CN115688120A - Secure chip firmware importing method, secure chip and computer readable storage medium - Google Patents
Secure chip firmware importing method, secure chip and computer readable storage medium Download PDFInfo
- Publication number
- CN115688120A CN115688120A CN202211381974.XA CN202211381974A CN115688120A CN 115688120 A CN115688120 A CN 115688120A CN 202211381974 A CN202211381974 A CN 202211381974A CN 115688120 A CN115688120 A CN 115688120A
- Authority
- CN
- China
- Prior art keywords
- program
- functional program
- functional
- flash memory
- firmware
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention provides a secure chip firmware importing method, a secure chip and a computer readable storage medium, wherein the method comprises the following steps: after a boot program and an algorithm library are solidified to the read-only memory and are powered on again, performing first Hash operation on data in the read-only memory and obtaining a first abstract; acquiring a second abstract from a programmable memory, wherein the second abstract is generated by executing a first hash operation on a boot program and an algorithm library by an upper computer, and the second abstract is written into the programmable memory before the boot program and the algorithm library are solidified into the read-only memory or when the boot program and the algorithm library are solidified into the read-only memory; and responding to the consistency of the first abstract and the second abstract, receiving a functional program of the firmware from an upper computer, and writing the functional program into the embedded flash memory. The invention can improve the flexibility of the use of the security chip and ensure the integrity of the firmware import of the security chip.
Description
Technical Field
The present invention relates to the field of device security, and more particularly, to a secure chip firmware importing method, a secure chip, and a computer-readable storage medium.
Background
Existing computers and electronic devices typically include one or more microcontrollers, which may be considered the "brain" of these devices. Firmware (Firmware) is an electronic instruction set (electronic instruction set) stored inside a microcontroller, and by executing the electronic instruction set, the microcontroller can generate a set control signal to realize operation control of the device. For example, a microcontroller in the electronic watch tracks time and processes an alarm clock, a ring tone, etc. required by the user by executing firmware; the microcontroller in the mobile phone provides a user interface, mobile phone transmit/receive protocol, audio processing, etc. by executing firmware.
Since the firmware directly defines the running logic of the device, once the firmware is in error, a great threat is necessarily brought to the running of the device. In order to avoid errors in the burning process of the firmware, in the existing scheme, after receiving the firmware, the device may perform CRC check on the firmware, and compare the calculated check result with the received CRC check result. If the comparison fails, the firmware is refused to run.
Although the above method can solve the problems of data loss and the like in the firmware transmission process to a certain extent, the scheme cannot solve the problem that the firmware is maliciously modified or maliciously replaced, for example, if a third party maliciously modifies the firmware and the CRC check result at the same time, the device may not recognize the fact that the newly input firmware has been maliciously tampered. This obviously does not meet the requirements for firmware reliability for a security chip with a higher security level.
Disclosure of Invention
The invention aims to solve the technical problem that the existing firmware burning mode cannot meet the requirement of a security chip on the reliability of firmware, and provides a security chip firmware importing method, a security chip and a computer readable storage medium.
The technical scheme for solving the technical problems is to provide a secure chip firmware importing method, wherein the secure chip comprises a read-only memory, a programmable memory and an embedded flash memory, and the firmware comprises a boot startup program, an algorithm library and a functional program; the method comprises the following steps:
after the boot program and the algorithm library are solidified to the read-only memory and are powered on again, performing a first hash operation on data in the read-only memory and obtaining a first abstract;
acquiring a second abstract from the programmable memory, wherein the second abstract is generated by executing a first hash operation on a boot program and an algorithm library by an upper computer, and the second abstract is written into the programmable memory before the boot program and the algorithm library are solidified into the read-only memory or when the boot program and the algorithm library are solidified into the read-only memory;
and responding to the first abstract and the second abstract being consistent, receiving a functional program of the firmware from an upper computer, and writing the functional program into the embedded flash memory.
As a further improvement of the present invention, a program header of the boot startup program has a preset key;
the receiving the functional program of the firmware from the upper computer and writing the functional program into the embedded flash memory includes:
receiving ciphertext data from an upper computer, wherein the ciphertext data is generated by the upper computer through executing a first encryption algorithm on a functional program by using a preset secret key;
and after acquiring a preset key from a program header for guiding a starting program in the read-only memory, decrypting the ciphertext data by using the preset key to obtain a functional program, writing the functional program into a data storage area of the embedded flash memory, and writing a starting address of the functional program and the program header of the functional program into an info area of the embedded flash memory.
As a further improvement of the present invention, before writing the start address of the functional program and the program header of the functional program into the info area of the embedded flash memory, the method includes: and carrying out integrity verification on the functional program in the embedded flash memory.
As a further improvement of the present invention, the first preset position of the program header of the functional program has a third abstract, and the third abstract is obtained by the upper computer performing a second hash operation on the part of the program header of the functional program except for the first preset position;
and carrying out integrity verification on the functional program in the embedded flash memory, wherein the integrity verification comprises the following steps:
reading a program header of the functional program from the embedded flash memory, and executing a second hash operation on the part except the first preset position in the program header of the functional program to obtain a fourth abstract;
and comparing the fourth abstract with a third abstract of a first preset position of a program header of the functional program, and outputting firmware import error information when the fourth abstract is inconsistent with the third abstract.
As a further improvement of the present invention, a second preset position of the program header of the functional program has a fifth digest, and the fifth digest is obtained by executing a third hash operation on the main part of the functional program by the upper computer;
and carrying out integrity verification on the functional program in the embedded flash memory, wherein the integrity verification comprises the following steps:
reading the main part of the functional program from the embedded flash memory, and executing a third hash operation on the main part of the functional program to obtain a sixth abstract;
and comparing the sixth abstract with a fifth abstract of a second preset position of the program header of the functional program, and outputting firmware error information when the sixth abstract is inconsistent with the fifth abstract.
As a further improvement of the present invention, a third preset position of the program header of the functional program has a preset identifier, a preset public key and a first calculated value, the first calculated value is obtained by the upper computer executing a preset operation on the preset identifier and the length of the functional program by using a preset private key, and the preset public key corresponds to the preset private key;
after the integrity verification of the functional program in the embedded flash memory is passed, the method further comprises the following steps:
reading a preset identifier, a preset public key and a first calculated value from a third preset position of a program header of the functional program, and obtaining the length of the functional program written into the embedded flash memory;
executing preset operation on the preset identification and the length of the functional program written into the embedded flash memory by using the preset public key to obtain a second calculated value;
and when the second calculated value is consistent with the first calculated value, writing the starting address of the functional program and the program head of the functional program into an info area of the embedded flash memory.
As a further improvement of the present invention, after the integrity verification of the boot startup program and the algorithm library is passed, whether the functional program is completely imported is determined by reading the info area of the embedded flash memory, and the functional program from the upper computer is received when the functional program is not completely imported.
As a further improvement of the invention, when the functional program is written into the data storage area of the embedded flash memory, the access protection operation is executed on each written storage page in turn.
As a further improvement of the present invention, the method further comprises: and when the functional program is written into the data storage area of the embedded flash memory, cancelling the access protection of the storage page in which the functional program is stored, and executing write protection operation on all the storage pages in which the functional program is stored.
As a further improvement of the present invention, after writing the start address of the functional program and the program header of the functional program into the info area of the embedded flash memory, the method further includes:
and writing preset data into the sensitive data area of the embedded flash memory to seal the test port of the security chip.
The invention also provides a security chip, which comprises a main controller, a read-only memory, a programmable memory, an embedded flash memory and a hardware encryption unit, wherein the read-only memory stores a boot program and an algorithm library of firmware, and the main controller realizes the steps of the security chip firmware importing method when executing the boot program of the firmware.
The present invention also provides a readable storage medium, on which a computer program is stored, which, when executed by a processor, implements the steps of the secure chip firmware importing method as described above.
The invention has the following beneficial effects: the method has the advantages that the firmware of the security chip is divided into the boot startup program, the algorithm library and the functional program, and the functional program is written into the embedded flash memory after the integrity of the boot startup program and the algorithm library in the read-only memory is successfully verified, so that the flexibility of the use of the security chip can be improved, and the integrity of the firmware import of the security chip can be ensured.
Drawings
Fig. 1 is a schematic structural diagram illustrating a connection between a security chip and an upper computer in a security chip firmware importing method according to an embodiment of the present invention;
fig. 2 is a flowchart illustrating a secure chip firmware importing method according to an embodiment of the present invention;
fig. 3 is a schematic flowchart illustrating integrity verification performed on a boot loader and an algorithm library in the secure chip firmware importing method according to the embodiment of the present invention;
fig. 4 is a schematic flowchart illustrating a process of performing integrity verification on a program header of a functional program in the secure chip firmware importing method according to the embodiment of the present invention;
fig. 5 is a schematic flowchart illustrating integrity verification of a main part of a functional program in a secure chip firmware importing method according to an embodiment of the present invention;
fig. 6 is a schematic flowchart illustrating a process of verifying validity of a functional program in a secure chip firmware importing method according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and do not limit the invention.
Fig. 2 is a schematic flow chart of a secure chip firmware importing method according to an embodiment of the present invention, where the method is applicable to firmware importing of a secure chip (TPM) and can meet a high security requirement of the secure chip. As shown in fig. 1, the secure chip 20 includes a read only memory (rom) 22, an embedded flash memory (eFlash) 23, and a programmable memory (Efuse) 26. In addition, the secure chip 20 may further include a main controller 21, a hardware encryption unit 24, a Static Random Access Memory (SRAM), and the like, where the main controller 21, the read only memory 22, an embedded flash memory (eFlash) 23, the hardware encryption unit 24, a programmable memory (Efuse) 26, and the static random access memory may be packaged as a whole, and the controller 21, the read only memory 22, the embedded flash memory (eFlash) 23, the hardware encryption unit 24, the static random access memory, and the programmable memory (Efuse) 26 may be connected through internal lines and provide a connection interface 25 for connecting with an external device, such as an SPI interface, a USB interface, a JTAG, and the like. The hardware encryption unit 24 may specifically adopt a hardware encryption chip or a hardware encryption circuit, and a plurality of encryption algorithms, for example, encryption algorithms such as SM2, SM3, and SM4, are preset in the hardware encryption unit, and the hardware encryption unit may perform encryption and decryption operations on input data. The hardware structure of the security chip can directly adopt the existing scheme, and is not described again here.
In the present embodiment, the firmware running on the secure chip includes a BOOT loader (BOOT program), an algorithm library (for defining a general algorithm), and a function program (for defining a special algorithm), where the BOOT loader and the algorithm library are solidified into the rom 22 of the secure chip by a special burning device before the secure chip leaves the factory (for example, in the rom 22, the BOOT loader and the algorithm library exist in the form of a gate-level netlist). Since the rom 22 is read only and cannot be written to, and does not disappear after power down, the boot program and the algorithm library can be loaded successfully each time the chip is powered on.
The method of this embodiment may be executed by the main controller 21 of the secure chip 20 after the secure chip leaves the factory (i.e., after the boot program and the algorithm library are solidified into the read-only memory 21 of the secure chip), and when the method is executed, the secure chip needs to be connected to the upper computer 10 through the connection interface 25 (SPI interface or USB interface) (or connected to the upper computer 10 through a dedicated network device), specifically, the method includes:
step S31: after the boot loader and the algorithm library are solidified to the read-only memory and are powered on again, a first hash operation (for example, SM3 operation) is executed on the data in the read-only memory, and a first abstract is obtained. The first hash operation may be specifically performed by a hardware encryption unit.
Step S32: and acquiring a second abstract from the programmable memory, wherein the second abstract is generated by executing a first hash operation on the boot program and the algorithm library by the upper computer, and the second abstract is written into the programmable memory before the boot program and the algorithm library are solidified into the read-only memory, or the second abstract is written into the programmable memory when the boot program and the algorithm library are solidified into the read-only memory.
Step S33: and judging whether the first abstract is consistent with the second abstract, and executing the step S34 when the first abstract is consistent with the second abstract, otherwise, executing the step S35.
Step S34: and prompting exception and terminating subsequent firmware import. That is, the inconsistency between the first digest and the second digest indicates that the boot program and the algorithm library in the secure chip 20 are incomplete or tampered, at this time, the main controller 21 of the secure chip returns an exception value to enter an exception handling mechanism, and a wait loop is entered in the exception handling mechanism, so that the program stops executing, and the secure chip 20 cannot be started normally.
Step S35: the function program of the firmware is received from the upper computer 10 and written into the embedded flash memory 23.
The functional program may be generated by the upper computer 10 or acquired by the upper computer 10 from another device (for example, a remote server) and stored in the memory 12, and the processor 11 of the upper computer 10 transmits the functional program to the connection interface 25 of the security chip 20 through the data transmission interface circuit 13.
The purpose of integrity verification of the boot loader and the algorithm library in the rom 22 is to ensure that the boot loader and the algorithm library in the rom 22 are error free.
According to the method for importing the secure chip firmware, the secure chip firmware is divided into the boot startup program, the algorithm library and the functional program, the second abstract used for verifying the integrity of the data in the read-only memory is written into the programmable memory, and the functional program is written into the embedded flash memory after the boot startup program and the algorithm library in the read-only memory are successfully verified, so that the boot startup program maliciously modified by others is prevented from being solidified to the secure chip while the flexibility of the use of the secure chip is improved (namely, a user can define the functional program and write the functional program into the embedded flash memory to increase the functions of the secure chip), and the security of the secure chip firmware importing is greatly improved.
Specifically, in the above step S35, when the functional program is written into the data storage area of the embedded flash memory 23, the access protection operation is performed on each written page (page, usually 8K) in turn. Thus, in the process of writing the functional program into the embedded flash memory 23, access protection is performed on the storage space of one page (8K) every time the storage space of the page is written, so that the functional program is prevented from being illegally accessed or read out in the process of writing the functional program into the embedded flash memory 23, and the safety is improved.
After the functional program is completely loaded into the embedded flash memory 23, the access protection of the address space of the embedded flash memory 23 in which the functional program exists is removed, and instead, a write protection operation is performed on the address space of the embedded flash memory 23. That is, after the functional program is successfully imported into the embedded flash memory 23 for the first time, the main controller 21 executes the boot program to start the write protection mechanism of the functional firmware, and the address space where the functional program is located cannot be written into any more. Therefore, the external or boot initiator itself cannot re-import the functional program throughout the process of successful functional program import until the functional program is entered. Since there is no operation of erasing or writing to the own address space in the functional program, the write protection mechanism does not affect the normal use of the functional program. In addition, in the subsequent use, the external program cannot modify the address space in which the functional program is stored in the embedded flash memory 23, so that the stability of the functional program is ensured.
As described with reference to fig. 3, in an embodiment of the present invention, the program header of the boot program (i.e., the header of the boot program) has a preset key (the position of the preset key in the program header of the boot program can be set as required), and the functional program is transmitted to the security chip after being encrypted by the host computer 10 using the preset key (for example, using an SM4 encryption algorithm). Correspondingly, the receiving a functional program of the firmware from an upper computer and writing the functional program into the embedded flash memory in step S35 includes:
step S351: ciphertext data generated by the upper computer executing a first encryption algorithm on the functional program using a preset key is received from the upper computer 10. Namely, between the upper computer 10 and the security chip 20, the function program is transmitted in a ciphertext form.
Step S352: the program header of the boot program is booted from the rom 22 to obtain a preset key, and the ciphertext data is decrypted by using the preset key to obtain the functional program. The decryption of the ciphertext data using the preset key may be specifically performed by a hardware encryption unit.
Step S353: writing the functional program into a data storage area of the embedded flash memory (for example, storing the functional program in the embedded flash memory 23 in a BIN file), and writing the start address of the functional program and the program header of the functional program into an info area of the embedded flash memory (the info area corresponds to a directory area of the embedded flash memory 24), thereby completing firmware import of the security chip.
By the above mode, the functional program can be prevented from being intercepted by others in the process of being guided into the security chip 20 by the upper computer 10, and the security is improved.
Specifically, in an embodiment of the present invention, after the integrity verification of the boot loader and the algorithm library is passed, the main controller 21 of the secure chip 20 may confirm whether the functional program is completely booted by reading the info area of the embedded flash memory 23, and receive the functional program from the host computer when the functional program is not completely booted, i.e., enter a wait state. That is, after the security chip is powered on and reset again each time, the main controller 21 executes the boot startup program, determines whether the corresponding address space has the functional program at this time by judging whether the info area of the embedded flash memory 23 has the program header of the functional program, and directly skips to start the firmware if the functional program exists, without entering into the SPI waiting link of firmware import. This process also avoids the situation where the function is repeatedly imported.
In an embodiment of the present invention, in step S313 in fig. 3, after the functional program is written into the data storage area of the embedded flash memory 23 and before the start address of the functional program and the program header of the functional program are written into the info area of the embedded flash memory 23, a step of verifying the integrity of the functional program written into the embedded flash memory 23 may also be performed, so as to ensure that the functional program written into the embedded flash memory 23 is accurate and complete.
As a further improvement of the present invention, the first preset position of the program header of the functional program (i.e. the header of the functional program) has a third digest, and the third digest is obtained by the upper computer 10 performing a hash operation (for example, by executing the SM3 algorithm) on the part of the program header of the functional program except for the first preset position.
Accordingly, as shown in fig. 4, the integrity verification of the functional program in the embedded flash memory 23 includes:
step S3611: the program header of the functional program is read from the embedded flash memory 23, and the hash operation is performed on the part of the program header of the functional program except the first preset position by the hardware encryption unit to obtain the fourth digest.
Step S3612: the third digest is obtained from the first predetermined location of the program header of the functional program in the rom 22.
Step S3613: it is determined whether the fourth digest obtained in step S3611 is the same as the third digest obtained in step S3612, if so, step S3614 is executed, otherwise, step S3615 is executed.
Step S3614: and confirming that the program header of the functional program is complete, and executing the subsequent steps by the main controller 21 of the security chip.
Step S3615: and confirming that the program header of the functional program is incomplete, outputting firmware import error information, such as information of a boot address error, by the main controller of the secure chip to facilitate positioning of the error, and returning to the step S351 to repeat the functional program import process.
By checking the integrity of the program header of the functional program in the embedded flash memory 23, the error of the functional program during transmission from the upper computer to the security chip can be quickly found, thereby avoiding the long time of subsequent complex operations.
As shown in fig. 5, in an embodiment of the present invention, the second preset position of the program header of the functional program (i.e., the header of the functional program) has a fifth digest, and the fifth digest is obtained by the upper computer 10 performing a hash operation (e.g., by executing the SM3 algorithm) on the main part of the functional program (i.e., the part excluding the program header of the functional program). Accordingly, the integrity verification of the functional program in the embedded flash memory 23 includes:
step S3621: the main part of the functional program is read from the embedded flash memory 23, and the sixth digest is obtained by performing a hash operation on the main part of the functional program by the hardware encryption unit.
Step S3622: the fifth abstract is obtained from a second preset position of the program header of the functional program in the rom 22.
Step S3623: it is determined whether the sixth abstract obtained in step S3621 is the same as the fifth abstract obtained in step S3622, if the sixth abstract is the same as the fifth abstract, step S3624 is executed, otherwise, step S3625 is executed.
Step S3624: the main part of the function program is confirmed to be complete and the main controller 21 of the security chip performs the subsequent steps.
Step S3625: confirming that the main part of the functional program is incomplete, the main controller of the secure chip outputs firmware import error information, for example, outputs boot address error information, so as to facilitate positioning of the error, and returns to step S351 to repeat the functional program import process.
By performing integrity check on the main part of the functional program in the embedded flash memory 23, it is possible to ensure an error that occurs when the main part of the functional program is transferred from the upper computer to the security chip. In practical application, the integrity verification can be performed on the program head and the main part of the functional program in sequence, so that the functional program is prevented from being imported to make mistakes.
After the integrity verification of the functional program written into the embedded flash memory 23 is passed, a validity check of the functional program written into the embedded flash memory 23 may be further included. At this time, the third preset position of the program header of the boot loader in the rom 22 has a preset identifier, a public key and a first calculated value, and the first calculated value is obtained by the upper computer performing a preset operation (for example, SM4 encryption operation) on the preset identifier and the length of the functional program by using a private key (corresponding to the public key). Accordingly, as shown in fig. 6, the validity check of the functional program written into the embedded flash memory 23 includes:
step S3631: the preset identifier (e.g., user ID, etc.), the public key, and the first calculated value are read from a third preset location of the program header of the boot loader of the rom 22.
Step S3632: the length of the functional program written to the embedded flash memory 23 (e.g., the number of bytes of the embedded flash memory 23 occupied by the functional program) is obtained.
Step S3633: the control hardware encryption unit 23 performs a predetermined operation (for example, SM4 encryption operation) on the predetermined identifier and the length of the functional program written into the embedded flash memory by using the public key to obtain a second calculated value. The predetermined operation may be performed by a hardware encryption unit.
Step S3634: it is determined whether the second calculated value calculated in step S3633 is identical to the first calculated value obtained in step S3631, and step S3636 is performed when the second calculated value is identical to the first calculated value, otherwise step S3635 is performed.
Step S3635: the main controller of the security chip outputs firmware import error information, for example, outputs information of boot address error, so as to facilitate positioning of the error, and returns to step S3351 to repeat the function program import process.
Step S3636: and writing the starting address of the functional program and the program head of the functional program into an info area of the embedded flash memory to prompt that the burning of the functional program is finished.
By the method, the source of the functional program can be ensured to be effective. Because the functional program has a checking mechanism of a special program header, and the program header of the functional program contains a third abstract required by the main data checking of the firmware, a first calculated value required by the validity checking of the functional program, a public key and the like, if the functional program is successfully imported, the corresponding program header must be obtained first, a packaging tool of the program header can be strictly kept by a user, the whole importing process of the functional program is encryption transmission (namely the imported functional program is encrypted), and if the corresponding program header does not exist, the functional program cannot be decrypted, so that the functional program cannot be stolen to obtain valid information in the SPI transmission process, and the difficulty in cracking the security chip is greatly increased.
In particular, after the start address of the functional program and the program header of the functional program are written into the info area of the embedded flash memory 23, the test port of the security chip may also be closed by writing preset data into the sensitive data area of the embedded flash memory 23. In this way, the functional program storage area, even if inaccessible and non-erasable to the main controller 21, can only be accessed and read by the internal hardware logic circuit, and the test interface is turned off by the hardware after the power-on reset of the secure chip 10.
The invention also provides a security chip, which comprises a main controller, a read-only memory, a programmable memory, an embedded flash memory and a hardware encryption unit, wherein the read-only memory stores a boot program and an algorithm library of firmware, and the main controller realizes the steps of the security chip firmware importing method when executing the boot program of the firmware.
The secure chip in this embodiment and the secure chip firmware importing method in the embodiment corresponding to fig. 1 to 6 belong to the same concept, and specific implementation processes thereof are detailed in the corresponding method embodiments, and technical features in the method embodiments are correspondingly applicable in this device embodiment, and are not described herein again.
The present invention also provides a computer-readable storage medium, wherein the storage medium stores a computer program, and when the computer program is executed by a processor, the steps of the secure chip firmware importing method are implemented.
The computer readable storage medium in this embodiment and the secure chip firmware importing method in the embodiment corresponding to fig. 1 to 6 belong to the same concept, and specific implementation processes thereof are detailed in the corresponding method embodiments, and technical features in the method embodiments are applicable in this apparatus embodiment, and are not described herein again.
It should be understood that, the sequence numbers of the steps in the foregoing embodiments do not imply an execution sequence, and the execution sequence of each process should be determined by functions and internal logic of the process, and should not constitute any limitation to the implementation process of the embodiments of the present application.
It is obvious to those skilled in the art that, for convenience and simplicity of description, the foregoing functional units and modules are merely illustrated in terms of division, and in practical applications, the foregoing functions may be distributed as needed by different functional units and modules. Each functional unit and module in the embodiments may be integrated in one processor, or each unit may exist alone physically, or two or more units are integrated in one unit, and the integrated unit may be implemented in a form of hardware, or in a form of software functional unit. In addition, specific names of the functional units and modules are only used for distinguishing one functional unit from another, and are not used for limiting the protection scope of the present application. The specific working processes of the units and modules in the system may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and reference may be made to the related descriptions of other embodiments for parts that are not described or illustrated in a certain embodiment.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
In the embodiments provided in the present application, it should be understood that the disclosed secure chip firmware importing method and the secure chip may be implemented in other ways. For example, the solid state chip embodiments described above are merely illustrative.
In addition, functional units in the embodiments of the present application may be integrated into one processor, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated modules/units, if implemented in the form of software functional units and sold or used as separate products, may be stored in a computer readable storage medium. Based on such understanding, all or part of the flow in the method of the embodiments described above can be realized by a computer program, which can be stored in a computer readable storage medium and can realize the steps of the embodiments of the methods described above when the computer program is executed by a processor. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer-readable medium may include: any physical or interface switching device, recording medium, usb disk, removable hard disk, magnetic disk, optical disk, computer Memory, read-Only Memory (ROM), random Access Memory (RAM), electrical carrier wave signal, telecommunication signal, software distribution medium or the like capable of carrying said computer program code. It should be noted that the computer readable medium may contain suitable additions or subtractions depending on the requirements of legislation and patent practice in jurisdictions, for example, in some jurisdictions, computer readable media may not include electrical carrier signals or telecommunication signals in accordance with legislation and patent practice.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not depart from the spirit and scope of the embodiments of the present application, and they should be construed as being included in the present application.
Claims (12)
1. A secure chip firmware importing method is characterized in that a secure chip comprises a read only memory, a programmable memory and an embedded flash memory, and the firmware comprises a boot startup program, an algorithm library and a functional program; the method comprises the following steps:
after the boot program and the algorithm library are solidified to the read-only memory and are powered on again, performing a first hash operation on data in the read-only memory and obtaining a first abstract;
acquiring a second abstract from the programmable memory, wherein the second abstract is generated by executing a first hash operation on a boot program and an algorithm library by an upper computer, and the second abstract is written into the programmable memory before the boot program and the algorithm library are solidified into the read-only memory or when the boot program and the algorithm library are solidified into the read-only memory;
and responding to the consistency of the first abstract and the second abstract, receiving a functional program of the firmware from an upper computer, and writing the functional program into the embedded flash memory.
2. The secure chip firmware importing method according to claim 1, wherein a program header of the boot loader has a preset key;
the receiving the functional program of the firmware from the upper computer and writing the functional program into the embedded flash memory includes:
receiving ciphertext data from an upper computer, wherein the ciphertext data is generated by the upper computer through executing a first encryption algorithm on a functional program by using a preset secret key;
and after acquiring a preset key from a program header for guiding a starting program in the read-only memory, decrypting the ciphertext data by using the preset key to obtain a functional program, writing the functional program into a data storage area of the embedded flash memory, and writing a starting address of the functional program and the program header of the functional program into an info area of the embedded flash memory.
3. The secure chip firmware importing method according to claim 2, wherein before writing the start address of the functional program and the program header of the functional program into an info area of the embedded flash memory, the method includes: and carrying out integrity verification on the functional program in the embedded flash memory.
4. The secure chip firmware importing method according to claim 3, wherein a first preset position of a program header of the functional program has a third digest, and the third digest is obtained by executing, by an upper computer, a second hash operation on a part of the program header of the functional program except the first preset position;
and carrying out integrity verification on the functional program in the embedded flash memory, wherein the integrity verification comprises the following steps:
reading a program header of the functional program from the embedded flash memory, and executing a second hash operation on the part except the first preset position in the program header of the functional program to obtain a fourth abstract;
and comparing the fourth abstract with a third abstract of a first preset position of a program header of the functional program, and outputting firmware import error information when the fourth abstract is inconsistent with the third abstract.
5. The secure chip firmware importing method according to claim 3, wherein a second preset position of a program header of the functional program has a fifth digest, and the fifth digest is obtained by performing a third hash operation on a main part of the functional program by an upper computer;
and carrying out integrity verification on the functional program in the embedded flash memory, wherein the integrity verification comprises the following steps:
reading the main part of the functional program from the embedded flash memory, and executing a third hash operation on the main part of the functional program to obtain a sixth abstract;
and comparing the sixth abstract with a fifth abstract of a second preset position of the program head of the functional program, and outputting firmware error information when the sixth abstract is inconsistent with the fifth abstract.
6. The secure chip firmware importing method according to claim 3, wherein a third preset position of a program header of the functional program has a preset identifier, a preset public key and a first calculated value, the first calculated value is obtained by executing a preset operation on the preset identifier and the length of the functional program by using a preset private key by an upper computer, and the preset public key corresponds to the preset private key;
after the integrity verification of the functional program in the embedded flash memory is passed, the method further comprises the following steps:
reading a preset identifier, a preset public key and a first calculated value from a third preset position of a program head of the functional program, and obtaining the length of the functional program written into the embedded flash memory;
executing preset operation on the preset identification and the length of the functional program written into the embedded flash memory by using the preset public key to obtain a second calculated value;
and when the second calculated value is consistent with the first calculated value, writing the starting address of the functional program and the program head of the functional program into an info area of the embedded flash memory.
7. The secure chip firmware importing method according to claim 1, wherein after the integrity verification of the boot loader and the algorithm library is passed, whether the importing of the functional program is completed is confirmed by reading an info area of the embedded flash memory, and the functional program is received from an upper computer when the importing of the functional program is not completed.
8. The secure chip firmware importing method according to claim 1, wherein, when the functional program is written into the data storage area of the embedded flash memory, each written storage page is sequentially subjected to an access protection operation.
9. The secure chip firmware importing method according to claim 8, wherein the method further comprises: and when the functional program is written into the data storage area of the embedded flash memory, cancelling the access protection of the storage page in which the functional program is stored, and executing write protection operation on all the storage pages in which the functional program is stored.
10. The secure chip firmware importing method according to claim 1, further comprising, after writing a start address of the functional program and a program header of the functional program into an info area of the embedded flash memory:
and writing preset data into the sensitive data area of the embedded flash memory to seal the test port of the security chip.
11. A security chip, comprising a main controller, a read-only memory, a programmable memory, an embedded flash memory and a hardware encryption unit, wherein the read-only memory stores a boot-up program and an algorithm library of firmware, and the steps of the security chip firmware importing method according to any one of claims 1 to 10 are implemented when the main controller executes the boot-up program of the firmware.
12. A readable storage medium, on which a computer program is stored, which, when executed by a processor, implements the steps of the secure chip firmware importing method according to any one of claims 1 to 10.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211381974.XA CN115688120A (en) | 2022-11-01 | 2022-11-01 | Secure chip firmware importing method, secure chip and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211381974.XA CN115688120A (en) | 2022-11-01 | 2022-11-01 | Secure chip firmware importing method, secure chip and computer readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115688120A true CN115688120A (en) | 2023-02-03 |
Family
ID=85050988
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211381974.XA Pending CN115688120A (en) | 2022-11-01 | 2022-11-01 | Secure chip firmware importing method, secure chip and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115688120A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116737181A (en) * | 2023-04-26 | 2023-09-12 | 珠海妙存科技有限公司 | Universal flash memory chip and burning method |
-
2022
- 2022-11-01 CN CN202211381974.XA patent/CN115688120A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116737181A (en) * | 2023-04-26 | 2023-09-12 | 珠海妙存科技有限公司 | Universal flash memory chip and burning method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2020093214A1 (en) | Application program login method, application program login device and mobile terminal | |
| TWI598814B (en) | System and method for managing and diagnosing a computing device equipped with unified extensible firmware interface (uefi)-compliant firmware | |
| CN109313690A (en) | Self-contained encryption boot policy verifying | |
| US20080082828A1 (en) | Circuit arrangement and method for starting up a circuit arrangement | |
| AU2013270195B2 (en) | Mobile terminal detection method and mobile terminal | |
| US20150095652A1 (en) | Encryption and decryption processing method, apparatus, and device | |
| CN113434853B (en) | Method for burning firmware to storage device and controller | |
| CN108229144B (en) | Verification method of application program, terminal equipment and storage medium | |
| WO2011134207A1 (en) | Method for protecting software | |
| CN110795126A (en) | Firmware safety upgrading system | |
| US9262631B2 (en) | Embedded device and control method thereof | |
| CN112000382B (en) | Linux system starting method and device and readable storage medium | |
| CN115129332A (en) | Firmware burning method, computer equipment and readable storage medium | |
| CN115688120A (en) | Secure chip firmware importing method, secure chip and computer readable storage medium | |
| CN109814934B (en) | Data processing method, device, readable medium and system | |
| CN111177709A (en) | Execution method and device of terminal trusted component and computer equipment | |
| CN112613011B (en) | USB flash disk system authentication method and device, electronic equipment and storage medium | |
| CN112231649A (en) | Firmware encryption processing method, device, equipment and medium | |
| US20170075608A1 (en) | Solid state memory unit and method for protecting a memory including verification of a sequence of requests for access to physical blocks | |
| CN111190614A (en) | Software installation method and computer equipment | |
| CN111177674A (en) | Device verification method and device | |
| CN114780981A (en) | Method for storing security data, computer device and computer-readable storage medium | |
| WO2021102753A1 (en) | Flash packet encryption method and apparatus, electronic device, and computer storage medium | |
| CN115599407B (en) | Firmware burning method, firmware burning system and memory storage device | |
| TWI818221B (en) | Chip and method capable of authenticating off-chip debug firmware program and debug user |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |