CN116070217A - Safe starting system and method for chip module - Google Patents

Safe starting system and method for chip module Download PDF

Info

Publication number
CN116070217A
CN116070217A CN202310152483.6A CN202310152483A CN116070217A CN 116070217 A CN116070217 A CN 116070217A CN 202310152483 A CN202310152483 A CN 202310152483A CN 116070217 A CN116070217 A CN 116070217A
Authority
CN
China
Prior art keywords
chip
firmware
starting
safe
secure
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310152483.6A
Other languages
Chinese (zh)
Inventor
吴佳
李礼
吴叶楠
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai V&g Information Technology Co ltd
Original Assignee
Shanghai V&g Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai V&g Information Technology Co ltd filed Critical Shanghai V&g Information Technology Co ltd
Priority to CN202310152483.6A priority Critical patent/CN116070217A/en
Publication of CN116070217A publication Critical patent/CN116070217A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/572Secure firmware programming, e.g. of basic input output system [BIOS]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/70Software maintenance or management
    • G06F8/71Version control; Configuration management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/4401Bootstrapping
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a safe starting system and a safe starting method for a chip module, and relates to the technical field of chip safety. In order to solve the problems that in the prior art, in order to ensure the safe starting of a chip, the starting chip is often directly solidified in the chip, so that the overall flexibility is reduced, and the wide application scene of a micro control unit cannot be adapted; a safe starting system for a chip module comprises a chip driving unit, a safe auxiliary unit and a chip application unit; the integrity, the source reliability and the confidentiality of the firmware are guaranteed through updating the current safety firmware, the firmware is guaranteed to come from a trusted publisher and is not tampered, the firmware content is prevented from being stolen in the upgrading process, the firmware version is prevented from rolling back, malicious degradation is prevented, confidentiality, integrity and reliability are achieved, the functional defect or security hole of the system is further solved, new functional new value is provided for the system, the progress of products entering the market is facilitated, and the maintenance cost of equipment is reduced.

Description

Safe starting system and method for chip module
Technical Field
The invention relates to the technical field of chip safety, in particular to a safety starting system and a starting method for a chip module.
Background
The fundamental purpose of the safe start is to prevent the consumer from carrying out high-authority operations such as reading, writing, debugging and the like on part of key systems of the product from the software and hardware level. So as to limit the capability of consumers and achieve the aim of protecting the business confidentiality, intellectual property rights and other manufacturer interests of products. Regarding the safe start-up of chips, there are related patents; for example, chinese patent publication No. CN115329345a discloses a method, an apparatus, a chip and a computer readable storage medium for safely starting a chip, and in the case that the power supply voltage of a radio frequency module reaches the verification voltage of the chip, a verification password sent by the radio frequency module is received; the verification password is obtained by the radio frequency module according to the received radio frequency signal; and under the condition that the verification password is successfully verified, enabling the power supply pin so that the power supply pin supplies power to the chip when being connected with an external power supply. So that the chip is powered when connected with an external power supply, and the chip operates normally.
The above patent makes it possible to supply power to the chip when connected to an external power source, but the following problems still remain during actual use:
1. in the prior art, the security of the running environment of the chip is reduced due to the risk of privacy disclosure of a user caused by the fact that software and hardware of the system are modified by malicious software in the running process of the chip.
2. In the prior art, in order to ensure the safe starting of the chip, the starting chip is often directly solidified in the chip, so that the overall flexibility is reduced, and the method cannot adapt to the wide application scene of the micro control unit.
3. In the prior art, during the process of updating the firmware, the security of the new firmware cannot be ensured, and the situations of firmware cloning, malicious software downloading and firmware destruction are easily caused.
Disclosure of Invention
The invention aims to provide a safe starting system and a starting method for a chip module, which ensure the integrity, the source reliability and the confidentiality of firmware and prevent rollback of a firmware version by updating the current safe firmware, and reduce the maintenance cost of equipment so as to solve the problems in the background technology.
In order to achieve the above purpose, the present invention provides the following technical solutions:
a secure boot system for a chip module, comprising:
the chip driving unit is used for determining a chip starting position, matching corresponding execution instructions based on the chip starting position after the power supply signal is accessed, and automatically operating the chip module based on a matching result;
the security auxiliary unit is used for constructing a middle layer, acquiring driving data of the chip driving unit and safely applying the driving data to the chip application unit, wherein the middle layer comprises a security engine and an encryption library, and the security engine and the encryption library are used for safely storing secret keys and safely carrying out encryption and decryption operations;
and the chip application unit is used for determining the current data packet of the safe starting and the safe firmware of the chip based on the driving data of the chip driving unit, acquiring the latest data packet of the safe starting and the safe firmware required by starting from the upper computer, comparing the current data packet with the latest data packet, and updating the safe starting and the safe firmware based on the comparison result.
Further, the determining the starting position of the chip specifically includes:
receiving a verification password sent by a radio frequency module under the condition that the voltage of the chip reaches a preset starting voltage range; under the condition that the verification password is successfully verified, an external power supply is connected with a power supply pin to supply power to the chip;
the boot register protects each boot partition independently, the chip determines the boot partition according to configuration of boot0 and boot1 pins, and the starting position of a system where the chip is located is determined based on the boot partition;
the starting position comprises a system memory, a user memory chip and a static random access memory.
Further, the safety auxiliary unit includes:
the trust chain construction module is used for determining a trust root, establishing an RDP protocol based on the trust root, loading digital signature authentication, determining a root certificate of the digital signature profound certificate, matching the root certificate with a signature key in a database, and constructing a trust chain;
the image verification module is used for executing validity verification by the previous image of each stage in the process of establishing the trust chain, and determining the trust coefficient of the whole trust chain;
and the safety operation module is used for determining whether the trusted coefficient is in the execution range of the chip module or not based on the trusted coefficient of the trusted chain, and determining a starting instruction.
Further, the determining trust root specifically includes:
after the chip is electrified, determining whether the current operation mode is a production mode, and starting a safety starting function after determining that the current operation mode is the production mode; simultaneously, loading the key started safely into a key slot of a safe area;
and acquiring an operation file from the operation loading process, and acquiring a digital signature and a public key certificate from the operation file.
Further, the mirror image verification module is further configured to:
and verifying the integrity of the data through a message digest algorithm, and verifying the identity of the mirror image publisher through an asymmetric signature verification algorithm, wherein the data encrypted through the public key is decrypted by the private key, and the data signed through the private key is verified by the public key.
Further, after determining the start instruction, the method further includes:
executing memory initialization operation, wherein in the memory initialization operation, the chip stores a system file of a program to be operated into the static random access memory;
the static random access memory performs integrity verification on the system file, and the access security area is determined after the system file is complete;
a plurality of key slots are arranged in the safety area, a key is loaded into any one key slot through a register, and the loading operation of the key slot covers the previously loaded key;
the register operates memory access read-write, and encrypts, decrypts, signs, HMAC, random number generation operations are performed on the system file based on the keys in the key slot.
Further, after determining the start instruction, the method further includes:
if the system file is opened, acquiring an encrypted signature from the system file, and reading a preconfigured field in the system file to determine an encryption algorithm corresponding to the encrypted signature;
decrypting the encrypted signature according to a decryption algorithm corresponding to the encryption algorithm, checking the decrypted signature, and if the decrypted signature passes the check, starting the chip to run the to-be-operated procedure.
Further, the secure boot and secure firmware update includes a secure configuration, a user firmware load, and a firmware burn function prepared for the user firmware update.
Further, the secure boot and secure firmware update specifically includes:
based on the safe starting of the chip, determining that the current firmware in the server is trusted firmware when the chip runs, and downloading new safe firmware through a downloading module in the chip;
establishing a communication link between the new security firmware and the current firmware in the server, receiving firmware data based on a file transfer protocol, and confirming the validity of the firmware data;
and installing new safety firmware based on the firmware data, detecting the configuration state of the new safety firmware in the system, and ensuring that related hardware safety functions are set according to the expected configuration.
A secure boot method for a chip module, comprising the steps of:
step one: ensuring a unique starting inlet in resetting, executing corresponding instructions based on the starting position of the chip after power-on, wherein the starting sequence in the instructions cannot be modified, and running a safe starting code which cannot be changed;
step two: the method comprises the steps of verifying a starting mirror image step by step, realizing the trusted loading of firmware, detecting the safety state of a system, and carrying out encryption, decryption, signature, HMAC and random number generation operation on a system file in the running process of the system;
step three: and receiving the encrypted new secure firmware, decrypting the new secure firmware, verifying the integrity and the validity of the new secure firmware, and performing secure startup and secure firmware update when the currently running firmware is determined to need to be updated.
Compared with the prior art, the invention has the beneficial effects that:
1. the correctness of system configuration is checked by establishing a trust root, the integrity and the validity of the application program to be operated subsequently are checked by using a cryptography algorithm and a matched secret key, the application program can be started normally only by checking, in the process of establishing a trust chain, each level of mirror image is subjected to validity verification by a previous level of mirror image, the first instruction operated when the system is started is ensured, and all codes are subjected to integrity and authenticity verification in the whole process of loading completion of an operating system.
2. The integrity, the source reliability and the confidentiality of the firmware are guaranteed through updating the current safety firmware, the firmware is guaranteed to come from a trusted publisher and is not tampered, the firmware content is prevented from being stolen in the upgrading process, the firmware version is prevented from rolling back, malicious degradation is prevented, confidentiality, integrity and reliability are achieved, the functional defect or security hole of the system is further solved, new functional new value is provided for the system, the progress of products entering the market is facilitated, and the maintenance cost of equipment is reduced.
3. When the chip is started, encryption, decryption, signature, HMAC and random number generation operations are carried out on the system file based on the key in the key slot, so that the safety of running an application program of the chip is ensured, the encrypted signature is decrypted according to a decryption algorithm corresponding to the encryption algorithm, and the decrypted signature is verified, so that the method can support various encryption algorithms in the front, improve the compatibility of the chip when running application programs of different software providers, and further improve the safety.
Drawings
FIG. 1 is a block diagram of a secure boot system for a chip module according to the present invention;
FIG. 2 is a diagram of a secure boot system architecture for a chip module according to the present invention;
fig. 3 is a flowchart of a method for secure booting a chip module according to the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
In order to solve the technical problem that in the prior art, in order to ensure the safe starting of the chip, the starting chip is often directly solidified in the chip, so that the overall flexibility is reduced, and thus the starting chip cannot adapt to the wide application scene of the micro control unit, please refer to fig. 1-2, the embodiment provides the following technical scheme:
a secure boot system for a chip module, comprising:
the chip driving unit is used for determining a chip starting position, matching corresponding execution instructions based on the chip starting position after the power supply signal is accessed, and automatically operating the chip module based on a matching result; the security auxiliary unit is used for constructing a middle layer, acquiring driving data of the chip driving unit and safely applying the driving data to the chip application unit, wherein the middle layer comprises a security engine and an encryption library, and the security engine and the encryption library are used for safely storing secret keys and safely carrying out encryption and decryption operations; the chip application unit is used for determining the current data packet of the safe starting and the safe firmware of the chip based on the driving data of the chip driving unit, acquiring the latest data packet of the safe starting and the safe firmware required by starting from the upper computer, comparing the current data packet with the latest data packet, and updating the safe starting and the safe firmware based on the comparison result;
determining a starting position of a chip, and particularly receiving a verification password sent by a radio frequency module under the condition that the voltage of the chip reaches a preset starting voltage range; under the condition that the verification password is successfully verified, an external power supply is connected with a power supply pin to supply power to the chip; the boot register protects each boot partition independently, the chip determines the boot partition according to configuration of boot0 and boot1 pins, and the starting position of a system where the chip is located is determined based on the boot partition; the starting position comprises a system memory, a user memory chip and a static random access memory.
Specifically, by determining the starting position of the chip, matching the corresponding execution instruction based on the starting position of the chip after the power supply signal is accessed, the chip module is automatically operated, the starting chip is not limited, the starting chip is prevented from being directly solidified in the chip, the starting position of the system where the chip is positioned is determined by the chip according to the configuration of the boot0 and boot1 pins and the boot register, the initial execution process of the system is realized, the principle of safe starting is not influenced, only the realization mode is changed, the flexibility of the operation of the chip is improved, the wide application scene of a micro control unit is adapted, and the starting safety of the chip is improved.
In order to solve the technical problem that in the prior art, the security of the operating environment of the chip is reduced due to the risk of privacy disclosure of a user caused by modification of software and hardware of a system by malicious software in the operation of the chip, referring to fig. 1-2, the present embodiment provides the following technical scheme:
the security auxiliary unit comprises a trust chain construction module, a security auxiliary unit and a security control unit, wherein the trust chain construction module is used for determining a trust root, establishing an RDP (remote data protocol) based on the trust root, loading digital signature authentication, determining a root certificate of the digital signature profound certificate, matching the root certificate with a signature key in a database, and constructing a trust chain; after the chip is electrified, determining whether the current operation mode is a production mode, and starting a safety starting function after determining that the current operation mode is the production mode; simultaneously, loading the key started safely into a key slot of a safe area; acquiring an operation file from an operation loading process, and acquiring a digital signature and a public key certificate from the operation file;
the image verification module is used for executing validity verification on each level of image by the previous level of image in the process of establishing the trust chain, and executing validity verification on each level of image by the previous level of image in the starting process, so that the validity of the second level of image is ensured by the first level of image as long as the first level of image is ensured to be legal, and the validity of the third level of image is ensured by the second level of image, thereby connecting the trust chain of the whole starting process, finally ensuring that the whole system is credible and determining the credibility coefficient of the whole trust chain; verifying the integrity of the data through a message digest algorithm, and verifying the identity of the mirror image publisher through an asymmetric signature verification algorithm, wherein the data encrypted through a public key is decrypted by a private key, and the data signed through the private key is verified by the public key;
and the safety operation module is used for determining whether the trusted coefficient is in the execution range of the chip module or not based on the trusted coefficient of the trusted chain, and determining a starting instruction.
Specifically, by establishing a trust root, namely a section of unalterable starting code and data, the starting code is a section of code which can be run and cannot be bypassed every time power-on reset, the section of starting code is used for checking the correctness of system configuration, a cryptographic algorithm and a matched secret key thereof are used for checking the integrity and validity of an application program to be run subsequently, the application program can be started normally only if the verification is passed, in the process of establishing a trust chain, each stage of mirror image is subjected to validity verification by a preceding stage of mirror image, and the first instruction running when the system is started is ensured, and in the whole process of loading completion of an operating system, all the codes are subjected to the integrity and authenticity verification.
In order to solve the technical problems that in the prior art, in the process of updating the firmware, the security of the new firmware cannot be ensured, and the situations of firmware cloning, malicious software downloading and firmware destruction are easily caused, please refer to fig. 1-2, the present embodiment provides the following technical scheme:
after the starting instruction is determined, the method further comprises the step of executing memory initialization operation, wherein in the memory initialization operation, the chip stores a system file of a program to be operated into the static random access memory; the static random access memory performs integrity verification on the system file, and the access security area is determined after the system file is complete; a plurality of key slots are arranged in the safety area, a key is loaded into any one key slot through a register, and the loading operation of the key slot covers the previously loaded key; the register operates memory access read-write, and encrypts, decrypts, signs, HMAC and random number generation operations are performed on the system file based on the key in the key slot; if the system file is opened, acquiring an encrypted signature from the system file, and reading a preconfigured field in the system file to determine an encryption algorithm corresponding to the encrypted signature; decrypting the encrypted signature according to a decryption algorithm corresponding to the encryption algorithm, checking the decrypted signature, and if the decrypted signature passes the check, starting the chip to run the to-be-run procedure;
the secure boot and secure firmware update includes secure configuration, user firmware loading, and firmware burning functions prepared for user firmware update; based on the safe starting of the chip, determining that the current firmware in the server is trusted firmware when the chip runs, and downloading new safe firmware through a downloading module in the chip; establishing a communication link between the new security firmware and the current firmware in the server, receiving firmware data based on a file transfer protocol, and confirming the validity of the firmware data; and installing new safety firmware based on the firmware data, detecting the configuration state of the new safety firmware in the system, and ensuring that related hardware safety functions are set according to the expected configuration.
Specifically, when the chip is started, a key is loaded into any key slot through a register, the loading operation of the key slot covers the previously loaded key, the register operates memory to access and read and write, encryption, decryption, signature, HMAC and random number generation operations are performed on the system file based on the key in the key slot, the security of the running application program of the chip is ensured, the encrypted signature is decrypted according to a decryption algorithm corresponding to the encryption algorithm, and the decrypted signature is verified, so that the method can support the plurality of encryption algorithms in the front, improve the compatibility when the chip rerun the application programs of different software providers, and further improve the security;
the integrity, the source reliability and the confidentiality of the firmware are guaranteed through updating the current safety firmware, the firmware is guaranteed to come from a trusted publisher and is not tampered, the firmware content is prevented from being stolen in the upgrading process, the firmware version is prevented from rolling back, malicious degradation is prevented, confidentiality, integrity and reliability are achieved, the functional defect or security hole of the system is further solved, new functional new value is provided for the system, the progress of products entering the market is facilitated, and the maintenance cost of equipment is reduced.
In order to better demonstrate a starting method of a secure start system for a chip module, referring to fig. 3, the present invention proposes a secure start method for a chip module, comprising the following steps:
step one: the method comprises the steps that a unique starting entrance in resetting is ensured, corresponding instructions are executed based on the starting position of a chip after power-on, the starting sequence in the instructions cannot be modified, a safe starting code is operated and cannot be changed, and a protected environment is provided for protecting all key data and operations;
step two: the method comprises the steps of verifying a starting mirror image step by step, realizing the trusted loading of firmware, detecting the safety state of a system, and carrying out encryption, decryption, signature, HMAC and random number generation operation on a system file in the running process of the system, wherein the integrity, the legality and the confidentiality of the system are ensured by using an encryption and decryption tool;
step three: and receiving the encrypted new secure firmware, decrypting the encrypted new secure firmware, verifying the integrity and the legality of the new secure firmware, ensuring the credibility of the new secure firmware in each updating process, and carrying out secure startup and secure firmware updating when the current running firmware is determined to need updating, wherein the incomplete or illegally sourced firmware cannot be used for updating.
The foregoing is only a preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art, who is within the scope of the present invention, should be covered by the protection scope of the present invention by making equivalents and modifications to the technical solution and the inventive concept thereof.

Claims (10)

1. A secure launch system for a chip module, characterized by: comprising the following steps:
the chip driving unit is used for determining a chip starting position, matching corresponding execution instructions based on the chip starting position after the power supply signal is accessed, and automatically operating the chip module based on a matching result;
the security auxiliary unit is used for constructing a middle layer, acquiring driving data of the chip driving unit and safely applying the driving data to the chip application unit, wherein the middle layer comprises a security engine and an encryption library, and the security engine and the encryption library are used for safely storing secret keys and safely carrying out encryption and decryption operations;
and the chip application unit is used for determining the current data packet of the safe starting and the safe firmware of the chip based on the driving data of the chip driving unit, acquiring the latest data packet of the safe starting and the safe firmware required by starting from the upper computer, comparing the current data packet with the latest data packet, and updating the safe starting and the safe firmware based on the comparison result.
2. A secure boot system for a chip module as defined in claim 1, wherein: the determining of the starting position of the chip specifically comprises the following steps:
receiving a verification password sent by a radio frequency module under the condition that the voltage of the chip reaches a preset starting voltage range; under the condition that the verification password is successfully verified, an external power supply is connected with a power supply pin to supply power to the chip;
the boot register protects each boot partition independently, the chip determines the boot partition according to configuration of boot0 and boot1 pins, and the starting position of a system where the chip is located is determined based on the boot partition;
the starting position comprises a system memory, a user memory chip and a static random access memory.
3. A secure boot system for a chip module as defined in claim 2, wherein: the security auxiliary unit includes:
the trust chain construction module is used for determining a trust root, establishing an RDP protocol based on the trust root, loading digital signature authentication, determining a root certificate of the digital signature profound certificate, matching the root certificate with a signature key in a database, and constructing a trust chain;
the image verification module is used for executing validity verification by the previous image of each stage in the process of establishing the trust chain, and determining the trust coefficient of the whole trust chain;
and the safety operation module is used for determining whether the trusted coefficient is in the execution range of the chip module or not based on the trusted coefficient of the trusted chain, and determining a starting instruction.
4. A secure boot system for a chip module as defined in claim 3, wherein: the determining trust root specifically comprises the following steps:
after the chip is electrified, determining whether the current operation mode is a production mode, and starting a safety starting function after determining that the current operation mode is the production mode; simultaneously, loading the key started safely into a key slot of a safe area;
and acquiring an operation file from the operation loading process, and acquiring a digital signature and a public key certificate from the operation file.
5. A secure boot system for a chip module as defined in claim 4, wherein: the mirror image verification module is further configured to:
and verifying the integrity of the data through a message digest algorithm, and verifying the identity of the mirror image publisher through an asymmetric signature verification algorithm, wherein the data encrypted through the public key is decrypted by the private key, and the data signed through the private key is verified by the public key.
6. A secure boot system for a chip module as defined in claim 5, wherein: after the start instruction is determined, the method further comprises the following steps:
executing memory initialization operation, wherein in the memory initialization operation, the chip stores a system file of a program to be operated into the static random access memory;
the static random access memory performs integrity verification on the system file, and the access security area is determined after the system file is complete;
a plurality of key slots are arranged in the safety area, a key is loaded into any one key slot through a register, and the loading operation of the key slot covers the previously loaded key;
the register operates memory access read-write, and encrypts, decrypts, signs, HMAC, random number generation operations are performed on the system file based on the keys in the key slot.
7. A secure boot system for a chip module as defined in claim 6, wherein: after the start instruction is determined, the method further comprises the following steps:
if the system file is opened, acquiring an encrypted signature from the system file, and reading a preconfigured field in the system file to determine an encryption algorithm corresponding to the encrypted signature;
decrypting the encrypted signature according to a decryption algorithm corresponding to the encryption algorithm, checking the decrypted signature, and if the decrypted signature passes the check, starting the chip to run the to-be-operated procedure.
8. A secure boot system for a chip module as defined in claim 7, wherein: the secure boot and secure firmware update includes a secure configuration, a user firmware load, and a firmware burn function prepared for the user firmware update.
9. A secure boot system for a chip module as defined in claim 8, wherein: the safe starting and the safe firmware updating are specifically as follows:
based on the safe starting of the chip, determining that the current firmware in the server is trusted firmware when the chip runs, and downloading new safe firmware through a downloading module in the chip;
establishing a communication link between the new security firmware and the current firmware in the server, receiving firmware data based on a file transfer protocol, and confirming the validity of the firmware data;
and installing new safety firmware based on the firmware data, detecting the configuration state of the new safety firmware in the system, and ensuring that related hardware safety functions are set according to the expected configuration.
10. A secure boot method for a chip module, applied to the secure boot system for a chip module according to any one of claims 1 to 9, characterized in that: the method comprises the following steps:
step one: ensuring a unique starting inlet in resetting, executing corresponding instructions based on the starting position of the chip after power-on, wherein the starting sequence in the instructions cannot be modified, and running a safe starting code which cannot be changed;
step two: the method comprises the steps of verifying a starting mirror image step by step, realizing the trusted loading of firmware, detecting the safety state of a system, and carrying out encryption, decryption, signature, HMAC and random number generation operation on a system file in the running process of the system;
step three: and receiving the encrypted new secure firmware, decrypting the new secure firmware, verifying the integrity and the validity of the new secure firmware, and performing secure startup and secure firmware update when the currently running firmware is determined to need to be updated.
CN202310152483.6A 2023-02-22 2023-02-22 Safe starting system and method for chip module Pending CN116070217A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310152483.6A CN116070217A (en) 2023-02-22 2023-02-22 Safe starting system and method for chip module

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310152483.6A CN116070217A (en) 2023-02-22 2023-02-22 Safe starting system and method for chip module

Publications (1)

Publication Number Publication Date
CN116070217A true CN116070217A (en) 2023-05-05

Family

ID=86174850

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310152483.6A Pending CN116070217A (en) 2023-02-22 2023-02-22 Safe starting system and method for chip module

Country Status (1)

Country Link
CN (1) CN116070217A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117215621A (en) * 2023-11-02 2023-12-12 北京紫光青藤微系统有限公司 Method, device and system for updating firmware of electronic equipment
CN117272317A (en) * 2023-09-25 2023-12-22 中汽智联技术有限公司 System safety starting method, electronic equipment and storage medium
CN117633906A (en) * 2023-11-14 2024-03-01 国网上海能源互联网研究院有限公司 Credibility verification method for validity of intelligent fusion terminal of transformer area

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104156659A (en) * 2014-08-14 2014-11-19 电子科技大学 Embedded system secure start method
CN111143854A (en) * 2019-12-25 2020-05-12 眸芯科技(上海)有限公司 Device, system and method for starting chip secure download

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104156659A (en) * 2014-08-14 2014-11-19 电子科技大学 Embedded system secure start method
CN111143854A (en) * 2019-12-25 2020-05-12 眸芯科技(上海)有限公司 Device, system and method for starting chip secure download

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
AI电堂: "安全启动 - STM32安全启动架构", 知乎:HTTPS://ZHUANLAN.ZHIHU.COM/P/91543581, pages 1 - 3 *
LGJJEFF: "芯片信息安全(一)安全启动", 知乎:HTTPS://ZHUANLAN.ZHIHU.COM/P/536007837, pages 1 - 3 *
STMICROELECTRONICS: "UM2262 User manual Getting started with the X-CUBE-SBSFU STM32Cube Expansion Package", HTTPS://WWW.STMCU.COM.CN/DESIGNRESOURCE/DETAIL/DOCUMENT/710559, pages 3 *
笑容: "浅析安全启动(Secure Boot)", 知乎:HTTPS://ZHUANLAN.ZHIHU.COM/P/540171344?UTM_ID=0, pages 1 - 6 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117272317A (en) * 2023-09-25 2023-12-22 中汽智联技术有限公司 System safety starting method, electronic equipment and storage medium
CN117272317B (en) * 2023-09-25 2024-02-23 中汽智联技术有限公司 System safety starting method, electronic equipment and storage medium
CN117215621A (en) * 2023-11-02 2023-12-12 北京紫光青藤微系统有限公司 Method, device and system for updating firmware of electronic equipment
CN117633906A (en) * 2023-11-14 2024-03-01 国网上海能源互联网研究院有限公司 Credibility verification method for validity of intelligent fusion terminal of transformer area

Similar Documents

Publication Publication Date Title
CN108810894B (en) Terminal authorization method, device, computer equipment and storage medium
CN109937419B (en) Initialization method for security function enhanced device and firmware update method for device
EP1594030B1 (en) Program update method and server
US8150039B2 (en) Single security model in booting a computing device
US8806221B2 (en) Securely recovering a computing device
JP5079803B2 (en) System and method for authenticating a game device
US8694763B2 (en) Method and system for secure software provisioning
CN110688660B (en) Method and device for safely starting terminal and storage medium
CN116070217A (en) Safe starting system and method for chip module
US20130152180A1 (en) Device using secure processing zone to establish trust for digital rights management
US8392724B2 (en) Information terminal, security device, data protection method, and data protection program
CN101523399A (en) Methods and systems for modifying an integrity measurement based on user athentication
JP2004265026A (en) Application authentication system and device
CN107679425B (en) Trusted boot method based on firmware and USBKey combined full disk encryption
CN110795126A (en) Firmware safety upgrading system
WO2017045627A1 (en) Control board secure start method, and software package upgrade method and device
US20080184028A1 (en) Methods, Apparatus and Products for Establishing a Trusted Information Handling System
CN109814934B (en) Data processing method, device, readable medium and system
CN112148314B (en) Mirror image verification method, device and equipment of embedded system and storage medium
CN110532777B (en) Secure start system and method, terminal equipment and core system thereof
KR20070059891A (en) Application authentication security system and method thereof
CN110730079B (en) System for safe starting and trusted measurement of embedded system based on trusted computing module
CN116415313A (en) Safety all-in-one machine, protection method and device of safety all-in-one machine
CN115357948A (en) Hardware anti-copying encryption method and device based on TEE and encryption chip
KR20150072007A (en) Method for accessing temper-proof device and apparatus enabling of the method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination