forming a key ring, signing the firmware image file package by using a ring signature algorithm according to the public and private key pair, issuing the firmware image file package, and storing each public key in a disposable key storage area of a firmware chip; the specific steps of the step S1 are as follows:
s11, acquiring a firmware mirror image file, a file key and parameter information; the parameter information is provided with a digest algorithm, an encryption algorithm and a ciphertext key1 of the file key;
s12, judging whether the encryption algorithm of the parameter information is empty or not;
if yes, go to step S14;
if not, go to step S13;
s13, encrypting the firmware image file by using a file key and an encryption algorithm in the parameter information, calculating the encrypted firmware image file and the parameter information by using a hash algorithm to obtain a firmware image file abstract value, and entering step S15;
s14, calculating the firmware image file and the parameter information by using a hash algorithm to obtain a firmware image file abstract value;
s15, a public and private key pair generated by a key management system is obtained, and a signature value is generated after the digest value of the firmware image file is signed according to a ring signature algorithm by using the public and private key pair; the specific steps of step S15 are as follows:
S151, acquiring N measurement public and private key pairs forming a key ring generated by a key management system, and taking M measurement public keys and a K measurement private key participating in signature out of the N measurement public keys according to a preset measurement public key selection algorithm;
s152, forming a sequence ring by M measurement public keys and a Kth measurement private key, and generating a signature value after ring signing the abstract value by adopting a parameter information encryption algorithm;
s16, assembling a firmware image file package according to the formats of the firmware image file, the parameter information and the signature value, and publishing the firmware image file package;
s17, storing public key2 of public and private key centering measurement public keys and decryption ciphertext key1 corresponding to an encryption algorithm into a firmware chip according to a certain sequence;
s2, when the firmware chip is required to be upgraded, acquiring each public key stored in a disposable key storage area in the firmware chip;
s3, verifying the firmware image file issued by the signature by using a ring signature verification algorithm according to each public key, and upgrading the firmware image file after the measurement is successful.
2. The method for securely upgrading firmware based on chip trusted root as claimed in claim 1, wherein step S16 comprises the specific steps of:
S161, judging whether a parameter information encryption algorithm is empty or not;
if yes, go to step S162;
if not, go to step S163;
s162, assembling a firmware image file packet according to the formats of the firmware image file, the parameter information and the signature value, and entering step S164;
s163, assembling a firmware image file packet according to the format of the encrypted firmware image file, the parameter information and the signature value;
s164, publishing the firmware image file package.
3. The method for safely upgrading firmware based on chip trusted root as claimed in claim 2, wherein in step S1, a trusted root management module is provided in the firmware chip;
the trusted root management module comprises a one-time key storage area, a one-time key control area, a microcontroller and a ROM area;
the disposable key storage area stores the measurement public key in a burning mode;
and when the encryption algorithm in the parameter information is not empty, the public key2 of the decryption key1 is also stored in the one-time key storage area.
4. The method for securely upgrading firmware based on chip trusted root as claimed in claim 3, wherein step S2 comprises the specific steps of:
s21, when firmware chip upgrading is required, acquiring a published firmware image file packet, and storing the firmware image file packet into a flash temporary zone of the BMC;
S22, accessing the disposable key storage area through the disposable key control area by the microcontroller, and reading all public keys in the disposable key storage area.
5. The method for securely upgrading firmware based on chip trusted root as claimed in claim 4, wherein step S3 comprises the specific steps of:
s31, taking out a firmware image file signature value from the firmware image file packet;
s32, M measurement public keys are taken out from N measurement public keys read from the disposable key storage area according to a preset public key selection algorithm, and signature verification is carried out on the firmware image file signature value by using the M measurement public keys and a ring signature verification algorithm to generate a signature verification abstract value;
s33, taking out the firmware image file and the parameter information from the firmware image file packet, and performing hash calculation by using a preset digest algorithm to obtain a digest value to be verified;
s34, comparing whether the digest value of the tag verification is consistent with the digest value to be verified, and upgrading the firmware by using the firmware image file when the digest value is consistent with the digest value to be verified.
6. The method for securely upgrading firmware based on chip trusted roots as claimed in claim 5, wherein step S34 comprises the specific steps of:
s341, comparing whether the summary value of the tag verification is consistent with the summary value to be verified;
If so, go to step S342;
if not, go to step S347;
s342, judging that the firmware image file measurement is successful;
s343, restarting the BMC chip, and judging whether ciphertext key1 exists in the parameter information;
if yes, go to step S344;
if not, go to step S345;
s344, in the starting process, storing the encrypted firmware image file into an internal SRAM, acquiring a public key2 from a disposable key storage area, decrypting the ciphertext key1 through the public key2 to obtain a file key, decrypting the firmware image file through the file key to obtain the firmware image file, and entering step S346;
s345, storing the firmware image file into an internal SRAM in the starting process;
s346, upgrading firmware through the firmware image file, and entering step S348;
s347, judging that the firmware image file fails in measurement;
s348, recording the firmware chip upgrading measurement result into a log.
7. The device for safely upgrading the firmware based on the chip trusted root is characterized by comprising the following steps:
the firmware image file packaging unit (1) is used for selecting whether to encrypt the firmware image file according to requirements, packaging the firmware image file according to a set format, obtaining a public and private key pair forming a key ring, signing the firmware image file package by using a ring signature algorithm according to the public and private key pair, then issuing the firmware image file package, and storing each public key in a disposable key storage area of a firmware chip; the firmware image file packaging unit (1) includes:
A firmware image file and parameter information acquisition subunit (1.1) for acquiring the firmware image file, the file key and the parameter information; the parameter information is provided with a digest algorithm, an encryption algorithm and a ciphertext key1 of the file key;
an encryption selection judging subunit (1.2) for judging whether the encryption algorithm of the parameter information is empty;
a first calculation subunit (1.3) of summary value, which is used for encrypting the firmware image file by using the file key and the encryption algorithm in the parameter information when the encryption algorithm of the parameter information is not empty, and calculating the encrypted firmware image file and the parameter information by using the hash algorithm to obtain the summary value of the firmware image file;
the second calculating subunit (1.4) of the abstract value is used for calculating the firmware image file and the parameter information by using a hash algorithm when the encryption algorithm of the parameter information is empty, so as to obtain the abstract value of the firmware image file;
a signature value generation subunit (1.5) for acquiring a public and private key pair generated by the key management system, and generating a signature value after signing the firmware image file abstract value according to a ring signature algorithm by using the public and private key pair; the specific process is as follows:
acquiring N measurement public and private key pairs forming a key ring generated by a key management system, and taking M measurement public keys and a K measurement private key participating in signature out of the N measurement public keys according to a preset measurement public key selection algorithm;
Forming a sequence ring by M measurement public keys and a Kth measurement private key, and generating a signature value after ring signing the abstract value by adopting a parameter information encryption algorithm;
a firmware image file package issuing subunit (1.6) for assembling the firmware image file package according to the formats of the firmware image file, the parameter information and the signature value and issuing the firmware image file package;
the key storage subunit (1.7) is used for storing the public key2 of the public key centering measurement public key and the decryption ciphertext key1 corresponding to the encryption algorithm into the firmware chip according to a certain sequence;
a public key obtaining unit (2) for obtaining each public key stored in a one-time key storage area in the firmware chip when the firmware chip is required to be upgraded;
and the firmware image file signing verification unit (3) is used for verifying the firmware image file issued by the signature by using a ring signature verification algorithm according to each public key, and upgrading the firmware image file after the measurement is successful.
8. The apparatus for securely upgrading firmware based on chip trusted roots as claimed in claim 7, wherein the public key obtaining unit (2) comprises:
the firmware image file packet storage subunit (2.1) is used for acquiring the issued firmware image file packet and storing the firmware image file packet in a flash temporary zone of the BMC when the firmware chip is required to be upgraded;
A public key reading subunit (2.2) for accessing the one-time key storage area through the one-time key control area by the microcontroller and reading all public keys in the one-time key storage area;
the firmware image file signature verification unit (3) comprises:
a signature value extraction subunit (3.1) for extracting a firmware image file signature value from the firmware image file packet;
the signature verification digest value generation subunit (3.2) is used for taking out M measurement public keys from N measurement public keys read from the one-time key storage area according to a preset public key selection algorithm, and performing signature verification on the firmware image file signature value by using the M measurement public keys and a ring signature verification algorithm to generate a signature verification digest value;
the to-be-verified summary value generation subunit (3.3) is used for taking out the firmware image file and the parameter information from the firmware image file packet, and performing hash calculation by using a preset summary algorithm to obtain the to-be-verified summary value;
and the firmware upgrading subunit (3.4) is used for comparing whether the verification signature digest value is consistent with the digest value to be verified or not, and upgrading the firmware by using the firmware image file when the verification signature digest value is consistent with the digest value to be verified.
CN202210018072.3A 2022-01-07 2022-01-07 Method and device for safely upgrading firmware based on chip trusted root Active CN114448794B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210018072.3A CN114448794B (en) 2022-01-07 2022-01-07 Method and device for safely upgrading firmware based on chip trusted root

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210018072.3A CN114448794B (en) 2022-01-07 2022-01-07 Method and device for safely upgrading firmware based on chip trusted root

Publications (2)

Publication Number Publication Date
CN114448794A CN114448794A (en) 2022-05-06
CN114448794B true CN114448794B (en) 2023-08-18

Family

ID=81367844

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210018072.3A Active CN114448794B (en) 2022-01-07 2022-01-07 Method and device for safely upgrading firmware based on chip trusted root

Country Status (1)

Country Link
CN (1) CN114448794B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115766043B (en) * 2023-01-06 2023-04-14 北京象帝先计算技术有限公司 Off-chip firmware signature checking method and device, chip and electronic equipment

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107256168A (en) * 2017-06-12 2017-10-17 郑州云海信息技术有限公司 A kind of design method of UEFI BIOS safety upgrade mechanism
CN110795126A (en) * 2019-10-25 2020-02-14 苏州浪潮智能科技有限公司 Firmware safety upgrading system

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11768611B2 (en) * 2020-04-02 2023-09-26 Axiado Corporation Secure boot of a processing chip
US12001826B2 (en) * 2020-04-24 2024-06-04 Intel Corporation Device firmware update techniques

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107256168A (en) * 2017-06-12 2017-10-17 郑州云海信息技术有限公司 A kind of design method of UEFI BIOS safety upgrade mechanism
CN110795126A (en) * 2019-10-25 2020-02-14 苏州浪潮智能科技有限公司 Firmware safety upgrading system

Also Published As

Publication number Publication date
CN114448794A (en) 2022-05-06

Similar Documents

Publication Publication Date Title
CN109313690B (en) Self-contained encrypted boot policy verification
US9323950B2 (en) Generating signatures using a secure device
CN109328352B (en) Targeted secure software deployment
CN110287654B (en) Media client device authentication using hardware trust root
JP4856080B2 (en) Secure loading and storage of data to data processing equipment
US20060005046A1 (en) Secure firmware update procedure for programmable security devices
US8627086B2 (en) Secure loading and storing of data in a data processing device
US10771264B2 (en) Securing firmware
US7127067B1 (en) Secure patch system
US10250577B2 (en) System and method for authenticating and enabling an electronic device in an electronic system
US20050283826A1 (en) Systems and methods for performing secure communications between an authorized computing platform and a hardware component
CN108140093A (en) Secret is migrated using for the hardware root of trust of equipment
US11361087B2 (en) Security data processing device
TW201516733A (en) System and method for verifying changes to UEFI authenticated variables
CN108140085A (en) Use the credible platform of minimum hardware resource
EP1763720A2 (en) Systems and methods for securing a computer boot
JP2004280284A (en) Control processor, electronic equipment, and program starting method for electronic equipment, and system module updating method for electronic equipment
CN110795126A (en) Firmware safety upgrading system
CN112907375A (en) Data processing method, data processing device, computer equipment and storage medium
CN114448794B (en) Method and device for safely upgrading firmware based on chip trusted root
RU2408071C2 (en) Protected data loading and storage in data processing device
CN114896640A (en) Secure boot method, device, equipment and readable medium based on trusted root
JP2002006739A (en) Authentication information generating device and data verifying device
WO2007005140A1 (en) Secure patch system
KR20070019790A (en) Method of delivering direct proof private keys in signed groups to devices using a distribution cd

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant