CN116011043A - Firmware secure start method, device, equipment and storage medium based on SSD - Google Patents
Firmware secure start method, device, equipment and storage medium based on SSD Download PDFInfo
- Publication number
- CN116011043A CN116011043A CN202211644445.4A CN202211644445A CN116011043A CN 116011043 A CN116011043 A CN 116011043A CN 202211644445 A CN202211644445 A CN 202211644445A CN 116011043 A CN116011043 A CN 116011043A
- Authority
- CN
- China
- Prior art keywords
- key
- firmware
- verification
- primary
- public key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Storage Device Security (AREA)
Abstract
The embodiment of the invention discloses a firmware secure start method, a device, equipment and a storage medium based on SSD, wherein the method comprises the following steps: verifying a primary key, wherein the primary key comprises a primary public key and a primary private key; if the primary key verification is successful, verifying a secondary key, wherein the secondary key comprises a secondary public key and a secondary private key; if the secondary key verification is successful, judging whether the secondary public key is already revoked; if the hardware is not revoked, generating a firmware abstract; verifying the firmware signature; and if the firmware signature verification is successful, executing a firmware starting operation. The invention is based on the firmware security verification and starting method of the integration of symmetric and asymmetric encryption technology and multistage encryption verification, thereby greatly reducing the possibility of being cracked, simultaneously introducing a key revocation mechanism, and eliminating the risk through timely updating under the condition that the key is cracked.
Description
Technical Field
The invention relates to the technical field of data storage, in particular to a firmware security starting method, device, equipment and storage medium based on SSD.
Background
The existing SSD safe starting scheme generally adopts single-stage firmware signature verification, once a secret key is obtained, the secret key can be cracked, and meanwhile, no method is adopted for recovery after the secret key is cracked.
Disclosure of Invention
The invention aims to overcome the defects of the prior art, provides a firmware security starting method, device, equipment and storage medium based on SSD, and aims to improve the security level of firmware verification in an SSD application scene and reduce the risk of cracking.
In order to achieve the above purpose, the present invention adopts the following technical scheme:
in a first aspect, a firmware secure boot method based on an SSD includes:
verifying a primary key, wherein the primary key comprises a primary public key and a primary private key;
if the primary key verification is successful, verifying a secondary key, wherein the secondary key comprises a secondary public key and a secondary private key;
if the secondary key verification is successful, judging whether the secondary public key is already revoked;
if the hardware is not revoked, generating a firmware abstract;
verifying the firmware signature;
and if the firmware signature verification is successful, executing a firmware starting operation.
The further technical scheme is as follows: the primary key comprises a primary public key and a primary private key, and the primary key comprises:
carrying out Hash processing on the primary public key;
if the Hash value obtained by the Hash processing is the same as the Hash value stored in the memory, the primary key verification is successful.
The further technical scheme is as follows: if the primary key verification is successful, verifying a secondary key, wherein the secondary key comprises a secondary public key and a secondary private key, and the method comprises the following steps:
signing the signature of the secondary public key certificate by using the primary public key;
if the signature verification is successful, the secondary key verification is judged to be successful.
The further technical scheme is as follows: the verifying firmware signature comprises:
decrypting the firmware signature using the secondary public key;
and if the decrypted digest is the same as the generated firmware digest, the verification of the firmware signature is successful.
The firmware security starting device based on SSD comprises a first verification unit, a second verification unit, a judging unit, a generating unit, a third verification unit and an executing unit;
the first verification unit is used for verifying a primary key, and the primary key comprises a primary public key and a primary private key;
the second verification unit is used for verifying a secondary key if the primary key is successfully verified, wherein the secondary key comprises a secondary public key and a secondary private key;
the judging unit is used for judging whether the secondary public key is revoked if the secondary key is successfully verified;
the generating unit is used for generating a firmware abstract if the generation unit does not have the cancellation;
the third verification unit is used for verifying the firmware signature;
and the execution unit is used for executing the firmware starting operation if the firmware signature verification is successful.
The further technical scheme is as follows: the first verification unit comprises a Hash processing module and a first comparison module;
the Hash processing module is used for carrying out Hash processing on the primary public key;
the first comparison module is used for verifying the primary key successfully if the Hash value obtained by the Hash processing is the same as the Hash value stored in the memory.
The further technical scheme is as follows: the second verification unit comprises a first signature verification module and a judgment module;
the first signing verification module is used for verifying the signature of the secondary public key certificate by using the primary public key;
and the judging module is used for judging that the secondary key verification is successful if the signature verification is successful.
The further technical scheme is as follows: the third verification unit comprises a decryption module and a second comparison module;
the decryption module is used for decrypting the firmware signature by using the secondary public key;
and the second comparison module is used for verifying the firmware signature successfully if the decrypted abstract is the same as the generated firmware abstract.
In a third aspect, a computer device includes a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing an SSD-based firmware secure boot method as described above when the computer program is executed.
In a fourth aspect, a computer readable storage medium stores a computer program comprising program instructions that, when executed by a processor, cause the processor to perform an SSD-based firmware secure boot method as described above.
Compared with the prior art, the invention has the beneficial effects that: the method comprises the steps that a primary secret key is verified, wherein the primary secret key comprises a primary public key and a primary private key; if the primary key verification is successful, verifying a secondary key, wherein the secondary key comprises a secondary public key and a secondary private key; if the secondary key verification is successful, judging whether the secondary public key is already revoked; if the hardware is not revoked, generating a firmware abstract; verifying the firmware signature; and if the firmware signature verification is successful, executing a firmware starting operation. The firmware security verification and starting method based on the fusion of symmetric and asymmetric encryption technologies and multi-stage encryption verification greatly reduces the possibility of being cracked, and simultaneously introduces a key revocation mechanism, so that the risk is relieved through timely updating under the condition that the key is cracked.
The foregoing description is only an overview of the present invention, and is intended to be more clearly understood as being carried out in accordance with the following description of the preferred embodiments, as well as other objects, features and advantages of the present invention.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required for the description of the embodiments will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flowchart of a firmware secure boot method based on SSD according to an embodiment of the present invention;
FIG. 2 is a schematic block diagram of an SSD-based firmware secure boot device according to an embodiment of the present invention;
fig. 3 is a schematic block diagram of a computer device according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
It should be understood that the terms "comprises" and "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It is also to be understood that the terminology used in the description of the invention is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in this specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should be further understood that the term "and/or" as used in the present specification and the appended claims refers to any and all possible combinations of one or more of the associated listed items, and includes such combinations.
The embodiment of the invention provides a firmware secure starting method based on SSD, which is characterized in that before the firmware secure starting, SSD needs to be set, specifically, on a management side, a first-stage public key and a private key (prim_PubKey and prim_PrivKey) of a pair of asymmetric encryption need to be maintained, and a Second-stage public key and a private key (second_ PubKey, second _PrivKey) are generated aiming at SSD products. The second need is to generate a set of keys (fw_summary_keys 0-N) for firmware digest generation for SSD products. Then, when the SSD leaves the factory, the Hash value (prim_PubKey_HashVal) of the primary public key and the key set of the firmware abstract are burnt into the EEPROM of the SSD.
In the firmware issuing operation, first, a secondary public key certificate (secondary key_cert) needs to be generated, and the certificate includes a secondary public key (secondary_pubkey), a secondary public key ID (secondary key_id), and a Revoked secondary key ID (revoked_secondary key_id). Second, the secondary public key certificate needs to be signed using the primary private key. Third, a firmware digest random number (fw_sum_randnum) needs to be generated, a Key in fw_sum_keys 0 to N is selected after the random number is modulo, and the Key and the firmware are executed together to execute the Sha256 algorithm, so as to generate the firmware digest. Fourth, the firmware digest is encrypted using a secondary private key to generate a firmware signature. Fifth, the primary public key, the secondary public key certificate signature, the digest random number, and the firmware signature need to be placed in the header of the firmware.
After the SSD is set through the above, the safe starting process can be executed according to the requirement.
As shown in fig. 1, the firmware secure boot method based on SSD includes the steps of: S10-S60.
S10, verifying a primary key, wherein the primary key comprises a primary public key and a primary private key.
The verification of the primary key is entered by the SSD reading the image_Header of the firmware.
In one embodiment, the step S10 specifically includes the following steps: S101-S102.
S101, carrying out Hash processing on the primary public key.
S102, if the Hash value obtained by the Hash processing is the same as the Hash value stored in the memory, the primary key verification is successful.
Specifically, the first-level public key is compared with the Hash value in the EEPROM after being hashed, if the comparison is the same, the first-level key is successfully verified, and if the starting process is exited, the starting process fails.
And S20, if the primary key verification is successful, verifying a secondary key, wherein the secondary key comprises a secondary public key and a secondary private key.
In one embodiment, the step S20 specifically includes the following steps: S201-S202.
S201, signing the signature of the secondary public key certificate by using the primary public key;
s202, if the signature verification is successful, the secondary key verification is judged to be successful.
Specifically, the primary public key is used for signing the signature of the secondary public key certificate, if the signing is successful, the subsequent processing of the starting process is carried out, if the signing is failed, the starting process is exited, and the starting is failed.
S30, if the secondary key verification is successful, judging whether the secondary public key is revoked.
After the secondary key verification is successful, if there is a secondary public key leakage or the like that affects security, it is necessary to revoke the secondary key ID in the corresponding secondary public key certificate, and add the ID to the Revoked secondary key ID Set (revoked_secondary key_set) of the SSD. On the contrary, if there is no secondary public key leakage or the like affecting security, it is not necessary to revoke the secondary key ID in the corresponding secondary public key certificate and add the ID to the Revoked secondary key ID Set (revoked_secondary key_set) of the SSD. Therefore, whether the secondary public key has leakage or not can be determined by judging whether the secondary public key is already revoked or not, and the security is affected.
Specifically, by checking whether the secondary public key in the secondary public key certificate is already in the revocation set of the SSD, if the secondary public key is already in the revocation set, it is indicated that the secondary public key has leakage and other conditions affecting safety, and the start-up procedure needs to be exited, and the start-up fails. If the second-level public key does not exist in the suspension set, the condition that the security is affected due to leakage and the like is indicated, and the subsequent starting flow can be continued.
And S40, if the cancellation is not performed, generating a firmware abstract.
Specifically, a digest random number in the image_header is obtained, a key in an EEPROM is selected after modulo taking, a Hash algorithm is executed on a key reinforcement by using Sha256, and a firmware digest is generated.
S50, verifying the firmware signature.
In one embodiment, the step S50 specifically includes the following steps: S501-S502.
S501, decrypting the firmware signature by using the secondary public key.
S502, verifying the firmware signature successfully if the decrypted abstract is the same as the generated firmware abstract.
Specifically, the second-level public key is used to decrypt the firmware signature in the image_header, the decrypted abstract is compared with the abstract calculated in step S40, if the comparison results are the same, the firmware signature verification is successful, if the comparison results are different, the firmware signature verification fails, the starting process is exited, and the starting fails.
S60, if the firmware signature verification is successful, executing the firmware starting operation.
After the firmware signature verification is successful, the encryption verification of multiple stages is completed, so that a firmware start operation can be performed.
The invention is based on the firmware security verification and starting method of the integration of symmetric and asymmetric encryption technology and multistage encryption verification, thereby greatly reducing the possibility of being cracked, simultaneously introducing a key revocation mechanism, and eliminating the risk through timely updating under the condition that the key is cracked.
FIG. 2 is a schematic block diagram of an SSD-based firmware secure boot device provided by an embodiment of the present invention; corresponding to the above firmware secure boot method based on SSD, the embodiment of the invention further provides a firmware secure boot device 100 based on SSD.
As shown in fig. 2, the SSD-based firmware security start-up device 100 includes a first authentication unit 110, a second authentication unit 120, a judgment unit 130, a generation unit 140, a third authentication unit 150, and an execution unit 160. The first verification unit 110 is configured to verify a primary key, where the primary key includes a primary public key and a primary private key. The second verification unit 120 is configured to verify the second key if the first key verification is successful, where the second key includes a second public key and a second private key. And the judging unit 130 is configured to judge whether the secondary public key is revoked if the secondary key verification is successful. And the generating unit 140 is configured to generate a firmware digest if the cancellation is not performed. And a third verification unit 150 for verifying the firmware signature. The execution unit 160 is configured to execute a firmware start operation if the firmware signature verification is successful.
In an embodiment, the first verification unit 110 includes a Hash processing module and a first comparison module. The Hash processing module is used for carrying out Hash processing on the primary public key; the first comparison module is used for verifying the primary key successfully if the Hash value obtained by the Hash processing is the same as the Hash value stored in the memory.
In an embodiment, the second verification unit 120 includes a first verification module and a determination module. And the first signature verification module is used for verifying the signature of the secondary public key certificate by using the primary public key. And the judging module is used for judging that the secondary key verification is successful if the signature verification is successful.
In an embodiment, the third verification unit 150 includes a decryption module and a second comparison module. The decryption module is used for decrypting the firmware signature by using the secondary public key; and the second comparison module is used for verifying the firmware signature successfully if the decrypted abstract is the same as the generated firmware abstract.
The above-described SSD-based firmware secure boot apparatus may be implemented in the form of a computer program that can be run on a computer device as shown in fig. 3.
Referring to fig. 3, fig. 3 is a schematic block diagram of a computer device according to an embodiment of the present application. The computer device 700 may be a server, where the server may be a stand-alone server or may be a server cluster formed by a plurality of servers.
As shown in fig. 3, the computer device includes a memory, a processor, and a computer program stored on the memory and executable on the processor, where the processor implements the above-described SSD-based firmware security boot method steps when the computer program is executed.
The computer device 700 may be a terminal or a server. The computer device 700 includes a processor 720, a memory, and a network interface 750, which are connected through a system bus 710, wherein the memory may include a non-volatile storage medium 730 and an internal memory 740.
The non-volatile storage medium 730 may store an operating system 731 and computer programs 732. The computer program 732, when executed, may cause the processor 720 to perform any one of the SSD-based firmware secure boot methods.
The processor 720 is used to provide computing and control capabilities to support the operation of the overall computer device 700.
The internal memory 740 provides an environment for the execution of a computer program 732 in the non-volatile storage medium 730, which computer program 732, when executed by the processor 720, causes the processor 720 to perform any of the SSD-based firmware secure boot methods.
The network interface 750 is used for network communications such as sending assigned tasks and the like. Those skilled in the art will appreciate that the structures shown in FIG. 3 are block diagrams only and do not constitute a limitation of the computer device 700 to which the present teachings apply, and that a particular computer device 700 may include more or fewer components than shown, or may combine certain components, or have a different arrangement of components. Wherein the processor 720 is configured to execute the program code stored in the memory to implement the following steps:
the firmware security starting method based on SSD comprises the following steps:
verifying a primary key, wherein the primary key comprises a primary public key and a primary private key;
if the primary key verification is successful, verifying a secondary key, wherein the secondary key comprises a secondary public key and a secondary private key;
if the secondary key verification is successful, judging whether the secondary public key is already revoked;
if the hardware is not revoked, generating a firmware abstract;
verifying the firmware signature;
and if the firmware signature verification is successful, executing a firmware starting operation.
In one embodiment: the primary key comprises a primary public key and a primary private key, and the primary key comprises:
carrying out Hash processing on the primary public key;
if the Hash value obtained by the Hash processing is the same as the Hash value stored in the memory, the primary key verification is successful.
In one embodiment: if the primary key verification is successful, verifying a secondary key, wherein the secondary key comprises a secondary public key and a secondary private key, and the method comprises the following steps:
signing the signature of the secondary public key certificate by using the primary public key;
if the signature verification is successful, the secondary key verification is judged to be successful.
In one embodiment: the verifying firmware signature comprises:
decrypting the firmware signature using the secondary public key;
and if the decrypted digest is the same as the generated firmware digest, the verification of the firmware signature is successful.
It should be appreciated that in embodiments of the present application, the processor 720 may be a Central processing unit (Central ProcessingUnit, CPU), the processor 720 may also be other general purpose processors, digital signal processors (DigitalSignalProcessor, DSP), application specific integrated circuits (ApplicationSpecificIntegrated Circuit, ASIC), off-the-shelf programmable gate arrays (Field-ProgrammableGateArray, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. Wherein the general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
Those skilled in the art will appreciate that the computer device 700 structure shown in FIG. 3 is not limiting of the computer device 700 and may include more or fewer components than shown, or may combine certain components, or a different arrangement of components.
In another embodiment of the present invention, a computer-readable storage medium is provided. The computer readable storage medium may be a non-volatile computer readable storage medium. The computer readable storage medium stores a computer program, wherein the computer program when executed by a processor implements the firmware secure boot method based on SSD disclosed in the embodiments of the present invention.
It will be clearly understood by those skilled in the art that, for convenience and brevity of description, specific working procedures of the apparatus, device and unit described above may refer to corresponding procedures in the foregoing method embodiments, which are not repeated herein. Those of ordinary skill in the art will appreciate that the elements and algorithm steps described in connection with the embodiments disclosed herein may be embodied in electronic hardware, in computer software, or in a combination of the two, and that the elements and steps of the examples have been generally described in terms of function in the foregoing description to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
In the several embodiments provided by the present invention, it should be understood that the disclosed apparatus, device and method may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, and for example, the division of the units is merely a logical function division, there may be another division manner in actual implementation, or units having the same function may be integrated into one unit, for example, multiple units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed. In addition, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices, or elements, or may be an electrical, mechanical, or other form of connection.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the embodiment of the present invention.
In addition, each functional unit in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated units may be stored in a storage medium if implemented in the form of software functional units and sold or used as stand-alone products. Based on such understanding, the technical solution of the present invention is essentially or a part contributing to the prior art, or all or part of the technical solution may be embodied in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-only memory (ROM), a magnetic disk, an optical disk, or other various media capable of storing program codes.
While the invention has been described with reference to certain preferred embodiments, it will be understood by those skilled in the art that various changes and substitutions of equivalents may be made and equivalents will be apparent to those skilled in the art without departing from the scope of the invention. Therefore, the protection scope of the invention is subject to the protection scope of the claims.
Claims (10)
1. The firmware security starting method based on SSD is characterized by comprising the following steps:
verifying a primary key, wherein the primary key comprises a primary public key and a primary private key;
if the primary key verification is successful, verifying a secondary key, wherein the secondary key comprises a secondary public key and a secondary private key;
if the secondary key verification is successful, judging whether the secondary public key is already revoked;
if the hardware is not revoked, generating a firmware abstract;
verifying the firmware signature;
and if the firmware signature verification is successful, executing a firmware starting operation.
2. The SSD-based firmware secure boot method of claim 1, wherein the verifying the primary key comprises a primary public key and a primary private key, comprising:
carrying out Hash processing on the primary public key;
if the Hash value obtained by the Hash processing is the same as the Hash value stored in the memory, the primary key verification is successful.
3. The SSD-based firmware secure boot method of claim 1, wherein if the primary key verification is successful, verifying a secondary key, the secondary key comprising a secondary public key and a secondary private key, comprises:
signing the signature of the secondary public key certificate by using the primary public key;
if the signature verification is successful, the secondary key verification is judged to be successful.
4. The SSD-based firmware secure boot method of claim 1, wherein the verifying a firmware signature comprises:
decrypting the firmware signature using the secondary public key;
and if the decrypted digest is the same as the generated firmware digest, the verification of the firmware signature is successful.
5. The firmware security starting device based on the SSD is characterized by comprising a first verification unit, a second verification unit, a judging unit, a generating unit, a third verification unit and an executing unit;
the first verification unit is used for verifying a primary key, and the primary key comprises a primary public key and a primary private key;
the second verification unit is used for verifying a secondary key if the primary key is successfully verified, wherein the secondary key comprises a secondary public key and a secondary private key;
the judging unit is used for judging whether the secondary public key is revoked if the secondary key is successfully verified;
the generating unit is used for generating a firmware abstract if the generation unit does not have the cancellation;
the third verification unit is used for verifying the firmware signature;
and the execution unit is used for executing the firmware starting operation if the firmware signature verification is successful.
6. The SSD-based firmware secure boot device of claim 5, wherein the first authentication unit comprises a Hash processing module and a first contrast module;
the Hash processing module is used for carrying out Hash processing on the primary public key;
the first comparison module is used for verifying the primary key successfully if the Hash value obtained by the Hash processing is the same as the Hash value stored in the memory.
7. The SSD-based firmware secure boot device of claim 5, wherein the second verification unit comprises a first signature verification module and a determination module;
the first signing verification module is used for verifying the signature of the secondary public key certificate by using the primary public key;
and the judging module is used for judging that the secondary key verification is successful if the signature verification is successful.
8. The SSD-based firmware secure boot device of claim 5, wherein the third verification unit comprises a decryption module and a second contrast module;
the decryption module is used for decrypting the firmware signature by using the secondary public key;
and the second comparison module is used for verifying the firmware signature successfully if the decrypted abstract is the same as the generated firmware abstract.
9. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the SSD-based firmware secure boot method of any one of claims 1-4 when the computer program is executed.
10. A computer readable storage medium, characterized in that the storage medium stores a computer program comprising program instructions that, when executed by a processor, cause the processor to perform the SSD-based firmware secure boot method of any one of claims 1-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211644445.4A CN116011043A (en) | 2022-12-20 | 2022-12-20 | Firmware secure start method, device, equipment and storage medium based on SSD |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211644445.4A CN116011043A (en) | 2022-12-20 | 2022-12-20 | Firmware secure start method, device, equipment and storage medium based on SSD |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116011043A true CN116011043A (en) | 2023-04-25 |
Family
ID=86020246
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211644445.4A Pending CN116011043A (en) | 2022-12-20 | 2022-12-20 | Firmware secure start method, device, equipment and storage medium based on SSD |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116011043A (en) |
-
2022
- 2022-12-20 CN CN202211644445.4A patent/CN116011043A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP5703391B2 (en) | System and method for tamper resistant boot processing | |
| JP6773617B2 (en) | Update controller, software update system and update control method | |
| EP2659373B1 (en) | System and method for secure software update | |
| WO2021012552A1 (en) | Login processing method and related device | |
| US8001383B2 (en) | Secure serial number | |
| JP7454564B2 (en) | Methods, user devices, management devices, storage media and computer program products for key management | |
| JP4638912B2 (en) | Method for transmitting a direct proof private key in a signed group to a device using a distribution CD | |
| US8856538B2 (en) | Secured flash programming of secondary processor | |
| US9946474B2 (en) | Storing and accessing data | |
| JP2022028632A (en) | Device and method | |
| US20190042725A1 (en) | System, Apparatus And Method For Independently Recovering A Credential | |
| CN112866242B (en) | Block chain-based digital identity authentication method, equipment and storage medium | |
| CA2995772A1 (en) | A method of block building based on byzantine consensus via four rounds of communication | |
| CN114049121B (en) | Block chain based account resetting method and equipment | |
| CN108540447B (en) | Block chain-based certificate verification method and system | |
| US20220182248A1 (en) | Secure startup method, controller, and control system | |
| KR101492514B1 (en) | Method, apparatus and system for employing a secure content protection system | |
| US11595218B2 (en) | Authorization delegation | |
| CN116881936A (en) | Trusted computing method and related equipment | |
| CN116011043A (en) | Firmware secure start method, device, equipment and storage medium based on SSD | |
| US20240126886A1 (en) | Trusted Computing for Digital Devices | |
| JP5436323B2 (en) | COMMUNICATION DEVICE, COMMUNICATION SYSTEM, COMMUNICATION METHOD, AND COMMUNICATION PROGRAM | |
| WO2023222238A1 (en) | Apparatus and method for secure boot using authorized subkeys | |
| CN115398856A (en) | Key attribute verification | |
| CN116827553A (en) | Authentication code generation method, device, equipment and storage medium based on SM3 algorithm |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |