CN115454517B - Method, system, storage medium, device and chip for multi-medium secure boot - Google Patents

Method, system, storage medium, device and chip for multi-medium secure boot Download PDF

Info

Publication number
CN115454517B
CN115454517B CN202211409885.1A CN202211409885A CN115454517B CN 115454517 B CN115454517 B CN 115454517B CN 202211409885 A CN202211409885 A CN 202211409885A CN 115454517 B CN115454517 B CN 115454517B
Authority
CN
China
Prior art keywords
starting
control circuit
data
chip
coprocessor
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211409885.1A
Other languages
Chinese (zh)
Other versions
CN115454517A (en
Inventor
李灯伟
刘刚
王硕
赵元
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong Yunhai Guochuang Cloud Computing Equipment Industry Innovation Center Co Ltd
Original Assignee
Shandong Yunhai Guochuang Cloud Computing Equipment Industry Innovation Center Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong Yunhai Guochuang Cloud Computing Equipment Industry Innovation Center Co Ltd filed Critical Shandong Yunhai Guochuang Cloud Computing Equipment Industry Innovation Center Co Ltd
Priority to CN202211409885.1A priority Critical patent/CN115454517B/en
Publication of CN115454517A publication Critical patent/CN115454517A/en
Application granted granted Critical
Publication of CN115454517B publication Critical patent/CN115454517B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/4401Bootstrapping
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44505Configuring for program initiating, e.g. using registry, configuration files

Abstract

The invention relates to the field of integrated circuit design and application, and provides a method, a system, a storage medium, equipment and a chip for multi-medium safe starting, wherein the method comprises the following steps: a main processor, a coprocessor and a safe starting control circuit are arranged in the chip architecture design; setting pins for distinguishing starting media and electrifying a chip; the starting coprocessor reads a starting program from a medium pointed by the pin according to the set pin and sends a data carrying completion signal to the safety starting control circuit; verifying the starting data by using a safe starting control circuit; and when the starting data passes the verification, sending a passing signal to the main processor by using the safe starting control circuit, reading the starting data by the main processor and executing a starting command. According to the invention, the reliability and the robustness of the chip are improved in the multi-medium safe starting process.

Description

Multi-medium secure startup method, system, storage medium, device and chip
Technical Field
The invention relates to the field of integrated circuit design and application, in particular to a method for safely starting a multi-medium circuit used for starting a server substrate management chip, and specifically relates to a method, a system, a storage medium, equipment and a chip for safely starting the multi-medium circuit.
Background
With the development of the internet and communication technology, more and more devices can realize automation and intellectualization through a communication network, an internet or an internet of things and the like, and more convenience is provided for people. While people increasingly rely on various devices in life, the problem of device network security is increasingly important. The network security of the device is related to a starting mode of the device at a starting stage, for example, an instruction set for booting the device in some devices is stored in a readable and writable memory of the device, when the device is powered on, the instruction set for booting the device can be read from the readable and writable memory, operations such as hardware inspection, initialization and the like are performed, when a running environment is ready, a boot instruction set is run, and the device is started.
Therefore, in order to solve the problem, a better multi-media secure start mode needs to be provided to improve the reliability and robustness of the chip.
Disclosure of Invention
In view of the above, the present invention is directed to an improved method, system, storage medium and device for secure multi-media booting, so as to improve the reliability and robustness of a chip.
In view of the above objects, in one aspect, the present invention provides a method for secure booting of multimedia, wherein the method comprises the steps of:
a main processor, a coprocessor and a safe starting control circuit are arranged in the chip architecture design;
setting a pin for distinguishing a starting medium and electrifying the chip;
starting the coprocessor, reading a starting program from a medium pointed by the pin according to the set pin, and sending a data transfer completion signal to the safe starting control circuit;
verifying the starting data by using the safe starting control circuit; and
and when the starting data passes the verification, sending a passing signal to the main processor by using the safe starting control circuit, reading the starting data by the main processor and executing a starting command.
In some embodiments of the method of multimedia secure boot according to the present invention, sending a reset signal to the coprocessor with the secure boot control circuit when the boot data fails to verify;
reading the starting program from another storage medium again by the coprocessor, and sending a data transfer completion signal to the safe starting control circuit;
verifying the start data carried again by using the safe start control circuit;
and when the start data carried again passes the verification, the safe start control circuit is utilized to send a passing signal to the main processor, and the main processor reads the start data and executes a start command.
In some embodiments of the method for multimedia secure boot according to the present invention, when the re-handled boot data fails to be verified, the main controller a is not booted, and the relevant pin is set to indicate that the chip failed to boot.
In some embodiments of the method for secure booting of a multi-media according to the present invention, after the coprocessor reads the boot program, the boot program is moved to an SRAM inside the chip.
In some embodiments of the method of multi-media secure boot according to the present invention, all data in the SRAM is erased when the co-processor receives the reset signal.
In some embodiments of the method for secure boot of multimedia according to the present invention, the secure boot control circuit is used to perform the verification by reading the password key required for verification from the OTP ROM and reading the boot data required for verification from the SRAM.
In another aspect of the present invention, a system for multimedia secure boot is further provided, including:
the chip configuration module is used for setting a main processor, a coprocessor and a safe starting control circuit in the chip architecture design;
the starting preparation module is used for setting pins for distinguishing starting media and electrifying the chip;
the reading module is used for starting the coprocessor, reading a starting program from a medium pointed by the pin according to the set pin, and sending a data transfer completion signal to the safe starting control circuit;
the checking module is used for checking the starting data by utilizing the safe starting control circuit; and
and the starting module sends a passing signal to the main processor by using the safe starting control circuit when the starting data passes the verification, and the main processor reads the starting data and executes a starting command.
In some embodiments of the multi-media secure boot system according to the present invention, the verification module sends a reset signal to the coprocessor with the secure boot control circuit when the boot data fails to verify;
the reading module reads the starting program from another storage medium again by the coprocessor and sends a data carrying completion signal to the safe starting control circuit;
the checking module checks the start data carried again by using the safe start control circuit;
and when the start data carried again passes the verification, the start module utilizes the safe start control circuit to send a passing signal to the main processor, and the main processor reads the start data and executes a start command.
In some embodiments of the multimedia secure boot system according to the present invention, further comprising an error reporting module,
and when the start data carried again does not pass the verification, the main controller A is not started, and the error reporting module sets related pins to indicate that the chip fails to start.
In some embodiments of the system for multi-media secure boot according to the present invention, the read module moves the boot program to an SRAM inside a chip after the coprocessor reads the boot program.
In some embodiments of the multi-media secure boot system according to the invention, the read module erases all data in the SRAM when the coprocessor receives the reset signal.
In some embodiments of the multimedia secure boot system according to the present invention, the check module performs the check by reading a password key required for the check from the OTP ROM and reading the boot data required for the check from the SRAM using the secure boot control circuit.
In still another aspect of the present invention, there is also provided a computer-readable storage medium storing computer program instructions which, when executed, implement any one of the above-mentioned methods for secure multi-media booting according to the present invention.
In yet another aspect of the present invention, there is also provided a computer device comprising a memory and a processor, the memory having stored therein a computer program, which when executed by the processor performs any of the above-mentioned methods for multimedia secure boot according to the present invention.
In another aspect of the present invention, there is also provided a chip for multi-media secure boot according to any one of the above embodiments, wherein the chip has a main processor, a coprocessor, a secure boot control circuit, an SRAM control circuit, a flash control circuit, an SD card control circuit, and an internal interconnection bus in its architecture, wherein the chip has a main processor, a coprocessor, a secure boot control circuit, an SRAM control circuit, a flash control circuit, an SD card control circuit, and an internal interconnection bus, and wherein the chip has a function of a secure boot
The SRAM control circuit is connected with an SRAM inside the chip,
the safety starting control circuit comprises an OTP control circuit and a check circuit, the OTP control circuit is connected with an OTP ROM inside the chip and used for storing password data used for the check circuit,
the flash control circuit is connected with a flash storage device outside the chip,
the SD card control circuit is connected with an SD card storage device outside the chip,
the flash memory device and the SD card memory device start program or other programs of the memory chip, and
the main processor, the coprocessor, the safe starting control circuit, the SRAM control circuit, the flash control circuit and the SD card control circuit are connected through the internal interconnection bus.
The invention has at least the following beneficial technical effects: the invention provides an SOC multi-medium safe starting mode, which can realize the starting from different media in a safe starting circuit, and when a program or a damaged medium in one medium or the damaged medium is in the safe starting circuit, the safe starting circuit can be started from the other medium, thereby enhancing the reliability and the robustness of a chip.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other embodiments can be obtained by using the drawings without creative efforts.
In the figure:
FIG. 1 shows a schematic diagram of a method of multimedia secure boot according to the present invention;
FIG. 2 shows a schematic block diagram of an embodiment of a system for multimedia secure booting in accordance with the present invention;
FIG. 3 shows a schematic diagram of an embodiment of a computer-readable storage medium implementing a method for secure booting of a multi-media in accordance with the present invention;
FIG. 4 is a hardware block diagram of an embodiment of a computer device implementing a method for secure booting of multimedia according to the present invention;
fig. 5 shows a schematic view of a frame of an embodiment of a chip according to the invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the following embodiments of the present invention are described in further detail with reference to the accompanying drawings.
It should be noted that all expressions using "first" and "second" in the embodiments of the present invention are used for distinguishing two non-identical entities with the same name or different parameters, and it is understood that "first" and "second" are only used for convenience of expression and should not be construed as limiting the embodiments of the present invention. Moreover, the terms "comprises" and "comprising," as well as any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements does not include other steps or elements inherent in the present invention.
Therefore, the invention aims to select the code in one medium from a plurality of media to start, and carry out security check and verification on the starting code, and the code which is not tampered can be transferred to normal starting work after verification and verification.
To this end, in a first aspect of the invention, a method 100 for secure boot of multimedia is provided. Fig. 1 shows a schematic block diagram of an embodiment of a method of multimedia secure booting according to the present invention. In the embodiment shown in fig. 1, the method comprises:
step S110: a main processor, a coprocessor and a safe starting control circuit are arranged in the chip architecture design;
step S120: setting pins for distinguishing starting media and electrifying a chip;
step S130: the starting coprocessor reads a starting program from a medium pointed by the pin according to the set pin and sends a data carrying completion signal to the safety starting control circuit;
step S140: verifying the starting data by using a safe starting control circuit;
step S150: when the starting data passes the verification, the safe starting control circuit is used for sending a passing signal to the main processor, and the main processor reads the starting data and executes a starting command.
In some embodiments of the method 100 for multimedia secure boot according to the present invention, further comprising:
step S160: when the starting data is not verified, a reset signal is sent to the coprocessor by using the safe starting control circuit;
step S130': the coprocessor reads the starting program from another storage medium again and sends a data transfer completion signal to the safe starting control circuit;
step S140': verifying the start data carried again by using the safe start control circuit;
step S150': when the start data transferred again passes the verification, the safe start control circuit sends a passing signal to the main processor, and the main processor reads the start data and executes a start command.
In some embodiments of the method 100 for secure booting of multimedia according to the present invention, further comprising the step S170: and when the start data carried again does not pass the verification, the main controller A is not started, and related pins are set to indicate that the chip fails to start.
In some embodiments of the method 100 for secure booting of a multi-media according to the present invention, in step S130, after the coprocessor reads the boot program, the boot program is moved to the SRAM inside the chip.
In some embodiments of the method 100 for secure booting of multimedia according to the present invention, in step S130', all data in the SRAM is erased when the coprocessor receives a reset signal.
In some embodiments of the method 100 for multi-media secure booting according to the present invention, in steps S140 and S140', the verification is performed by reading a password key required for verification from the OTP ROM and reading boot data required for verification from the SRAM using the secure boot control circuit.
OTP ROM refers to one-time programmable ROM. The ROM can be programmed once, data cannot be erased or rewritten after programming, and data cannot be lost after power failure. OTP ROMs referred to herein are collectively assumed to have data of 0 when not programmed and data of 1 after programming.
A specific example of the method of multimedia secure boot according to the present invention is described below. Before the multi-media secure boot, the chip connects a plurality of storage media (in this example, flash storage devices or/and SD card storage devices) which have stored the boot program. After the pin for distinguishing which medium to start from is set, the chip is powered on. At this time, the data in the SRAM is empty, and the main controller is in a reset state and does not operate. The chip starts the coprocessor firstly, the coprocessor determines which medium flash memory device or SD card memory device to read the starting program according to the pin setting of the chip, and the starting program is moved to the SRAM in the chip. When the transfer of the boot program is completed, the coprocessor sets a data transfer completion signal data _ carry _ finish =1 and transmits the data transfer completion signal to the secure boot control circuit. And after receiving a data transfer completion signal indicating that the data _ carry _ finish is in a valid state, the secure start control circuit starts to read the password key required for verification from the OTP ROM, and reads the start data required for verification from the SRAM for verification. If the boot data passes the verification, the secure boot control circuitry may set a pass signal indicating that the resetA signal is invalid and pass the pass signal to the host processor. After the main processor receives the pass signal, the main processor starts to read data from the starting address of the starting data in the SRAM and executes a command. If the boot data is not verified, a reset signal (the signal format may be other _ start _ data = 1) indicating that the resetA signal is in a valid state is set and transmitted to the coprocessor, the coprocessor erases all data in the SRAM after receiving the reset signal, sets a signal indicating that data is not completely transferred, for example, data _ carry _ finish =0, transfers the boot program from another storage medium to the SRAM again, sets a data transfer completion signal data _ carry _ finish =1 after transferring, and transmits the data transfer completion signal to the secure boot control circuit. And after receiving the data transfer completion signal, the safe starting control circuit C starts to read the password key required for verification from the OTP ROM, and reads the starting data required for verification from the SRAM for verification. If the boot data passes the verification, the secure boot control circuitry sets a pass signal and passes the pass signal to the host processor. And after receiving the pass signal, the main processor starts to read data from the start address of the start data in the SRAM and executes a command. If the starting data does not pass the verification, a reset signal indicating that the resetA signal is in an effective state is set, the main controller A is not started, and related pins are set to indicate that the chip fails to start.
It should be noted that, in the present invention, the storage medium is not limited to only flash memory and SD memory card, nor is it limited to the same kind of medium as one. In addition, each medium is not limited to only one piece of the startup procedure. The number and kind of the storage media may be arbitrarily selected as needed.
In a second aspect of the present invention, a system 200 for multimedia secure booting is also provided. Fig. 2 shows a schematic block diagram of an embodiment of a system 200 for multimedia secure booting according to the present invention. As shown in fig. 2, the system includes:
a chip configuration module 210, wherein the chip configuration module 210 is used for setting a main processor, a coprocessor and a safe start control circuit in a chip architecture design;
a startup preparation module 220, wherein the startup preparation module 220 is used for setting pins for distinguishing startup media and powering on a chip;
a reading module 230, wherein the reading module 230 is configured to start the coprocessor, read a start program from a medium to which the pin points according to the set pin, and send a data transfer completion signal to the secure start control circuit;
a verification module 240, wherein the verification module 240 is configured to verify the startup data by using the secure startup control circuit; and
and the starting module 250, when the starting data passes the verification, the starting module 250 sends a passing signal to the main processor by using the safe starting control circuit, and the main processor reads the starting data and executes a starting command.
In some embodiments of the multimedia secure boot system 200 according to the present invention, the verification module sends a reset signal to the coprocessor using the secure boot control circuitry when the boot data fails the verification;
the reading module 230 reads the start program from another storage medium again by the coprocessor, and sends a data transfer completion signal to the secure start control circuit;
the checking module 240 checks the start data carried again by using the safe start control circuit;
when the re-transported start data passes the verification, the start module 250 transmits a pass signal to the main processor by using the secure start control circuit, and the main processor reads the start data and executes the start command.
In an embodiment of the present invention, the multimedia secure boot system 200 may be used to perform the following method steps as shown in FIG. 1:
step S110: a main processor, a coprocessor and a safe starting control circuit are arranged in the chip architecture design;
step S120: setting pins for distinguishing starting media and electrifying a chip;
step S130: the starting coprocessor reads a starting program from a medium pointed by the pin according to the set pin and sends a data carrying completion signal to the safety starting control circuit;
step S140: verifying the starting data by using the safe starting control circuit;
step S150: when the starting data passes the verification, the safe starting control circuit is used for sending a passing signal to the main processor, and the main processor reads the starting data and executes a starting command.
In some embodiments of the method 100 for multimedia secure booting according to the present invention, further comprising:
step S160: when the starting data is not verified, a reset signal is sent to the coprocessor by using the safe starting control circuit;
step S130': the coprocessor reads the starting program from another storage medium again and sends a data transfer completion signal to the safe starting control circuit;
step S140': verifying the start data carried again by using the safe start control circuit;
step S150': when the start data transferred again passes the verification, the safe start control circuit sends a passing signal to the main processor, and the main processor reads the start data and executes a start command.
In some embodiments of the method 100 for secure booting of multimedia according to the present invention, further comprising step S170: and when the start data carried again does not pass the verification, the main controller A is not started, and related pins are set to indicate that the chip fails to start.
In some embodiments of the method 100 for secure booting of a multi-media according to the present invention, in step S130, after the coprocessor reads the boot program, the boot program is moved to the SRAM inside the chip.
In some embodiments of the method 100 for secure booting of a multimedia according to the present invention, in step S130', all data in the SRAM is erased when the coprocessor receives a reset signal.
In some embodiments of the method 100 for multi-media secure booting according to the present invention, in steps S140 and S140', the verification is performed by reading a password key required for verification from the OTP ROM and reading boot data required for verification from the SRAM using the secure boot control circuit.
OTP ROM refers to one-time programmable ROM. The ROM can be programmed once, data cannot be erased or rewritten after programming, and data cannot be lost after power failure. OTP ROMs referred to herein collectively assume that data is 0 when unprogrammed and data becomes 1 after programming.
In some embodiments of the system 200 for multi-media secure boot according to the present invention, the system further comprises an error reporting module 260, when the re-transported boot data fails to be verified, the main controller a is not booted, and the error reporting module 260 sets the relevant pin to indicate the chip boot failure.
In some embodiments of the system 200 for multi-media secure boot according to the present invention, the reading module 230 moves the boot program to an SRAM inside the chip after the coprocessor reads the boot program.
In some embodiments of the multi-media secure boot system 200 according to the present invention, the read module 230 erases all data in the SRAM when the coprocessor receives a reset signal.
In some embodiments of the multimedia secure boot system 200 according to the present invention, the verification module 240 performs the verification by reading the password key required for verification from the OTP ROM and reading the boot data required for verification from the SRAM using the secure boot control circuit.
In a third aspect of the embodiment of the present invention, a computer-readable storage medium is further provided, and fig. 3 is a schematic diagram of a computer-readable storage medium of a method for secure booting of multiple media according to an embodiment of the present invention. As shown in fig. 3, the computer-readable storage medium 300 stores computer program instructions 310, the computer program instructions 310 being executable by a processor. The computer program instructions 310, when executed, implement the method of any of the embodiments described above.
It is to be understood that all embodiments, features and advantages set forth above with respect to the method for multimedia secure booting according to the present invention apply equally, without conflict with one another, to the system and the storage medium for multimedia secure booting according to the present invention.
In a fourth aspect of the embodiments of the present invention, there is further provided a computer device 400, comprising a memory 420 and a processor 410, wherein the memory stores a computer program, and the computer program, when executed by the processor, implements the method of any one of the above embodiments.
Fig. 4 is a schematic hardware structural diagram of an embodiment of a computer device for executing the method for secure multimedia booting according to the present invention. Taking the computer device 400 shown in fig. 4 as an example, the computer device includes a processor 410 and a memory 420, and may further include: an input device 430 and an output device 440. The processor 410, the memory 420, the input device 430, and the output device 440 may be connected by a bus or other means, such as the bus connection in fig. 4. Input device 430 may receive entered numeric or character information and generate signal inputs related to secure actuation of the multimedia. The output device 440 may include a display device such as a display screen.
The memory 420 is used as a non-volatile computer-readable storage medium, and can be used to store non-volatile software programs, non-volatile computer-executable programs, and modules, such as program instructions/modules corresponding to the resource monitoring method in the embodiments of the present application. The memory 420 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created by use of the resource monitoring method, and the like. Further, the memory 420 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some embodiments, memory 420 may optionally include memory located remotely from processor 410, which may be connected to local modules via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The processor 410 executes various functional applications of the server and data processing by executing nonvolatile software programs, instructions and modules stored in the memory 420, that is, implements the resource monitoring method of the above-described method embodiment.
In a fifth aspect of the embodiments of the present invention, there is further provided a chip for a method for multimedia secure booting according to the present invention as described in any one of the above. Fig. 5 shows a schematic view of a frame of a chip according to the invention. As shown in fig. 5, in this embodiment, the chip 500 has a main processor a, a coprocessor B, a secure boot control circuit C, an SRAM control circuit D, a flash control circuit F, an SD card control circuit S, and an internal interconnection bus H, wherein the main processor a, the coprocessor B, the secure boot control circuit C, the SRAM control circuit D, the flash control circuit F, the SD card control circuit S, and the internal interconnection bus H are disposed in the architecture
The SRAM control circuit D is connected to the SRAM inside the chip 500,
the secure boot control circuit C includes an OTP control circuit connected to an OTP ROM inside the chip 500, and a verification circuit, the OTP ROM being used to store password data for the verification circuit,
the flash control circuit F is connected to a flash memory device outside the chip 500,
the SD card control circuit S is connected to an SD card storage device external to the chip 500,
a flash memory device and an SD card memory device store a start-up program or other programs of the chip 500, and
the main processor A, the coprocessor B, the safe starting control circuit C, the SRAM control circuit D, the flash control circuit F and the SD card control circuit S are connected through an internal interconnection bus H.
Those of skill would further appreciate that the various illustrative logical blocks, modules, circuits, and algorithm steps described in connection with the disclosure herein may be implemented as electronic hardware, computer software, or combinations of both. To clearly illustrate this interchangeability of hardware and software, various illustrative components, blocks, modules, circuits, and steps have been described above generally in terms of their functionality. Whether such functionality is implemented as software or hardware depends upon the particular application and design constraints imposed on the overall system. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present disclosure.
Finally, it should be noted that the computer-readable storage medium (e.g., memory) herein can be either volatile memory or nonvolatile memory, or can include both volatile and nonvolatile memory. By way of example, and not limitation, nonvolatile memory can include Read Only Memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM), which can act as external cache memory. By way of example and not limitation, RAM may be available in a variety of forms such as synchronous RAM (DRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double data rate SDRAM (DDR SDRAM), enhanced SDRAM (ESDRAM), synchlink DRAM (SLDRAM), and Direct Rambus RAM (DRRAM). The storage devices of the disclosed aspects are intended to comprise, without being limited to, these and other suitable types of memory.
The various illustrative logical blocks, modules, and circuits described in connection with the disclosure herein may be implemented or performed with the following components designed to perform the functions herein: a general purpose processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination of these components. A general-purpose processor may be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine. A processor may also be implemented as a combination of computing devices, e.g., a combination of a DSP and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a DSP, and/or any other such configuration.
The foregoing are exemplary embodiments of the present disclosure, but it should be noted that various changes and modifications could be made herein without departing from the scope of the present disclosure as defined by the appended claims. The functions, steps and/or actions of the method claims in accordance with the disclosed embodiments described herein need not be performed in any particular order. Furthermore, although elements of the disclosed embodiments of the invention may be described or claimed in the singular, the plural is contemplated unless limitation to the singular is explicitly stated.
It should be understood that, as used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly supports the exception. It should also be understood that "and/or" as used herein is meant to include any and all possible combinations of one or more of the associated listed items. The numbers of the embodiments disclosed in the embodiments of the present invention are merely for description, and do not represent the merits of the embodiments.
Those of ordinary skill in the art will understand that: the discussion of any embodiment above is meant only to be exemplary, and is not intended to intimate that the scope of the disclosure, including the claims, is limited to these examples; within the idea of an embodiment of the invention, also technical features in the above embodiment or in different embodiments may be combined and there are many other variations of the different aspects of the embodiments of the invention as described above, which are not provided in detail for the sake of brevity. Therefore, any omissions, modifications, substitutions, improvements, and the like that may be made without departing from the spirit and principles of the embodiments of the present invention are intended to be included within the scope of the embodiments of the present invention.

Claims (13)

1. A method for secure multi-media booting, comprising the steps of:
a main processor, a coprocessor and a safe starting control circuit are arranged in the chip architecture design;
setting a pin for distinguishing a starting medium and electrifying the chip;
starting the coprocessor, reading a starting program from a medium pointed by the pin according to the set pin, and sending a data transfer completion signal to the safe starting control circuit;
verifying the starting data by using the safe starting control circuit; and
when the starting data passes the verification, the safe starting control circuit is used for sending a passing signal to the main processor, and the main processor reads the starting data and executes a starting command;
when the starting data is not verified, the safe starting control circuit is used for sending a reset signal to the coprocessor; reading the starting program from another storage medium again by the coprocessor, and sending a data transfer completion signal to the safe starting control circuit; verifying the start data carried again by using the safe start control circuit; and when the start data carried again passes the verification, sending a passing signal to the main processor by using the safe start control circuit, reading the start data by the main processor and executing a start command.
2. The method of claim 1,
and when the start data carried again does not pass the verification, the main controller A is not started, and related pins are set to indicate that the chip fails to start.
3. The method of claim 1,
and after the coprocessor reads the starting program, moving the starting program to an SRAM in the chip.
4. The method of claim 3,
and when the coprocessor receives the reset signal, erasing all data in the SRAM.
5. The method of claim 3,
and reading the password key required by verification from the OTP ROM by using the secure start control circuit, and reading the start data required by verification from the SRAM for verification.
6. A system for secure multi-media booting, comprising:
the chip configuration module is used for setting a main processor, a coprocessor and a safe starting control circuit in the chip architecture design;
the starting preparation module is used for setting pins for distinguishing starting media and electrifying the chip;
the reading module is used for starting the coprocessor, reading a starting program from a medium pointed by the pin according to the set pin, and sending a data carrying completion signal to the safe starting control circuit;
the checking module is used for checking the starting data by utilizing the safe starting control circuit; and
the starting module utilizes the safe starting control circuit to send a passing signal to the main processor when the starting data passes the verification, and the main processor reads the starting data and executes a starting command;
when the starting data is not checked, the checking module sends a reset signal to the coprocessor by using the safe starting control circuit; the reading module reads the starting program from another storage medium again by the coprocessor and sends a data carrying completion signal to the safe starting control circuit; the checking module checks the start data carried again by using the safe start control circuit; and when the start data carried again passes the verification, the start module utilizes the safe start control circuit to send a passing signal to the main processor, and the main processor reads the start data and executes a start command.
7. The system of claim 6, further comprising an error reporting module,
and when the start data carried again does not pass the verification, the main controller A is not started, and the error reporting module sets related pins to indicate that the chip fails to start.
8. The system of claim 7,
and after the coprocessor reads the starting program, the reading module moves the starting program to an SRAM in the chip.
9. The system of claim 8,
and the reading module erases all data in the SRAM when the coprocessor receives the reset signal.
10. The system of claim 8,
the check module utilizes the safe starting control circuit to read the password key required by check from the OTPROM and read the starting data required by check from the SRAM for check.
11. A computer-readable storage medium having stored thereon computer program instructions which, when executed, implement the method of multimedia secure boot according to any of claims 1-5.
12. A computer arrangement comprising a memory and a processor, characterized in that a computer program is stored in the memory, which computer program, when being executed by the processor, carries out the method of multimedia secure boot according to any of the claims 1-5.
13. A chip for the multi-media secure boot method of any one of claims 1-5, wherein the chip has a main processor, a coprocessor, a secure boot control circuit, an SRAM control circuit, a flash control circuit, an SD card control circuit, and an internal interconnection bus, wherein the main processor, the coprocessor, the secure boot control circuit, the SRAM control circuit, the flash control circuit, the SD card control circuit, and the internal interconnection bus are arranged in the chip architecture
The SRAM control circuit is connected with an SRAM inside the chip,
the safety starting control circuit comprises an OTP control circuit and a check circuit, the OTP control circuit is connected with an OTP ROM inside the chip and used for storing password data used for the check circuit,
the flash control circuit is connected with a flash storage device outside the chip,
the SD card control circuit is connected with an SD card storage device outside the chip,
the flash memory device and the SD card memory device start program or other programs of the memory chip, and
the main processor, the coprocessor, the safe starting control circuit, the SRAM control circuit, the flash control circuit and the SD card control circuit are connected through the internal interconnection bus.
CN202211409885.1A 2022-11-11 2022-11-11 Method, system, storage medium, device and chip for multi-medium secure boot Active CN115454517B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211409885.1A CN115454517B (en) 2022-11-11 2022-11-11 Method, system, storage medium, device and chip for multi-medium secure boot

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211409885.1A CN115454517B (en) 2022-11-11 2022-11-11 Method, system, storage medium, device and chip for multi-medium secure boot

Publications (2)

Publication Number Publication Date
CN115454517A CN115454517A (en) 2022-12-09
CN115454517B true CN115454517B (en) 2023-03-10

Family

ID=84295826

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211409885.1A Active CN115454517B (en) 2022-11-11 2022-11-11 Method, system, storage medium, device and chip for multi-medium secure boot

Country Status (1)

Country Link
CN (1) CN115454517B (en)

Family Cites Families (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102736933A (en) * 2012-05-16 2012-10-17 中兴通讯股份有限公司 BOOT file loading method and device
CN102929565B (en) * 2012-10-24 2016-04-06 北京华大信安科技有限公司 Based on the Boot loader read method of SoC, device and chip
US9558086B2 (en) * 2015-06-02 2017-01-31 Aspeed Technology Inc. System on chip with debug controller and operating method thereof
CN106295268B (en) * 2015-06-12 2020-01-31 联想(北京)有限公司 Information processing method and electronic device
CN109426324B (en) * 2017-08-30 2021-01-29 华为技术有限公司 Power-on control method, AP chip and mobile terminal
CN109634674B (en) * 2018-12-06 2022-03-29 深圳忆联信息系统有限公司 Chip BOOT starting method and device, computer equipment and storage medium
CN210804374U (en) * 2019-09-04 2020-06-19 珠海奔图电子有限公司 Image forming apparatus and security control system for image forming apparatus
CN210007764U (en) * 2019-06-28 2020-01-31 珠海奔图电子有限公司 kinds of image forming apparatus, start control system for image forming apparatus
CN110928499B (en) * 2019-11-18 2023-11-14 珠海泰芯半导体有限公司 Flash memory embedded in chip, chip and starting method of chip
CN111124517B (en) * 2019-12-23 2023-01-20 湖南国科微电子股份有限公司 Embedded chip boot starting method and device, computer equipment and storage medium
CN112099856B (en) * 2020-08-07 2023-05-05 武汉光迅科技股份有限公司 Embedded system and starting method thereof
CN112433895A (en) * 2020-11-02 2021-03-02 广州粒子微电子有限公司 Chip starting mode control method and control circuit
CN112445440B (en) * 2020-11-20 2023-02-17 珠海奔图电子有限公司 Image forming apparatus, start control method thereof and storage medium
CN113282969B (en) * 2021-05-13 2023-10-31 中科可控信息产业有限公司 Device control method, electronic device, and readable storage medium
CN113177201A (en) * 2021-05-20 2021-07-27 北京奕斯伟计算技术有限公司 Program checking and signing method and device and SOC chip
CN114329496A (en) * 2021-12-31 2022-04-12 龙芯中科(成都)技术有限公司 Trusted starting method of operating system and electronic equipment
CN114692228A (en) * 2022-03-09 2022-07-01 深圳市锐尔觅移动通信有限公司 Security monitoring method, device, equipment and readable storage medium

Also Published As

Publication number Publication date
CN115454517A (en) 2022-12-09

Similar Documents

Publication Publication Date Title
US10509568B2 (en) Efficient secure boot carried out in information processing apparatus
CN104794393B (en) A kind of embedded partitions image safety certification and kernel trusted bootstrap method and its equipment
CN104981778A (en) Patching boot code of read-only memory
US7775423B2 (en) Portable electronic device and control method of portable electronic device
JP5843674B2 (en) IC card, portable electronic device, and control method of IC card
CN102298529A (en) Providing silicon integrated code for a system
CN110795738A (en) Computer starting method, controller, storage medium and system
WO2020158377A1 (en) Electronic control device and security verification method for electronic control device
JP2002024046A (en) Microcomputer, its memory contents changing system and memory contents changing method
US7934050B2 (en) Microcomputer for flash memory rewriting
US7836219B1 (en) System and method for authentication of embedded RAID on a host RAID card
CN115454517B (en) Method, system, storage medium, device and chip for multi-medium secure boot
KR20170102285A (en) Security Elements
JP2008165729A (en) Microcomputer
CN108171041B (en) Method and apparatus for authenticating an application accessing memory
US20040013266A1 (en) Method for loading and customizing data and programmes loaded in a smart card
JPH10301854A (en) Chip card and method for importing information on the same
JPH10198776A (en) Portable information recording medium, and its information writing and reading method
KR101572854B1 (en) A PLC device with enhanced cyber security
JP4634924B2 (en) Authentication method, authentication program, authentication system, and memory card
JP3057326B2 (en) IC card
US20230129942A1 (en) Method for locking a rewritable non-volatile memory and electronic device implementing said method
CN111124462B (en) Method, device, server and storage medium for updating embedded multimedia card
EP3923168B1 (en) Secure boot at shutdown
JP7322923B2 (en) Secure element, transaction control method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant