CN116049810A - System starting method and electronic equipment - Google Patents

Abstract

The present disclosure relates to the field of system security, and in particular, to a system startup method and an electronic device. A system boot method applied to an electronic device comprising a chip, a small kernel partition, a boot verification public key partition, and an operating system partition, the method comprising: acquiring unlocking authorization, wherein the unlocking authorization is used for authorizing to continuously finish a trusted starting verification process when signature verification fails in the trusted starting verification process; executing the trusted start verification process: verifying the mirror image of the research and development operating system stored in the operating system partition, and reading the mirror image of the research and development operating system after verification is successful; and starting the research and development system based on the research and development operating system image.

Description

System starting method and electronic equipment

[ field of technology ]

The present disclosure relates to the field of system security, and in particular, to a system startup method and an electronic device.

[ background Art ]

In the start-up process of commercial electronic equipment, the code executed by the electronic equipment needs to be ensured to come from a trusted source through trusted start-up verification, and the code with a non-trusted resistance value is run.

However, some privilege versions, such as a root privilege version and a debug version with high privilege, can be verified in the existing trusted boot verification process to realize the boot of the high privilege version system, so as to obtain user data, thereby causing the privacy of the user to be revealed or being filled and benefited by lawbreakers. There is therefore a need for a new method to block the start-up of high-rights version systems on commercial electronic devices.

[ invention ]

Aiming at the problem that a resistance high-authority version system cannot be started on electronic equipment in the prior art, the application provides an authority management method and the electronic equipment. The present application also provides a computer-readable storage medium.

The embodiment of the application adopts the following technical scheme:

in a first aspect, the present application provides a system boot method, where the method is applied to an electronic device, the electronic device includes a chip, a small kernel partition, a boot verification public key partition, and an operating system partition, and the method includes:

acquiring unlocking authorization, wherein the unlocking authorization is used for authorizing to continuously finish the trusted starting verification process when verification fails in the trusted starting verification process;

executing a trusted boot verification process, the trusted boot verification process comprising: reading a fuse public key stored in the chip; the fuse public key is used for verifying the signature of the small kernel image stored in the small kernel partition, and after verification is successful, the start verification research and development public key is read from the small kernel image; using the starting verification research and development public key to verify the signature of the operating system research and development public key mirror image stored in the starting verification public key partition, and reading the operating system research and development public key from the operating system research and development public key mirror image after the signature verification is successful; using the operating system research and development public key to test the research and development operating system mirror image stored in the operating system partition, and reading the research and development operating system mirror image after the verification is successful;

And starting the research and development system based on the research and development operating system image.

According to the rights management method provided by the application, after unlocking and authorizing the electronic equipment, the research and development system can be started through the research and development operating system mirror image under the condition that the verification flow of the electronic equipment is failed to start.

Further, considering that it is required to avoid that the terminal device obtains the developing operation system image through the trusted start verification process and starts the developing system through the developing operation system image, in one implementation manner of the first aspect, the method includes:

the start-up verification in the small kernel image verifies that the research and development public key is null or wrong data, and the unlocking authorization is used for authorizing the operation system research and development public key to be read continuously when the verification of the research and development public key image fails aiming at the operation system.

In one implementation manner of the first aspect, the method includes: the operating system research and development public key in the operating system research and development public key image is null value or error data, and the unlocking authorization is used for authorizing to continue reading the research and development operating system image when verification fails for the research and development operating system image.

Further, in order to enable the electronic device to start the development system by developing the operating system image under the condition that the start-up verification process fails, in one implementation manner of the first aspect, obtaining the unlocking authorization includes:

Sending a request instruction to a server, wherein the request instruction is used for requesting the server to issue unlocking authorization;

receiving an authorization mark issued by a server, wherein the authorization mark corresponds to unlocking authorization, and comprises a unique value of the electronic equipment;

and verifying whether the unique value of the electronic equipment in the authorization mark is consistent with the unique value of the electronic equipment stored on the electronic equipment, and if so, judging that the unlocking authorization is acquired.

Further, the request instruction includes address information of the electronic device and a start request for starting the development system.

Furthermore, in order to ensure that unlocking authorization is performed on the specific electronic device, the unique value of the electronic device in the authorization tag is signed by the original factory private key, and the original factory private key is the vendor unique key.

Further, before sending the request instruction to the server, obtaining the unlocking authorization further includes:

a fast start mode is entered.

In a second aspect, the present application provides an electronic device, including:

the chip is stored with a fuse public key, and the fuse public key is used for verifying the signature small-sized kernel mirror image;

the small kernel partition is stored with a small kernel image, the small kernel image comprises a start verification research and development public key, the start verification research and development public key is used for verifying a signature operating system research and development public key image, and the start verification research and development public key in the small kernel image is null or error data;

The method comprises the steps that a starting verification public key partition of an operating system research and development public key image is stored, the operating system research and development public key image comprises an operating system research and development public key, the operating system research and development public key is used for verifying a signature research and development operating system image, and the research and development operating system image is used for starting a research and development system;

an operating system partition for storing a development operating system image in the case of an electronic device installation development system.

In a third aspect, the present application provides an electronic device, including:

the chip is stored with a fuse public key, and the fuse public key is used for verifying the signature small-sized kernel mirror image;

a small kernel partition storing a small kernel image, the small kernel image including a start verification development public key for starting the verification development public key for signing the operating system development public key image;

the method comprises the steps that a starting verification public key partition of an operating system research and development public key image is stored, the operating system research and development public key image comprises an operating system research and development public key, the operating system research and development public key is used for verifying and signing and researching an operating system image, the research and development operating system image is used for starting a research and development system, and the operating system research and development public key in the operating system research and development public key image is null value or error data;

an operating system partition for storing a development operating system image in the case of an electronic device installation development system.

In a fourth aspect, the present application provides an electronic device comprising a memory for storing computer program instructions and a processor for executing the computer program instructions, wherein the computer program instructions, when executed by the processor, trigger the electronic device to perform the method steps as in any of the first aspects.

In a fifth aspect, the present application provides a computer readable storage medium having a computer program stored therein, which when run on a computer causes the computer to perform the method of any of the first aspects.

[ description of the drawings ]

FIG. 1 is a diagram illustrating a partition data structure provided according to one embodiment of the present application;

FIG. 2 is a diagram illustrating a partition data structure provided according to one embodiment of the present application;

FIG. 3 is a flow chart illustrating a trusted boot verification method for a commercial system provided in accordance with an embodiment of the present application;

FIG. 4 is a flow chart of a trusted boot verification method for a development system provided in accordance with one embodiment of the present application;

FIG. 5 is a schematic diagram of a distribution area data structure according to an embodiment of the present application;

FIG. 6 is a system start-up flow chart for a development system according to one embodiment of the present application;

FIG. 7 is a flowchart of an authorized unlocking process for a development system start provided according to an embodiment of the present application;

FIG. 8 is a schematic diagram of a distribution area data structure according to an embodiment of the present application;

FIG. 9 is a system start-up flow chart for a development system according to one embodiment of the present application;

fig. 10 is a schematic diagram of a hardware structure of an electronic device according to an embodiment of the present application.

[ detailed description ] of the invention

For a better understanding of the technical solution of the present invention, the following detailed description of the embodiments of the present invention refers to the accompanying drawings.

It should be understood that the described embodiments are merely some, but not all, embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.

When the electronic equipment executes various specific operations, an operating system is required to be used as a basis, any operation instruction is required to be executed on the operating system, and therefore, starting the operating system is an essential link when the electronic equipment is started to run. If the electronic equipment starts an operating system with an untrusted source of a malicious implanted script or virus, the electronic equipment can be stolen by a malicious program in the operating system to cause privacy disclosure and endanger user information and property safety.

Therefore, when the electronic equipment starts the operating system, the operating system needs to be subjected to security verification, and the security system of a trusted source is started, so that the system of an untrusted source implanted with malicious programs is prevented from being started because the starting image is changed, and the privacy security of a user is protected.

In the existing security verification mechanism, the electronic equipment is locked before leaving the factory, and the locked electronic equipment needs to execute a trusted starting verification process when the system is started each time so as to ensure that an image file for starting the operating system is an original factory image. To perform the trusted boot verification process, a separate boot verification public key (verified boot metadata, vbmeta) partition is added to the electronic device. And the vbmeta partition stores a public key for signing the operating system partition (for example, the android partition), and during the starting process, signing is performed on the android partition through the public key stored in the vbmeta partition so as to acquire an operating system image (starting image) and finish starting the operating system.

FIG. 1 is a diagram illustrating a partition data structure according to an embodiment of the present application.

Taking an android system as an example, as shown in fig. 1, after the electronic device is powered on, a trusted start verification process is automatically executed. Acquiring a fuse public key stored in the chip 100; signing a small kernel image (lk image) stored in a small kernel (lk image) partition 110 by using a fuse public key, and acquiring a starting verification public key (vbmeta partition public key) in the lk image after the signing verification is passed; signing the boot verification public key partition image (vbmeta image) stored in the vbmeta partition 120 by using the vbmeta partition public key, and obtaining an operating system public key (for example, an android system is taken as an android partition public key) in the vbmeta image after the signing verification is passed; signing the operating system image (starting image) in the android partition 130 by using the public key of the android partition, and acquiring the starting image stored in the android partition 130 after signing verification; and brushing the starting mirror image into the memory to finish the starting of the system.

Further, the android partition 130 includes a plurality of sub-partitions, such as: core partition 131, system partition 132, and product partition 133. Each sub-partition stores a corresponding sub-partition image. In another embodiment, the android partition 130 may include other sub-partitions, without specific limitation.

The vbmeta image stored in the vbmeta partition 120 includes a plurality of android partition public keys corresponding to each android sub-partition in the android partition 130, for example, a core public key for signing the sub-partition image in the core partition 131, a system public key for signing the sub-partition image in the system partition 132, and a product public key for signing the sub-partition image in the product partition 133.

The electronic device may generally be a commercial system or a development system. Commercial systems are used for daily use by users, but have low rights and cannot perform some high-rights operations. Compared with a commercial system, the research and development system has higher level of operation authority and can execute more operation instructions. When the system carried by the electronic equipment is a commercial system, after passing the trusted starting verification, the commercial system can be started through a commercial starting mirror image; when the system carried by the electronic equipment is a research and development system, after passing the trusted start verification, the research and development system can be started by the research and development start mirror image.

FIG. 2 is a diagram illustrating a partition data structure according to an embodiment of the present application.

As shown in fig. 2, an lk image is stored in an lk partition 210 (refer to lk partition 110), and the lk image includes a start verification commercial public key (vbmeta commercial public key) 211 and a start verification development public key (vbmeta development public key) 212.

The vbmeta partition 220 stores a boot verification commercial image (vbmeta commercial image). The vbmeta commercial mirror image needs to be checked by the vbmeta commercial public key 211 before the content can be read. The vbmeta commercial image includes a commercial core public key 221, a commercial system public key 222, and a commercial product public key 223.

The vbmeta partition 220 also holds a startup verification development image (vbmeta development image). The Vbmeta development image needs to be checked by Vbmeta development public key 212 before the content can be read. The vbmeta development image includes a development core public key 224, a development system public key 225, and a development product public key 226.

The android partition (operating system partition) 230 includes three sub-partitions (refer to the android partition 130) of a core partition, a system partition, and a product partition.

When a commercial system is installed on the electronic device, the android partition 230 stores commercial operating system images.

Specifically, the commercial operating system images include a commercial core image 231, a commercial system image 232, and a commercial product image 233.

The core partition of the android partition 230 holds a commercial core image 231. The commercial core image 231 needs to be checked by the commercial core public key 221 before the content can be read.

The system partition of the android partition 230 holds a business system image 232. Commercial system image 232 needs to be signed by commercial system public key 222 before it can be read.

The product partition of the android partition 230 holds a commercial product image 233. Commercial product image 233 needs to be checked by commercial product public key 223 before the content can be read.

The commercial core image 231, commercial system image 232, and commercial product image 233 are commonly used for electronic device startup commercial systems.

When a development system is installed on the electronic device, the android partition 230 stores a development operating system image.

Specifically, the development operating system images include a development core image 231, a development system image 232, and a development product image 233.

The core partition of the android partition 230 has a development core image 234 stored therein. The research and development core image 234 needs to be checked by the research and development core public key 224 before the content can be read.

The system partition of the android partition 230 stores a development system image 235. The development system image 235 needs to be checked by the development system public key 225 to read the content.

The product partition of the android partition 230 stores a development product image 236. The development product image 236 needs to be checked by the development product public key 226 before the content can be read.

The development core image 234, the development system image 235, and the development product image 236 are commonly used for an electronic device to boot a development system.

Fig. 3 is a flowchart of a trusted boot verification method for a commercial system according to an embodiment of the present application.

When a commercial system is installed on an electronic device, the electronic device based on the partition data structure shown in fig. 2 performs the following flow as shown in fig. 3 to realize the start-up of the commercial system.

S301, the electronic equipment is powered on, and trusted starting verification is executed.

Specifically, the electronic device is powered on, and the electronic device starts an operating system. The trusted boot verification is automatically performed during the booting of the operating system to determine whether the booting operating system is a trusted source system.

Wherein, the electronic device obtains the fuse public key from the chip (refer to the chip 110) after power-on.

S302, a fuse public key is used for verifying the lk image stored in the lk partition 210, and a vbmeta commercial public key 211 used for verifying the vbmeta partition is read from the lk image after verification is passed.

S303, using the vbmeta commercial public key 211 to check the vbmeta commercial mirror image stored in the vbmeta partition 220, and reading the operating system commercial public key for checking the android partition from the vbmeta commercial mirror image after the check passes.

The operating system commercial public key in the vbmeta commercial image contains: commercial core public key 221, commercial system public key 222, and commercial product public key 223.

S304, the commercial operating system images stored in the android partition 230 are checked and signed by using the operating system commercial public key obtained from the vbmeta commercial images, so as to obtain the commercial operating system images stored in the android partition 230.

Specifically, S304 includes:

the commercial core image 231 stored in the core partition is checked by the commercial core public key 221, and the commercial core image 231 is read after the check passes;

the commercial system mirror image 232 stored in the system partition is checked through the commercial system public key 222, and the commercial system mirror image 232 is read after the check passes;

and (3) checking the commercial product mirror image 233 stored in the product partition through the commercial product public key 223, and reading the commercial product mirror image 233 after the checking is passed.

S305, the commercial system is started on the electronic device by the commercial operating system image (commercial core image 231, commercial system image 232, and commercial product image 233).

Specifically, the commercial operating system images obtained by verifying the android partition images, namely the commercial core image 231, the commercial system image 232 and the commercial product image 233, are brushed into the memory, so that the starting of the commercial system can be completed.

The commercial operating system image is only used for starting the commercial system, and cannot be used for starting the research and development system.

Fig. 4 is a flowchart of a trusted boot verification method for a development system according to an embodiment of the present application.

When a development system is installed on an electronic device, the electronic device based on the partition data structure shown in fig. 2 executes the following flow as shown in fig. 4 to realize the start-up of the development system.

S401, the electronic equipment is powered on, and trusted starting verification is executed.

S402, signing the lk image stored in the lk partition 210 by using the fuse public key, and reading a vbmeta research and development public key 212 for signing the vbmeta partition from the lk image after the signing passes.

S403, the vbmeta research and development public key 212 is used for verifying the vbmeta research and development image stored in the vbmeta partition 220, and after verification is passed, the operating system research and development public key for verifying the signature of the android partition 230 is read from the vbmeta research and development image.

The operating system development public key in the vbmeta development image includes: a development core public key 224, a development system public key 225, and a development product public key 226.

S404, signing the research and development operating system image stored in the android partition 230 by using the operating system research and development public key obtained from the vbmeta research and development image so as to obtain the research and development operating system image stored in the android partition 230.

Specifically, the android partition further comprises a core partition, a system partition and a product partition. S404 includes:

signing the research and development core image 234 stored in the core partition through the research and development core public key 224, and reading the research and development core image 234 after signing verification;

signing the research and development system image 235 stored in the system partition through the research and development system public key 225, and reading the research and development system image 235 after signing verification;

the developed product image 236 stored in the product partition is checked by the developed product public key 226, and the developed product image 236 is read after the checked signature passes.

S405, starting a research and development system on the electronic device through the research and development operating system image.

Specifically, the research and development operating system images obtained by verifying the android partition images, namely the research and development core image 234, the research and development system image 235 and the research and development product image 236, are brushed into the memory, so that the starting of the research and development system can be completed.

The development operating system image can only be used for starting the development system, and cannot be used for starting the commercial system.

In the starting process of the commercial system and the research and development system, the operating system started by the electronic equipment is ensured to come from a trusted source through the trusted starting verification process, the commercial system or the research and development system of the trusted source is successfully started, the starting of the non-trusted source system is avoided, and the harm of the non-trusted source system to the privacy information of the user is prevented.

The electronic device needs to be locked before leaving the factory to perform trusted boot verification each time it is booted and the operating system is booted. While trusted boot verification may be used to determine whether the operating system being booted is a vendor-provided system, preventing the booting of other pirated systems, it does not prevent the booting of vendor-high-rights development systems, as shown in the flowchart of fig. 4.

On one hand, once the high-authority development system of the original factory flows out, the system is easily obtained and utilized by lawbreakers and manufactured into a pirate system. Because the starting mirror image issued by the original factory, such as the original factory internal debug mirror image, the printing user privacy information mirror image, the high-authority root mirror image and the like can be verified through trusted starting, after the pirate system manufactured based on the original factory research and development system is installed on the electronic equipment, the starting can be completed on the electronic equipment, and therefore after the high-authority research and development system and the small package are leaked, the high-authority research and development system and the small package can be utilized by lawless persons to acquire user privacy information or to make filling and profit-making.

On the other hand, even if a research and development system provided by a factory instead of a pirate system is started up in an electronic device, there is a high possibility that the user installs software of an untrusted source on the electronic device through the acquired excessive use authority, which causes damage to the electronic device and the privacy of the user.

There is therefore a need to prevent high-rights development systems from being started on electronic devices that users routinely use.

In order to prevent the start of the development system of the high-authority version such as the high-authority root version, the debug version and the like, an embodiment of the application provides electronic equipment. In the case where the commercial system is installed on the electronic device, the electronic device may normally start the commercial system based on the flow shown in fig. 3. Under the condition that the research and development system is installed on the electronic device, if the electronic device performs trusted start verification according to the flow shown in fig. 4, the electronic device cannot acquire the operating system research and development public key from the vbmeta partition, so that the electronic device cannot use the operating system research and development public key to check and sign the operating system partition, and the trusted start verification is stopped, so that the electronic device is fundamentally prevented from starting the research and development system.

Specifically, in one implementation, vbmeta stored within an lk partition of an electronic device develops a public key as null or erroneous data. For example, the representation of the null value may be to store no vbmeta development public key in the lk partition, or the representation of the null value may be to set the value of the vbmeta development public key stored in the lk partition to 1 or 0; the erroneous data may be represented in the form of an unusable vbmeta development public key stored in the lk partition, for example, a vbmeta development public key replaced with, for example, a vbmeta commercial public key, or other data information.

Fig. 5 is a schematic diagram of a distribution area data structure according to an embodiment of the present application, taking vbmeta development public key as a null value as an example.

As shown in fig. 5, the lk image stored in lk partition 510 contains only vbmeta commercial public key 511 and no vbmeta development public key.

The vbmeta partition 520 holds a vbmeta commercial image (including commercial core public key 521, commercial system public key 522, and commercial product public key 523) and a vbmeta development image (development core public key 524, development system public key 525, and development product public key 526). (reference to vbmeta partition 220)

Android partition 530 includes three sub-partitions (referring to android partition 230) of a core partition, a system partition, and a product partition.

When a commercial system is installed on the electronic device, the commercial core image 531 is stored in the core partition of the android partition 530. The commercial core image 531 needs to be checked by the commercial core public key 521 to read the content.

Commercial system image 532 is stored in the system partition. Commercial system image 532 needs to be signed by commercial system public key 522 before it can be read.

The product partition stores the commercial product image 533. Commercial product image 533 needs to be checked by commercial product public key 523 before its content can be read.

The commercial core image 531, commercial system image 532, and commercial product image 533 are used together for the electronic device to start up the commercial system.

When a development system is installed on the electronic device, a development core image 534 is saved in the core partition of the android partition 530. Development core image 534 needs to be checked by development core public key 524 before it can read the content.

The system partition has a development system image 535 stored therein. The development system image 535 needs to be signed by the development system public key 525 before it can be read.

The product partition has a developed product image 536 stored therein. Development product image 536 needs to be checked by development product public key 526 before the content can be read.

The development core image 534, the development system image 535, and the development product image 536 are commonly used in an electronic device to boot a development system.

For an application scenario in which a commercial system is installed on an electronic device, the electronic device may start the commercial system based on the flow shown in fig. 3.

For an application scenario in which a development system is installed on an electronic device, during the process of the electronic device starting up the development system based on the flow shown in fig. 4, since the lk image stored in the lk partition 510 does not contain the vbmeta development public key. Therefore, the electronic device cannot verify the vbmeta development image stored in the vbmeta partition 520 (i.e., cannot read the development core public key 524, the development system public key 525, and the development product public key 526), the trusted boot verification is terminated, and the development system cannot be booted.

Further, in some application scenarios, a user still needs to start the development system to perform high-authority operation under some special conditions. Aiming at the electronic equipment shown in fig. 5, the embodiment of the application also provides a system starting method for starting the research and development system, and aiming at the electronic equipment provided with the research and development system, the research and development system can be normally started when the vbmeta research and development mirror image verification fails in the process of starting the research and development system through an authorized unlocking mode.

Fig. 6 is a system start-up flowchart for a development system according to an embodiment of the present application.

In the case where the electronic apparatus shown in fig. 5 is installed with the development system, the start-up of the development system is realized based on the following steps shown in fig. 6.

S600, unlocking authorization of the vbmeta research and development image stored in the vbmeta partition 520 is obtained.

In the embodiment of the present application, the unlocking authority for developing the image for vbmeta may be obtained in a plurality of different manners, which is not limited in the present application.

Specifically, in an embodiment, a unique corresponding unique value of the electronic device (different values of different electronic devices) is configured for the electronic device, and is stored in a flag bit of a register of the electronic device. When the electronic device starts the development system (e.g., first starts the development system; or attempts to restart the development system after failing to start the development system according to the flowchart shown in fig. 4), a fast boot mode is entered. The electronic equipment sends a request instruction to the server in the fastboot mode and receives an authorization mark fed back by the server. And when the numerical value in the authorization mark fed back by the server is consistent with the unique value of the electronic equipment stored in the electronic equipment flag bit, confirming that the authorization is completed for the electronic equipment. Under the condition that the trusted starting verification fails, the authorized electronic equipment can still finish starting the research system.

Fig. 7 is a flowchart of an authorized unlocking process for a development system start according to an embodiment of the present application.

After the electronic device enters the fastboot mode, the electronic device executes the following steps as shown in fig. 7 to implement S600, and obtains the unlocking authority for developing the image for vbmeta.

S701, a request instruction is sent to a server.

Specifically, the request instruction sent by the electronic device to the server includes address information of the electronic device and a start request for starting the development system.

S702, receiving an authorization mark issued by the server according to the request instruction.

Specifically, after receiving a request instruction sent by the electronic device, the server determines an electronic device unique value uniquely corresponding to the electronic device according to address information in the request instruction. The unique value of the electronic equipment is signed through the private key of the original factory and then is used as an authorization mark to be issued to the electronic equipment. After receiving the authorization mark issued by the server, the electronic equipment stores the authorization mark and uses the authorization mark to unlock and authorize when restarting the research and development system.

The original factory private key is a oem manufacturer unique key. oem manufacturers each configure different public keys for different electronic devices to correspond to the factory private keys. The authorization mark signed by the private key of the original factory can only be checked by the public key of the terminal equipment.

S703, signing the authorization mark through a public key corresponding to the private key of the original factory to obtain a numerical value issued by the server. If the authorization token is consistent with the value stored in the electronic device, authorization is completed.

Specifically, when the electronic device restarts the research and development system, the stored authorization mark is called, and the authorization mark is checked by the public key corresponding to the private key of the original factory to obtain the unique value of the electronic device issued by the server.

The electronic device compares the unique value of the electronic device in the authorization mark with the unique value of the electronic device stored in the register flag bit, and when the two values are consistent, the completion of authorization is determined. And determining that the authorization fails when the numerical value in the authorization mark is inconsistent with the unique electronic device value stored in the flag bit of the register or the unique electronic device value stored in the flag bit is cleared due to the attack on the register.

When the authorization is successful, the authorized electronic device may continue the trusted boot verification process in case of failure in signing the vbmeta development image, and read the development core image 534, the development system image 535, and the development product image 536.

The electronic device only needs to receive the authorization mark once and store the authorization mark. When the unlocking authorization is carried out by comparing whether the authorization mark is consistent with the numerical value stored in the electronic equipment or not, the prestored authorization mark is only required to be called for signature verification, and the request instruction is not required to be repeatedly sent to the server and the authorization mark is repeatedly received.

According to the embodiment of the invention, the unlocking authorization is carried out on the electronic equipment through the server, so that the electronic equipment can start the research and development system to execute high-authority operation under some special conditions, and convenience is provided for users to the greatest extent while the privacy security of the users is ensured.

Further, the authorization process of the electronic device unlocks the locked state of the electronic device before leaving the factory. The electronic equipment starts the research and development system after authorization, is started in an unlocking state, and still has privacy disclosure risk compared with normal starting in a locking state. Therefore, in some embodiments, when the electronic device performs the trusted start verification process, prompt information with different colors needs to be displayed according to different locking states and different starting states of the electronic device so as to warn the user.

Specifically, when the electronic equipment does not pass through the authorized process and the system is started directly through the trusted start verification process, green prompt information is displayed; when the electronic equipment is unlocked through an authorization process and the system is successfully started, orange prompt information is displayed; when the electronic equipment fails to pass the authorization, displaying yellow prompt information; and when the electronic equipment does not find an effective system to start, displaying red prompt information.

Specifically, in one embodiment, the authorized unlocking is achieved based on the following code.

After S600, the electronic device performs the execution of the trusted boot verification. For example, the electronic device is restarted in fastboot mode.

S601, acquiring a fuse public key from a chip on the electronic device. (refer to S401)

S602, a fuse public key is used for checking a lk image stored in the lk partition 510, and a vbmeta commercial public key 511 for checking the vbmeta partition is read from the lk image through post-checking reading. (refer to S402)

S603, the vbmeta commercial public key 511 is used for signing the vbmeta research and development image stored in the vbmeta partition 520, and signing verification fails, but the operating system research and development public key for signing the android partition is read from the vbmeta research and development image because unlocking authorization is acquired. (refer to S403)

S604, the research and development operating system image stored in the android partition 230 is checked and signed by using the operating system research and development public key obtained from the vbmeta research and development image, so as to obtain the research and development operating system image stored in the android partition 230. (refer to S404)

S605, a research and development system is started on the electronic device through the research and development operating system image. (refer to S405)

In another implementation of the electronic device, the operating system development public key in the vbmeta development image stored in the vbmeta partition of the electronic device is null or erroneous data. For example, the representation of the null value may be that the vbmeta development image is not stored in the vbmeta partition or the operating system development public key is not stored in the vbmeta development image, or the representation of the null value may be that the value of the operating system development public key is set to 1 or 0; the erroneous data may be represented in the form of an operating system development public key that is not available, for example, by replacing the operating system development public key with an operating system commercial public key, or other data information.

Fig. 8 is a schematic diagram of a distributed area data structure according to an embodiment of the present application, taking an os development public key as error data as an example.

As shown in fig. 8, the lk image stored in lk partition 810 contains vbmeta commercial public key 811 and vbmeta development public key 812.

The vbmeta partition 820 stores therein a vbmeta commercial image containing a commercial core public key 821, a commercial system public key 822, and a commercial product public key 823.

Also stored in vbmeta partition 820 is a vbmeta development image that contains a commercial core public key 821, a commercial system public key 822, and a commercial product public key 823.

Android partition 830 contains three sub-partitions (referring to android partition 230) of a core partition, a system partition, and a product partition.

When a commodity system is installed on the electronic device, the core partition of the android partition 830 holds a commodity core image 831. The commercial core image 831 needs to be signed by the commercial core public key 821 before it can read the content.

Commercial system images 832 are stored in the system partition. Commercial system image 832 needs to be signed by commercial system public key 822 before it can be read.

The product partition stores a commercial product image 833. The commercial product image 833 needs to be checked by the commercial product public key 823 to read the content.

The commercial core image 831, commercial system image 832, and commercial product image 833 are commonly used in an electronic device to start up a commercial system.

When a development system is installed on the electronic device, a development core image 834 is saved in the core partition of the android partition 830. The research and development core image 834 needs to be checked by the research and development core public key to read the content.

The system partition has a development system image 835 stored therein. The development system image 835 needs to be signed by the development system public key before the content can be read.

The product partition stores a development product image 836. The research and development product image 836 needs to be checked by the research and development product public key to read the content.

The development core image 834, the development system image 835, and the development product image 836 are commonly used for an electronic device to boot a development system.

For an application scenario in which a commercial system is installed on an electronic device, the electronic device may start the commercial system based on the flow shown in fig. 3.

For an application scenario in which a research and development system is installed on an electronic device, in a process of starting the research and development system by the electronic device based on the flow shown in fig. 4, because the vbmeta research and development image stored in the vbmeta partition 820 does not include public keys for verifying the research and development core image 834, the research and development system image 835 and the research and development product image 836, the electronic device cannot verify the research and development core image 834, the research and development system image 835 and the research and development product image 836 stored in the android partition 830, trusted starting verification is terminated, and the research and development system cannot be started.

Further, for the electronic device shown in fig. 8, the embodiment of the application further provides a system starting method for starting the research and development system, and for the electronic device provided with the research and development system, in the process of starting the research and development system, by means of authorization and unlocking, when the android partition 830 fails in signature verification, the research and development system can be started normally.

Fig. 9 is a system start-up flowchart for a development system according to an embodiment of the present application.

In the case where the electronic apparatus shown in fig. 8 is installed with the development system, the start-up of the development system is realized based on the following steps shown in fig. 9.

S900, unlocking authorization for the research and development core image 834, the research and development system image 835 and the research and development product image 836 is obtained.

The start trigger condition of S900 and the manner of acquiring the unlock grant in S900 may refer to S600.

After S900, the electronic device performs the execution of the trusted boot verification. For example, the electronic device is restarted in fastboot mode.

S901, the electronic device obtains the public key of the fuse from the chip. (refer to S401)

S902, a fuse public key is used for checking a lk image stored in the lk partition 510, and a vbmeta commercial public key 511 used for checking the vbmeta partition is read from the lk image through post-checking. (refer to S402)

S903, the vbmeta commercial public key 511 is used for verifying the vbmeta research and development image stored in the vbmeta partition 520, and after verification is successful, the operating system commercial public key used for verifying the android partition is read from the vbmeta research and development image. (refer to S403)

S904, the research and development operating system images stored in the android partition 230 are checked by using the commercial public key of the operating system obtained from the vbmeta research and development images, and the check is failed, but the research and development operating system images stored in the android partition 230 are read because the unlocking authorization is obtained. (refer to S404)

S905, starting a research and development system on the electronic device through research and development operation system mirror image. (refer to S405)

An embodiment of the present application further provides an electronic device, in an lk partition of the electronic device, a vbmeta research public key in an lk mirror image is null or erroneous data. The electronic device comprises a memory for storing computer program instructions and a processor for executing the program instructions, wherein the computer program instructions, when executed by the processor, trigger the terminal device to perform the method steps as described in the embodiments of the present application.

Specifically, in an embodiment of the present application, the one or more computer programs are stored in the memory, where the one or more computer programs include instructions, which when executed by the apparatus, cause the apparatus to perform the method steps described in the embodiments of the present application.

An embodiment of the present application further provides an electronic device, in a vbmeta partition of the electronic device, an operating system research and development public key in an operating system research and development public key mirror is null or erroneous data. The electronic device comprises a memory for storing computer program instructions and a processor for executing the program instructions, wherein the computer program instructions, when executed by the processor, trigger the terminal device to perform the method steps as described in the embodiments of the present application.

Specifically, in an embodiment of the present application, the one or more computer programs are stored in the memory, where the one or more computer programs include instructions, which when executed by the apparatus, cause the apparatus to perform the method steps described in the embodiments of the present application.

Fig. 10 is a schematic diagram illustrating a hardware structure of an electronic device according to an embodiment of the present application. As shown in fig. 10, the electronic device 1000 may include a processor 110, an external memory interface 120, an internal memory 121, a universal serial bus (universal serial bus, USB) interface 130, a charge management module 140, a power management module 141, a battery 142, an antenna 1, an antenna 2, a mobile communication module 150, a wireless communication module 160, an audio module 170, a speaker 170A, a receiver 170B, a microphone 170C, an earphone interface 170D, a sensor module 180, keys 190, a motor 191, an indicator 192, a camera 193, a display 194, a user identification module (subscriber identification module, SIM) card interface 195, and the like. The sensor module 180 may include a pressure sensor 180A, a gyro sensor 180B, an air pressure sensor 180C, a magnetic sensor 180D, an acceleration sensor 180E, a distance sensor 180F, a proximity sensor 180G, a fingerprint sensor 180H, a temperature sensor 180J, a touch sensor 180K, an ambient light sensor 180L, a bone conduction sensor 180M, and the like.

It is to be understood that the structure illustrated in the embodiments of the present application does not constitute a specific limitation on the electronic device 1000. In other embodiments of the present application, electronic device 1000 may include more or fewer components than shown, or certain components may be combined, or certain components may be split, or different arrangements of components. The illustrated components may be implemented in hardware, software, or a combination of software and hardware.

The processor 110 of the electronic device 1000 may be a device-on-chip SOC, which may include a central processing unit (Central Processing Unit, CPU) therein, and may further include other types of processors. For example, the processor 110 may be a PWM control chip.

The processor 110 may include, for example, a CPU, DSP, microcontroller, or digital signal processor, and may further include a GPU, an embedded Neural network processor (Neural-network Process Units, NPU), and an image signal processor (Image Signal Processing, ISP), and the processor 110 may further include a necessary hardware accelerator or logic processing hardware circuit, such as an ASIC, or one or more integrated circuits for controlling program execution of the present application, and the like. Further, the processor 110 may have a function of operating one or more software programs, which may be stored in a storage medium.

Processor 110 may include one or more processing units. For example: the processor 110 may include an application processor (application processor, AP), a modem processor, a graphics processor (graphics processing unit, GPU), an image signal processor (image signal processor, ISP), a controller, a video codec, a digital signal processor (digital signal processor, DSP), a baseband processor, and/or a neural network processor (neural-network processing unit, NPU), etc. Wherein the different processing units may be separate components or may be integrated in one or more processors. In some embodiments, electronic device 1000 may also include one or more processors 110. The controller can generate operation control signals according to the instruction operation codes and the time sequence signals to finish the control of instruction fetching and instruction execution.

In some embodiments, the processor 110 may include one or more interfaces. The interfaces may include inter-integrated circuit (inter-integrated circuit, I2C) interfaces, inter-integrated circuit audio (integrated circuit sound, I2S) interfaces, pulse code modulation (pulse code modulation, PCM) interfaces, universal asynchronous receiver transmitter (universal asynchronous receiver/transmitter, UART) interfaces, mobile industry processor interfaces (mobile industry processor interface, MIPI), general-purpose input/output (GPIO) interfaces, SIM card interfaces, and/or USB interfaces, among others. The USB interface 130 is an interface conforming to the USB standard, and may specifically be a Mini USB interface, a Micro USB interface, a USB Type C interface, or the like. The USB interface 130 may be used to connect a charger to charge the electronic device 1000, or may be used to transfer data between the electronic device 1000 and a peripheral device.

It should be understood that the interfacing relationship between the modules illustrated in the embodiments of the present application is only illustrative, and does not limit the structure of the electronic device 1000. In other embodiments of the present application, the electronic device 1000 may also employ different interfacing manners in the foregoing embodiments, or a combination of multiple interfacing manners.

The external memory interface 120 may be used to connect an external memory card, such as a Micro SD card, to enable expansion of the memory capabilities of the electronic device 1000. The external memory card communicates with the processor 110 through an external memory interface 120 to implement data storage functions. For example, files such as music, video, etc. are stored in an external memory card.

The internal memory 121 of the electronic device 1000 may be used to store one or more computer programs, including instructions. The processor 110 may cause the electronic device 1000 to perform the methods provided in some embodiments of the present application, as well as various applications, data processing, and the like, by executing the above-described instructions stored in the internal memory 121. The internal memory 121 may include a code storage area and a data storage area. Wherein the code storage area may store an operating system. The data storage area may store data created during use of the electronic device 1000, etc. In addition, the internal memory 121 may include high-speed random access memory, and may also include nonvolatile memory, such as one or more disk storage units, flash memory units, universal flash memory (universal flash storage, UFS), and the like.

The internal memory 121 may be a read-only memory (ROM), other type of static storage device that can store static information and instructions, a random access memory (random access memory, RAM) or other type of dynamic storage device that can store information and instructions, an electrically erasable programmable read-only memory (electrically erasable programmable read-only memory, EEPROM), a compact disc read-only memory (compact disc read-only memory) or other optical disk storage, optical disk storage (including compact disc, laser disc, optical disc, digital versatile disc, blu-ray disc, etc.), magnetic disk storage media, or other magnetic storage devices, or any computer-readable medium that can be utilized to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer.

The processor 110 and the internal memory 121 may be combined into one processing device, more commonly as separate components, and the processor 110 is configured to execute the program code stored in the internal memory 121 to implement the method according to the embodiments of the present application. In particular, the internal memory 121 may also be integrated into the processor or independent of the processor.

The charge management module 140 is configured to receive a charge input from a charger. The charger can be a wireless charger or a wired charger. In some wired charging embodiments, the charge management module 140 may receive a charging input of a wired charger through the USB interface 130. In some wireless charging embodiments, the charge management module 140 may receive wireless charging input through a wireless charging coil of the electronic device 1000. The charging management module 140 may also supply power to the electronic device 1000 through the power management module 141 while charging the battery 142.

The power management module 141 is used for connecting the battery 142, and the charge management module 140 and the processor 110. The power management module 141 receives inputs from the battery 142 and/or the charge management module 140 to power the processor 110, the internal memory 121, the external memory interface 120, the mobile communication module 150, the wireless communication module 160, and the like. The power management module 141 may also be configured to monitor battery capacity, battery cycle number, battery health (leakage, impedance) and other parameters. In other embodiments, the power management module 141 may also be provided in the processor 110. In other embodiments, the power management module 141 and the charge management module 140 may be disposed in the same device.

The wireless communication function of the electronic device 1000 can be implemented by the antenna 1, the antenna 2, the mobile communication module 150, the wireless communication module 160, a modem processor, a baseband processor, and the like.

The antennas 1 and 2 are used for transmitting and receiving electromagnetic wave signals. Each antenna in the electronic device 1000 may be used to cover a single or multiple communication bands. Different antennas may also be multiplexed to improve the utilization of the antennas. For example: the antenna 1 may be multiplexed into a diversity antenna of a wireless local area network. In other embodiments, the antenna may be used in conjunction with a tuning switch.

The mobile communication module 150 may provide a solution for wireless communication including 2G/3G/4G/5G, etc., applied to the electronic device 1000. The mobile communication module 150 may include at least one filter, switch, power amplifier, low noise amplifier (low noise amplifier, LNA), etc. The mobile communication module 150 may receive electromagnetic waves from the antenna 1, perform processes such as filtering, amplifying, and the like on the received electromagnetic waves, and transmit the processed electromagnetic waves to the modem processor for demodulation. The mobile communication module 150 can amplify the signal modulated by the modem processor, and convert the signal into electromagnetic waves through the antenna 1 to radiate. In some embodiments, at least some of the functional modules of the mobile communication module 150 may be disposed in the processor 110.

The modem processor may include a modulator and a demodulator. The modulator is used for modulating the low-frequency baseband signal to be transmitted into a medium-high frequency signal. The demodulator is used for demodulating the received electromagnetic wave signal into a low-frequency baseband signal. The demodulator then transmits the demodulated low frequency baseband signal to the baseband processor for processing. The low frequency baseband signal is processed by the baseband processor and then transferred to the application processor. The application processor outputs sound signals through an audio device (not limited to the speaker 170A, the receiver 170B, etc.), or displays images or video through the display screen 194. In some embodiments, the modem processor may be a stand-alone device. In other embodiments, the modem processor may be provided in the same device as the mobile communication module 150 or other functional module, independent of the processor 110.

The wireless communication module 160 may provide solutions for wireless communication including wireless local area network (wireless local area networks, WLAN) (e.g., wireless fidelity (wireless fidelity, wi-Fi) network), bluetooth (BT), global navigation satellite system (global navigation satellite system, GNSS), frequency modulation (frequency modulation, FM), near field wireless communication technology (near field communication, NFC), infrared technology (IR), etc., as applied to the electronic device 1000.

The wireless communication module 160 may be one or more devices that integrate at least one communication processing module. The wireless communication module 160 receives electromagnetic waves via the antenna 2, modulates the electromagnetic wave signals, filters the electromagnetic wave signals, and transmits the processed signals to the processor 110. The wireless communication module 160 may also receive a signal to be transmitted from the processor 110, frequency modulate it, amplify it, and convert it to electromagnetic waves for radiation via the antenna 2.

In some embodiments, antenna 1 and mobile communication module 150 of electronic device 1000 are coupled, and antenna 2 and wireless communication module 160 are coupled, such that electronic device 1000 may communicate with a network and other devices through wireless communication techniques. The wireless communication techniques may include the Global System for Mobile communications (global system for mobile communications, GSM), general packet radio service (general packet radio service, GPRS), code division multiple access (code division multiple access, CDMA), wideband code division multiple access (wideband code division multiple access, WCDMA), time division code division multiple access (time-division code division multiple access, TD-SCDMA), long term evolution (long term evolution, LTE), BT, GNSS, WLAN, NFC, FM, and/or IR techniques, among others. The GNSS may include a global satellite positioning system (global positioning system, GPS), a global navigation satellite system (global navigation satellite system, GLONASS), a beidou satellite navigation system (beidou navigation satellite system, BDS), a quasi zenith satellite system (quasi-zenith satellite system, QZSS) and/or a satellite based augmentation system (satellite based augmentation systems, SBAS).

The electronic device 1000 may implement photographing functions through an ISP, a camera 193, a video codec, a GPU, a display screen 194, an application processor, and the like.

The electronic device 1000 may implement audio functions through an audio module 170, a speaker 170A, a receiver 170B, a microphone 170C, an earphone interface 170D, an application processor, and the like. Such as music playing, recording, etc.

The electronic device 1000 may implement touch input through the display 194, the touch sensor 180K, the processor 110, and the like. For example, the touch sensor 180K and the display screen 194 are integrated into a touch screen, the clicking operation of the user on the touch screen is collected by the touch sensor 180K as a touch signal, the touch signal is collected and converted by the sensor module 180 and then transmitted to the processor 110, and the processor 110 analyzes the touch operation behavior of the user through the recognition of the touch signal.

Further, the devices, apparatuses, modules illustrated in the embodiments of the present application may be implemented by a computer chip or entity, or by a product having a certain function.

It will be apparent to those skilled in the art that embodiments of the present application may be provided as a method, apparatus, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media having computer-usable program code embodied therein.

In several embodiments provided herein, any of the functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the methods described in the embodiments of the present application.

Specifically, in an embodiment of the present application, there is further provided a computer readable storage medium, where a computer program is stored, when the computer program is executed on a computer, to cause the computer to perform the method provided in the embodiment of the present application.

An embodiment of the present application also provides a computer program product comprising a computer program which, when run on a computer, causes the computer to perform the method provided by the embodiments of the present application.

The description of embodiments herein is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (devices), and computer program products according to embodiments herein. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

In the embodiments of the present application, the term "at least one" refers to one or more, and the term "a plurality" refers to two or more. "and/or", describes an association relation of association objects, and indicates that there may be three kinds of relations, for example, a and/or B, and may indicate that a alone exists, a and B together, and B alone exists. Wherein A, B may be singular or plural. The character "/" generally indicates that the context-dependent object is an "or" relationship. "at least one of the following" and the like means any combination of these items, including any combination of single or plural items. For example, at least one of a, b and c may represent: a, b, c, a and b, a and c, b and c or a and b and c, wherein a, b and c can be single or multiple.

In the present embodiments, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or apparatus that comprises the element.

The application may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The application may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.

All embodiments in the application are described in a progressive manner, and identical and similar parts of all embodiments are mutually referred, so that each embodiment mainly describes differences from other embodiments. In particular, for the device embodiments, since they are substantially similar to the method embodiments, the description is relatively simple, and reference is made to the description of the method embodiments in part.

Those of ordinary skill in the art will appreciate that the various elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as a combination of electronic hardware, computer software, and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.

It will be clearly understood by those skilled in the art that, for convenience and brevity of description, specific working procedures of the apparatus, the apparatus and the units described above may refer to corresponding procedures in the foregoing method embodiments, which are not repeated herein.

The foregoing is merely a specific embodiment of the present application, and any person skilled in the art may easily think of changes or substitutions within the technical scope of the present application, and should be covered in the scope of the present application. The protection scope of the present application shall be subject to the protection scope of the claims.

Claims (11)

1. A system boot method, wherein the method is applied to an electronic device, the electronic device including a chip, a small kernel partition, a boot verification public key partition, and an operating system partition, the method comprising:

acquiring unlocking authorization, wherein the unlocking authorization is used for authorizing to continuously finish a trusted starting verification process when signature verification fails in the trusted starting verification process;

executing the trusted start verification process, wherein the trusted start verification process comprises the following steps: reading a fuse public key stored in the chip; using the fuse public key to check the signature of the small kernel image stored in the small kernel partition, and reading a start verification research and development public key from the small kernel image after the signature check is successful; using the starting verification research and development public key to verify the signature of the operating system research and development public key mirror image stored in the starting verification public key partition, and reading the operating system research and development public key from the operating system research and development public key mirror image after the signature verification is successful; using the research and development public key of the operating system to check the research and development operating system mirror images stored in the operating system partition, and reading the research and development operating system mirror images after the check is successful;

And starting the research and development system based on the research and development operating system image.

2. The method of claim 1, wherein the boot verification development public key in the small kernel image is null or erroneous data, and wherein the unlocking authority is used to authorize continued reading of the operating system development public key upon failure of a signature verification for the operating system development public key image.

3. The method of claim 1, wherein an operating system development public key in the operating system development public key image is null or erroneous data, and wherein the unlocking authorization is used to authorize continued reading of the development operating system image upon verification failure for the development operating system image.

4. The method of claim 1, wherein the obtaining an unlocking grant comprises:

sending a request instruction to a server, wherein the request instruction is used for requesting the server to issue the unlocking authorization;

receiving an authorization mark issued by the server, wherein the authorization mark corresponds to the unlocking authorization, and the authorization mark contains a unique value of the electronic equipment;

and verifying whether the unique value of the electronic equipment in the authorization mark is consistent with the unique value of the electronic equipment stored on the electronic equipment, and if so, judging that the unlocking authorization is obtained.

5. The method of claim 4, wherein the request instruction includes address information of the electronic device and a start-up request to start up the development system.

6. The method of claim 4, wherein the electronic device unique value in the authorization token is signed by a factory-private key, the factory-private key being a vendor unique key.

7. The method of claim 4, wherein the obtaining the unlocking authority prior to the sending the request instruction to the server, further comprises:

a fast start mode is entered.

8. An electronic device, the electronic device comprising:

the chip is stored with a fuse public key, and the fuse public key is used for verifying the signature small-sized kernel mirror image;

the small kernel partition is stored with the small kernel image, the small kernel image comprises a starting verification research and development public key, the starting verification research and development public key is used for verifying a signature operating system research and development public key image, and the starting verification research and development public key in the small kernel image is null or error data;

the starting verification public key partition is stored with the operating system research and development public key image, the operating system research and development public key image comprises an operating system research and development public key, the operating system research and development public key is used for verifying a signature research and development operating system image, and the research and development operating system image is used for starting a research and development system;

And an operating system partition for storing the development operating system image in the case where the electronic device installs the development system.

9. An electronic device, the electronic device comprising:

the chip is stored with a fuse public key, and the fuse public key is used for verifying the signature small-sized kernel mirror image;

the small kernel partition is stored with the small kernel image, the small kernel image comprises a starting verification research and development public key, and the starting verification research and development public key is used for signing an operating system research and development public key image;

the starting verification public key partition is stored with the operating system research and development public key image, the operating system research and development public key image comprises an operating system research and development public key, the operating system research and development public key is used for verifying a signature research and development operating system image, the research and development operating system image is used for starting a research and development system, and the operating system research and development public key in the operating system research and development public key image is null value or error data;

and an operating system partition for storing the development operating system image in the case where the electronic device installs the development system.

10. An electronic device comprising a memory for storing computer program instructions and a processor for executing the computer program instructions, wherein the computer program instructions, when executed by the processor, trigger the electronic device to perform the method steps of any of claims 1-7.

11. A computer readable storage medium, characterized in that the computer readable storage medium has stored therein a computer program which, when run on a computer, causes the computer to perform the method according to any of claims 1-7.

Images