CN116257854A - Method and device for safely starting chip - Google Patents

Method and device for safely starting chip Download PDF

Info

Publication number
CN116257854A
CN116257854A CN202211090759.4A CN202211090759A CN116257854A CN 116257854 A CN116257854 A CN 116257854A CN 202211090759 A CN202211090759 A CN 202211090759A CN 116257854 A CN116257854 A CN 116257854A
Authority
CN
China
Prior art keywords
controller
security chip
module
program
cos
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211090759.4A
Other languages
Chinese (zh)
Inventor
张贺
李会同
王亚伟
郑树宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Hongsi Electronic Technology Co ltd
Original Assignee
Beijing Hongsi Electronic Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Hongsi Electronic Technology Co ltd filed Critical Beijing Hongsi Electronic Technology Co ltd
Priority to CN202211090759.4A priority Critical patent/CN116257854A/en
Publication of CN116257854A publication Critical patent/CN116257854A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/02Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a method and a device for safely starting a chip, comprising the following steps: the controller of the security chip starts a BOOT program, after the security data in the security data storage area is successfully checked, the integrity and the legality of the BOOT program in the BOOT program storage area are successfully checked, the controller of the security chip judges whether a COS program downloading password in the COS program storage area is correct, if yes, the controller of the security chip downloads the COS program, clears the COS program downloading password, controls the security chip to reset, if no, the controller of the security chip checks the integrity and the legality of the COS program in the COS program storage area, and after the check is successful, the controller of the security chip guides the COS program; and if the verification fails, setting an error state by the controller of the security chip. The invention ensures the safety of the chip start, thereby protecting the safety of hardware and ensuring the chip to execute legal update and download COS programs.

Description

Method and device for safely starting chip
Technical Field
The invention relates to the field of information security, in particular to a method and a device for safely starting a chip.
Background
The security chip is a hardware base stone in the field of information security, in the prior art, in the starting process of the security chip, the integrity of a BOOT program is usually checked, but the security of the security chip cannot be ensured by only checking the integrity of the BOOT program, potential safety hazards exist in the starting process of the security chip, and in addition, the security risk can be caused by allowing unrestricted multi-time updating and downloading of a COS program of the security chip.
Disclosure of Invention
The invention provides a method and a device, which solve the technical problems.
The invention provides a method for safely starting a chip, which comprises the following steps:
step 1, a controller of a security chip starts a BOOT program after the security chip is powered on;
step 2, the controller of the security chip checks the security data in the security data storage area, judges whether the check is successful, if yes, executes step 3, if not, executes step 7;
step 3, the controller of the security chip executes the integrity check to the BOOT program in the BOOT program storage area, judges whether the check result is successful, if so, executes step 4, and if not, executes step 7;
step 4, the controller of the security chip executes validity check on the BOOT program according to the security data, judges whether the check result is successful, if so, executes step 5, and if not, executes step 7;
Step 5, the controller of the security chip judges whether the COS program download password in the COS program storage area is correct, if yes, the controller of the security chip downloads the COS program, clears the COS program download password, controls the security chip to reset, if no, the controller of the security chip checks the integrity of the COS program in the COS program storage area, judges whether the checking result is successful, if yes, the step 6 is executed, and if no, the step 7 is executed;
step 6, the controller of the security chip executes validity check on the COS program according to the security data, judges whether the check result is successful, and if so, the controller of the security chip guides the COS program; if not, executing the step 7;
and 7, setting an error state by a controller of the security chip.
The invention provides a device for safely starting a chip, which comprises:
the power-on module is used for powering on the security chip;
the starting module is used for starting a BOOT program by the controller of the security chip after the power-on module is powered on;
the first verification module is used for verifying the safety data of the safety data storage area by the controller of the safety chip;
the first judging module is used for judging the verification result of the first verification module, triggering the second verification module when the judgment result of the first judging module is yes, and triggering the state setting module when the judgment result of the first judging module is no;
The second checking module is used for executing integrity check on the BOOT program in the BOOT program storage area by the controller of the security chip;
the second judging module is used for judging the verification result of the second verification module, triggering the third verification module when the judgment result of the second judging module is yes, and triggering the state setting module when the judgment result of the second judging module is no;
the third verification module is used for executing validity verification on the BOOT program according to the safety data by the controller of the safety chip;
the third judging module is used for judging the verification result of the third verification module, triggering the fourth judging module when the judgment result of the third judging module is yes, and triggering the state setting module when the judgment result of the third judging module is no;
the fourth judging module is used for judging whether the COS program downloading password in the COS program storage area is correct or not by the controller of the security chip, triggering the downloading clearing reset module when the judging result of the fourth judging module is yes, and triggering the fourth checking module when the judging result of the fourth judging module is no;
the download clearing reset module is used for downloading a COS program by the controller of the security chip, clearing a COS program download password and controlling the security chip to reset;
The fourth checking module is used for checking the integrity of the COS program in the COS program storage area by the controller of the security chip;
the fifth judging module is used for judging the verification result of the fourth verification module, triggering the fifth verification module when the judgment result of the fifth judging module is yes, and triggering the state setting module when the judgment result of the fifth judging module is no;
a fifth verification module, configured to perform validity verification on the COS program according to the security data by the controller of the security chip;
the sixth judging module is used for judging the verification result of the fifth verification module, triggering the guiding module when the judgment result of the sixth judging module is yes, and triggering the state setting module when the judgment result of the sixth judging module is no;
the guide module is used for guiding the COS program by the controller of the security chip;
and the setting state module is used for setting an error state by the controller of the security chip.
The invention also provides a computer readable storage medium comprising a computer program which, when run on a computer, causes the computer to perform the method of chip secure booting described above.
The invention also provides a safety chip which is coupled with the memory and is used for executing the computer program stored in the memory so as to execute the method for safely starting the chip.
The invention has the beneficial effects that: the invention provides a method and a device for safely starting a chip, which ensure the safety of the chip starting, thereby protecting the safety of hardware and ensuring the chip to execute legal updating and downloading COS programs.
Drawings
Fig. 1 is a flowchart of a method for safely starting a chip according to a first embodiment of the present invention;
fig. 2 and fig. 3 are flowcharts of a method for securely starting a chip according to a second embodiment of the present invention;
fig. 4 is a flowchart of another implementation manner of the method for safely starting the chip according to the second embodiment of the present invention, in which the controller of the safety chip waits for receiving the instruction of the upper computer.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Example 1
The embodiment provides a method for safely starting a chip, as shown in fig. 1, which comprises the following steps:
Step 1, a controller of a security chip starts a BOOT program after the security chip is powered on;
step 2, the controller of the security chip checks the security data in the security data storage area, judges whether the check is successful, if yes, executes step 3, if not, executes step 7;
step 3, the controller of the security chip executes the integrity check to the BOOT program in the BOOT program storage area, judges whether the check result is successful, if so, executes step 4, and if not, executes step 7;
step 4, the controller of the security chip executes validity check on the BOOT program according to the security data, judges whether the check result is successful, if so, executes step 5, and if not, executes step 7;
step 5, the controller of the security chip judges whether the COS program download password in the COS program storage area is correct, if yes, the controller of the security chip downloads the COS program, clears the COS program download password, controls the security chip to reset, if no, the controller of the security chip checks the integrity of the COS program in the COS program storage area, judges whether the check result is successful, if yes, the step 6 is executed, and if no, the step 7 is executed;
step 6, the controller of the security chip executes validity check on the COS program according to the security data, judges whether the check result is successful, and if so, the controller of the security chip guides the COS program; if not, executing the step 7;
And 7, setting an error state by a controller of the security chip.
In one possible implementation, step 3 is specifically: the controller of the security chip controls a first operation module of the security chip to operate the data of the BOOT program in the BOOT program storage area according to a first algorithm to obtain a second operation result, judges whether the second operation result is the same as the hash value of the BOOT program in the security data, if so, the verification result is successful, the step 4 is executed, if not, the verification result is failed, and the step 7 is executed;
the step 4 is specifically as follows: the controller of the security chip controls a second operation module of the security chip to carry out signature verification operation by using a second algorithm according to a second operation result, a BOOT program public key and a BOOT program signature value in security data, and judges whether the signature verification result is successful, if so, step 5 is executed, and if not, step 7 is executed;
and (5) checking the integrity of the COS program by the controller of the security chip in the step (5), judging whether the check is successful, if so, executing the step (6), otherwise, executing the step (7) specifically as follows:
the controller of the security chip controls the first operation module of the security chip to operate the data of the COS program in the COS program storage area according to the first algorithm to obtain a third operation result, judges whether the third operation result is the same as the COS program hash value in the security data, if so, executes the step 6, if not, executes the step 7;
The step 6 is specifically as follows: the controller of the security chip controls a second operation module of the security chip to carry out signature verification operation by using a second algorithm according to a third operation result, a COS program public key and a COS program signature value in security data, and judges whether the signature verification result is successful, if so, the controller of the security chip guides the COS program; if not, step 7 is performed.
In a possible implementation manner, in step 5, the controller of the security chip downloads a COS program, clears the COS program download password, and controls the security chip to reset specifically includes:
step m1, a controller of a security chip waits for receiving an instruction sent by an upper computer;
step m2, the controller of the security chip judges the type of the received instruction, and when the received instruction is a COS writing program instruction, the step m3 is executed; when the received instruction is the instruction for clearing the COS program downloading password, executing the step m4; when the received instruction is a reset instruction, executing the step m5;
step m3, the controller of the security chip writes the COS program into the COS storage area according to the address in the COS program instruction and the data of the COS program, and returns to the step m1;
step m4, the controller of the security chip clears the COS program downloading password at the preset position in the flash memory of the security chip, and returns to the step m1;
And m5, resetting the security chip by the controller of the security chip.
In one possible embodiment, step m2 further comprises: when the received instruction is a COS program public key downloading instruction, executing a step m6;
step m6, the controller of the security chip judges whether the predetermined position of the BOOT storage area of the flash memory stores the COS program public key, if yes, the controller of the security chip reports errors, and the step m1 is returned; if not, executing the step m7;
and (m 7) the controller of the security chip writes the COS program public key in the downloaded COS program public key instruction into a preset position of the BOOT storage area, and returns to the step (m 1).
In one possible embodiment, step 1 further comprises, before:
step 01, a controller of a safety chip starts a temperature and voltage detection module;
the method further comprises the steps of: and when the temperature and voltage detection module judges that the temperature or the voltage is abnormal, the safety chip is reset.
In one possible embodiment, step m2 further comprises:
when the instruction is an erasure instruction, executing the step m8;
when the instruction is an instruction for writing the COS program hash value, executing the step m9;
when the instruction is an instruction for writing a signature value of the COS program, executing a step m10;
m8, the controller of the security chip erases the COS program in the COS storage area, the COS program hash value and the COS program signature value in the security data storage area, and returns to the step m1;
Step m9, the controller of the security chip writes the COS program hash value into the security data storage area, and returns to the step m1;
and (m 10) writing the COS program signature value into a secure data storage area by the controller of the security chip, and returning to the step (m 1).
In a possible implementation manner, step 2, step 3, step 4 and step 6 are key steps, and the safety data further comprises preset key step execution sequence number check values corresponding to the key steps respectively;
the at least one key step further comprises the following steps before being executed:
the controller of the security chip judges whether the current execution sequence number value of the key step is the same as the execution sequence number check value of the key step corresponding to the key step to be executed, if so, the key step to be executed is executed, and if not, the step 7 is executed.
In one possible implementation manner, the security data further comprises an initial value of the execution sequence number of the key step;
the step 1 further comprises the following steps: the controller of the security chip updates the initial value of the execution sequence number of the key step according to a preset rule to obtain the current execution sequence number value of the key step;
the current key steps after execution also include: and after judging that the execution result of the current key step is successful, the controller of the safety chip takes the obtained value updated by the current key step execution sequence number value according to a preset rule as the current key step execution sequence number value.
In one possible implementation, the method further includes, after performing the current critical step: and after judging that the execution result of the current key step is failure, the controller of the safety chip sets the error state as a checking error value.
Example two
The embodiment provides a method for safely starting a chip, as shown in fig. 2 and fig. 3, which comprises the following steps:
step 201, initializing a security chip after powering up;
step 202, a controller of a security chip starts a BOOT program;
in this embodiment, step 202 may further include: the safety chip controller starts a temperature and voltage detection module;
the method further comprises the following steps: when the temperature and voltage detection module determines that the temperature and voltage are abnormal, the security chip is reset, and the step 201 is returned.
Step 203, the controller of the security chip reads the security data and the security data CRC check value in the flash memory, verifies the security data according to the security data CRC check value, judges whether the verification result is successful, if yes, executes step 204, and if not, executes step 210;
in this embodiment, the flash memory includes a BOOT program storage area, a COS program storage area, and a secure data storage area, and the secure data CRC check value are stored in the secure data storage area.
In this embodiment, the security data includes a BOOT program public key, a BOOT program signature value, a BOOT program hash value, a COS program public key, a COS program signature value, a COS program hash value, and a preset COS program download verification code.
In this embodiment, the security data is provided with access rights, specifically:
the COS program has no read-write authority for the safety data;
the BOOT program has no read-write permission on a BOOT program public key, a BOOT program signature value, a BOOT program hash value and a preset COS program downloading verification code in the safety data, and has read-write permission on a COS program public key, a COS program signature value and a COS program hash value in the safety data, wherein the BOOT program has only one-time write permission on the COS program public key.
The method specifically comprises the following steps: the controller of the security chip reads the security data and the security data CRC check value in the flash memory, calculates the security data according to the CRC algorithm to obtain a first operation result, judges whether the first operation result is the same as the security data CRC check value, if so, the verification result is successful, the step 204 is executed, if not, the verification result is failed, and the step 210 is executed;
in this embodiment, the secure data CRC check value, the BOOT program data and the COS program data may be stored in ciphertext form, and when the secure data, the secure data CRC check value, the BOOT program data and the COS program data are operated, the controller of the secure chip invokes the encryption/decryption module of the chip to decrypt the data stored in ciphertext form by using the preset encryption/decryption key, and then performs corresponding operation.
For example, in this step, the secure data and the secure data CRC check value may be a secure data ciphertext and a secure data CRC check value ciphertext, and the controller of the secure chip reads the secure data and the secure data CRC check value in the flash memory specifically includes: the controller of the security chip reads the security data ciphertext and the security data CRC check value ciphertext in the flash memory, and invokes the encryption and decryption module of the chip to decrypt the security data ciphertext and the security data CRC check value ciphertext by using a preset encryption and decryption key to obtain security data and security data CRC check value.
Step 204, the controller of the security chip performs integrity check on the BOOT program, determines whether the check result is successful, if yes, performs step 205, and if not, performs step 210;
the method specifically comprises the following steps: the controller of the security chip controls the SM3 operation module of the security chip to operate the data of the BOOT program in the BOOT program storage area according to the SM3 algorithm to obtain a second operation result, judges whether the second operation result is identical to the hash value of the BOOT program in the security data, if so, the verification result is successful, step 205 is executed, if not, the verification result is failed, and step 210 is executed.
Step 205, the controller of the security chip performs signature verification operation according to the BOOT program signature value in the security data, and judges whether the signature verification result is successful, if yes, step 206 is executed, and if no, step 210 is executed;
the controller of the security chip controls an SM2 operation module of the security chip to carry out signature verification operation according to a BOOT program public key, a second operation result and a BOOT program signature value in the security data by using an SM2 algorithm, and judges whether the signature verification result is successful, if so, step 206 is executed, and if not, step 210 is executed;
step 206, the controller of the security chip judges whether the COS program download password is correct, if yes, step 211 is executed, and if no, step 207 is executed;
the COS program downloading password in the step is the value of the preset position of the COS program storage area of the chip flash memory, and the step specifically comprises the following steps: the controller of the security chip reads the value of the preset position of the COS program storage area of the chip flash memory, judges whether the read value is the same as the COS program downloading verification code preset in the security data storage area, if so, executes step 211, if not, executes step 207; the preset COS program downloading verification code is written into a preset position of a safe data storage area of the chip flash memory when the chip leaves a factory.
In this embodiment, step 206 specifically includes: the controller of the security chip determines whether the COS program download password is correct, if so, step 206' is executed, and if not, step 207 is executed;
step 206', the controller of the security chip again determines whether the COS program download password is correct, if yes, step 211 is executed, and if no, step 207 is executed.
In the embodiment, the security chip can finish operation when being illegally attacked in the starting process by judging whether the COS program downloading password is correct or not twice, so that the safety of the starting process of the security chip is ensured.
Step 207, the controller of the security chip checks the integrity of the COS program, determines whether the check is successful, if yes, executes step 208, if no, executes step 210;
the method specifically comprises the following steps: and the controller of the security chip controls the SM3 operation module of the security chip to operate the data of the COS program according to the SM3 algorithm to obtain a third operation result, judges whether the third operation result is the same as the hash value of the COS program in the security data, if so, executes step 208, and if not, executes step 210.
Step 208, the controller of the security chip performs signature verification operation according to the COS program signature value in the security data, and determines whether the signature verification result is successful, if yes, step 209 is executed, and if no, step 210 is executed.
The controller of the security chip controls the SM2 operation module of the security chip to carry out signature verification operation according to the third operation result, the COS program public key and the COS program signature value in the security data by using an SM2 algorithm, judges whether the signature verification result is successful, if so, executes step 209, otherwise, executes step 210;
step 209, the controller of the security chip guides the COS program and ends;
step 210, the controller of the security chip controls the security chip to be in an error state;
step 211, the controller of the security chip waits for receiving the instruction of the upper computer;
step 212, the controller of the security chip receives the instruction sent by the upper computer, and judges the type of the instruction, and when the instruction is a download COS program public key instruction, step 213 is executed; when the instruction is an erase instruction, execute step 217; when the instruction is a write COS program instruction, step 219 is performed; when the instruction is a write COS program hash value instruction, step 221 is performed; when the instruction is a write COS program signature value instruction, step 223 is performed; when the instruction is a check COS program instruction, step 225 is performed; when the instruction is to clear the COS program download password, step 228 is performed; when the instruction is a reset instruction, execute step 230; when the instruction is a get chip status instruction, step 232 is performed.
Step 213, the controller of the security chip determines the current state of the security chip, and when the current state is an error state, step 214 is executed; when the current state is the correct state, execute step 215;
step 214, the controller of the security chip returns a response of refusing to execute the instruction to the upper computer, and returns to step 211;
step 215, the controller of the security chip judges whether the predetermined position of the BOOT storage area stores the COS public key, if yes, the controller of the security chip reports errors, and returns to step 211, if no, step 216 is executed;
step 216, the controller of the security chip writes the COS program public key in the downloaded COS program public key instruction into a preset position of the security data storage area, and returns to step 211;
step 217, the controller of the security chip determines the current state of the security chip, and when the current state is a correct state, step 218 is executed, and when the current state is an error state, step 214 is executed;
step 218, the controller of the security chip erases the COS program in the COS storage area, the COS program hash value and the COS program signature value in the security data storage area, and returns to step 211;
step 219, the controller of the security chip determines the current state of the security chip, and when the current state is a correct state, step 220 is executed, and when the current state is an error state, step 214 is executed;
Step 220, the controller of the security chip writes the COS program into the COS storage area according to the address in the COS program instruction and the data of the COS program, and returns to step 211;
step 221, the controller of the security chip determines the current state of the security chip, and when the current state is a correct state, step 222 is executed, and when the current state is an error state, step 214 is executed;
step 222, the controller of the security chip writes the COS program hash value into the security data storage area, and returns to step 211;
step 223, the controller of the security chip determines the current state of the security chip, and when the current state is a correct state, step 224 is executed, and when the current state is an error state, step 214 is executed;
step 224, the controller of the security chip writes the signature value of the COS program into the security data storage area, and returns to step 211;
step 225, the controller of the security chip determines the current state of the security chip, and when the current state is a correct state, step 226 is executed, and when the current state is an error state, step 214 is executed;
step 226, the controller of the security chip reads the COS program of the COS storage area, checks the integrity of the COS program, judges whether the check is successful, if yes, executes step 227, if no, the controller of the security chip sends a response of failure in checking the COS program to the upper computer, and returns to step 211;
Step 227, the controller of the security chip sends a response for checking the success of COS to the upper computer, and returns to step 211;
step 228, the controller of the security chip determines the current state of the security chip, and when the current state is a correct state, step 229 is executed, and when the current state is an error state, step 214 is executed;
step 229, the controller of the security chip clears the COS program download password at the preset position of the COS program area of the chip flash memory, and returns to step 211;
step 230, the controller of the security chip determines the current state of the security chip, and when the current state is a correct state, step 231 is executed, and when the current state is an error state, step 214 is executed;
step 231, the controller of the security chip resets the security chip, and step 201 is executed;
step 232, the controller of the security chip determines the current state of the security chip, returns a response of the current state of the security chip to the upper computer, and returns to step 211.
In this embodiment, as shown in fig. 4, the steps 212 to 232 may be replaced by the steps N212 to N223:
step N212, the controller of the security chip receives the instruction sent by the upper computer;
step N213, the controller of the security chip judges the current state of the security chip, if the current state is an error state, judges the type of the instruction, executes step 214 when the instruction is an acquisition chip state instruction, and executes step 215 when the instruction is a non-acquisition chip state instruction; if the instruction is in a correct state, judging the type of the instruction, executing a step N216 when the instruction is a download COS program public key instruction, executing a step N218 when the instruction is an erase instruction, executing a step N219 when the instruction is a write COS program hash value instruction, executing a step N220 when the instruction is a write COS program signature value instruction, executing a step N221 when the instruction is a check COS program instruction, and executing a step N222 when the instruction is a check COS program instruction; executing step N224 when the instruction is to clear the COS program download password, executing step N225 when the instruction is to reset the instruction, and executing step N226 when the instruction is to acquire the chip state instruction;
Step N216, the controller of the security chip judges whether the predetermined position of the BOOT storage area stores the COS public key, if yes, carry out step N217, if no, the controller of the security chip reports errors, return to step 211;
step N218, the controller of the security chip erases the COS program in the COS storage area, the COS program hash value and the COS program signature value in the security data storage area, and returns to step 211;
step N219, the controller of the security chip writes the COS program into the COS storage area according to the address in the COS program instruction and the data of the COS program, and returns to step 211;
step N220, the controller of the security chip writes the COS program hash value into the security data storage area, and returns to step 211;
step N221, the controller of the security chip writes the COS program signature value into the security data storage area, and returns to step 211;
step N222, the controller of the security chip reads the COS program of the COS storage area, checks the integrity of the COS program, judges whether the check is successful, if yes, executes step 223, if not, the controller of the security chip sends a response of failure in checking the COS program to the upper computer, and returns to step 211;
step N223, the controller of the security chip sends a response for checking COS success to the upper computer, and returns to step 211;
Step N224, the controller of the security chip clears the COS program downloading password at the preset position of the COS program area of the chip flash memory, and returns to step 211;
step N225, resetting the security chip by the controller of the security chip, and executing step 201;
in step N226, the controller of the security chip determines the current state of the security chip, returns a response of the current state of the security chip to the host computer, and returns to step 211.
In this embodiment, step 203, step 204, step 205, step 208 and step 209 are key steps, and the security data further includes an initial value of a key step execution sequence number and a current key step execution sequence number check value corresponding to each current key step respectively;
step 202 may further include: and the controller of the security chip updates the initial value of the execution sequence number of the key step according to a preset rule to obtain the current execution sequence number value of the key step.
The following steps are performed before each critical step, or before at least one critical step:
the controller of the security chip determines whether the current critical step execution sequence number value is the same as the preset current critical step execution sequence number check value, if yes, the current critical step is executed, if no, the controller of the security chip sets the error status flag as an attack error value, and step 211 is executed.
After the execution result of the key step is successful, the method further comprises:
and the controller of the safety chip takes the obtained value updated by the current key step execution sequence number check value according to a preset rule as the current key step execution sequence number check value.
After the execution result of each key step is failure, each key step further comprises: the controller of the security chip sets the error status flag to a check error value and then performs step 211.
In this embodiment, the predetermined rule may be an increment operation or a decrement operation according to a predetermined value.
For example, in the present embodiment, the initial value of the execution sequence number of the key step is 0, the predetermined value is 1, and the predetermined rule is to perform the addition operation according to the predetermined value 1;
the key steps are as follows:
the current key step execution sequence number corresponding to step 203 has a test value of 1;
the current key step execution sequence number corresponding to step 204 has a test value of 2;
the current key step execution sequence number corresponding to step 205 has a test value of 3;
the current key step execution sequence number corresponding to step 208 has a test value of 4;
step 209 corresponds to a current key step execution sequence number test value of 5;
step 202 may further include: the controller of the safety chip performs progressive operation on the initial value 0 of the execution sequence number of the key step according to the preset value 1 to obtain the execution sequence number value 1 of the current key step;
Step 203 is preceded by: the controller of the security chip judges whether the current key step execution sequence number value is the same as the preset current key step execution sequence number checking value 1, if yes, step 203 is executed, if no, the controller of the security chip sets the error state identifier as an attack error value, and step 211 is executed;
after the execution result of step 203 is successful, the method further includes:
the controller of the safety chip takes a value 2 obtained by performing progressive operation on the current key step execution sequence number value 1 according to the current key step execution sequence number value 1 as a current key step execution sequence number value;
step 204 is preceded by:
the controller of the security chip judges whether the current key step execution sequence number value is the same as the preset current key step execution sequence number checking value 2, if yes, step 204 is executed, if no, the controller of the security chip sets the error state identifier as a checking error value, and step 211 is executed;
after the execution result of step 204 is successful, the method further includes:
the controller of the safety chip takes a value 3 obtained by performing progressive operation on the current key step execution sequence number value 1 according to the current key step execution sequence number value 2 by a preset value 1 as a current key step execution sequence number check value;
And so on, steps 205, 208 and 209 are performed, and will not be described again.
In this embodiment, in step 232, the response of the current state of the security chip is specifically: the response of the current state of the chip is an attack error value or a verification error value.
In this embodiment, by checking the sequence number value of the current key step, the security chip can finish operation when being illegally attacked in the starting process, so that the security of the starting process of the security chip is ensured.
Example III
The embodiment provides a device for safely starting a chip, which comprises:
the power-on module is used for powering on the security chip;
the starting module is used for starting a BOOT program by the controller of the security chip after the power-on module is powered on;
the first verification module is used for verifying the safety data of the safety data storage area by the controller of the safety chip;
the first judging module is used for judging the verification result of the first verification module, triggering the second verification module when the judgment result of the first judging module is yes, and triggering the state setting module when the judgment result of the first judging module is no;
the second checking module is used for executing integrity check on the BOOT program in the BOOT program storage area by the controller of the security chip;
The second judging module is used for judging the verification result of the second verification module, triggering the third verification module when the judgment result of the second judging module is yes, and triggering the state setting module when the judgment result of the second judging module is no;
the third verification module is used for executing validity verification on the BOOT program according to the safety data by the controller of the safety chip;
the third judging module is used for judging the verification result of the third verification module, triggering the fourth judging module when the judgment result of the third judging module is yes, and triggering the state setting module when the judgment result of the third judging module is no;
the fourth judging module is used for judging whether the COS program downloading password in the COS program storage area is correct or not by the controller of the security chip, triggering the downloading clearing reset module when the judging result of the fourth judging module is yes, and triggering the fourth checking module when the judging result of the fourth judging module is no;
the download clearing reset module is used for downloading a COS program by the controller of the security chip, clearing the COS program download password and controlling the security chip to reset;
the fourth checking module is used for checking the integrity of the COS program in the COS program storage area by the controller of the security chip;
The fifth judging module is used for judging the verification result of the fourth verification module, triggering the fifth verification module when the judgment result of the fifth judging module is yes, and triggering the state setting module when the judgment result of the fifth judging module is no;
a fifth verification module, configured to perform validity verification on the COS program according to the security data by using a controller of the security chip;
the sixth judging module is used for judging the verification result of the fifth verification module, triggering the guiding module when the judgment result of the sixth judging module is yes, and triggering the state setting module when the judgment result of the sixth judging module is no;
the guide module is used for guiding the COS program by the controller of the security chip;
and the setting state module is used for setting an error state by the controller of the security chip.
In a possible implementation manner, a second verification module is specifically configured to control, by a controller of a security chip, a first operation module of the security chip to operate on data of a BOOT program in a BOOT program storage area according to a first algorithm to obtain a second operation result, and determine whether the second operation result is the same as a BOOT program hash value in the security data to obtain a verification result;
the third verification module is specifically used for controlling a second operation module of the security chip by a controller of the security chip to carry out signature verification operation by using a second algorithm according to a second operation result, a BOOT program public key and a BOOT program signature value in the security data, and judging whether the signature verification result is a successful verification result or not;
The fourth verification module is specifically used for controlling the first operation module of the security chip to operate the data of the COS program in the COS program storage area according to the first algorithm to obtain a third operation result, and judging whether the third operation result is the same as the COS program hash value in the security data to obtain a verification result;
and the fifth verification module is specifically used for controlling a second operation module of the security chip by a controller of the security chip to perform signature verification operation by using a second algorithm according to the third operation result, the COS program public key and the COS program signature value in the security data, so as to obtain a verification result.
In one possible implementation manner, the download clear reset module specifically includes:
a waiting receiving unit, for waiting for receiving the instruction sent by the upper computer by the controller of the security chip;
the judging and executing unit is used for judging the type of the instruction received by the waiting and receiving unit, and when the received instruction is the instruction for writing the COS program, the controller of the security chip writes the COS program into the COS storage area according to the address in the instruction for writing the COS program and the data of the COS program, and triggers the waiting and receiving unit; when the received instruction is an instruction for clearing the COS program downloading password, the controller of the security chip clears the COS program downloading password at a preset position in the flash memory of the security chip, and triggers the waiting receiving unit; and when the received instruction is a reset instruction, the controller of the security chip resets the security chip.
In one possible implementation manner, the judging and executing unit is further configured to, when the received instruction is an instruction for downloading a public key of a COS program, judge, by the controller of the security chip, whether a predetermined location of a BOOT storage area of the flash memory stores the public key of the COS program, and if so, report an error by the controller of the security chip, and trigger the waiting receiving unit; if not, the controller of the security chip writes the COS program public key in the downloaded COS program public key instruction into the preset position of the BOOT storage area, and returns to wait for receiving the instruction sent by the upper computer.
In one possible implementation manner, the starting module is further used for starting the temperature and voltage detection module by the controller of the safety chip, wherein when the temperature and voltage detection module judges that the temperature or the voltage is abnormal, the resetting module is further used for resetting the safety chip.
In one possible implementation manner, the judging and executing unit is further configured to, when the instruction is an erase instruction, erase the COS program in the COS storage area, the COS program hash value and the COS program signature value in the secure data storage area, and trigger the waiting receiving unit;
when the instruction is an instruction for writing the COS program hash value, the controller of the security chip writes the COS program hash value into the security data storage area, and triggers the waiting receiving unit;
When the instruction is an instruction for writing the signature value of the COS program, the controller of the security chip writes the signature value of the COS program into the security data storage area, and triggers the waiting receiving unit.
In one possible embodiment, the first checking module, the second checking module,
The third verification module and the fourth verification module are key modules, and the safety data also comprises preset key module execution sequence number verification values corresponding to the key modules respectively;
the device for safely starting the chip further comprises a seventh judging module, wherein the seventh judging module is used for judging whether the current execution sequence number value of the key step is the same as the execution sequence number check value of the key step corresponding to the key step to be executed before the execution of at least one key module, if so, triggering the current key module, and if not, triggering the state setting module.
In one possible implementation manner, the security data further comprises an initial value of the execution sequence number of the key step; the device for safely starting the chip also comprises an updating module, wherein the updating module is used for updating the initial value of the execution sequence number of the key step by the controller of the safety chip according to a preset rule after the starting module executes the operation to obtain the execution sequence number value of the current key step;
and the controller of the security chip is further used for taking the obtained value updated by the current key step execution sequence number value according to the preset rule as the current key step execution sequence number value after the operation of executing the key module to be executed is successful.
In one possible implementation, after failure to perform an operation of the critical module to be performed, a set state module is triggered, which is specifically configured to set the error state to a verification error value.
In a possible embodiment, the trigger setting state module is specifically configured to set the error state to an attack error value.
The present embodiment also provides a computer-readable storage medium including a computer program which, when run on a computer, causes the computer to perform the above-described method of chip secure boot.
The embodiment also provides a security chip, which is coupled with the memory and is used for executing the computer program stored in the memory to execute the method for safely starting the chip.
The foregoing is merely illustrative of the present invention, and the present invention is not limited thereto, and any person skilled in the art will readily recognize that variations or substitutions are within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (13)

1. A method for secure booting of a chip, the method comprising:
step 1, a controller of a security chip starts a BOOT program after the security chip is powered on;
step 2, the controller of the security chip checks the security data in the security data storage area, judges whether the check is successful, if so, executes step 3, and if not, executes step 7;
step 3, the controller of the security chip executes the integrity check on the BOOT program in the BOOT program storage area, judges whether the check result is successful, if so, executes step 4, and if not, executes step 7;
step 4, the controller of the security chip executes validity check on the BOOT program according to the security data, judges whether the check result is successful, if so, executes step 5, and if not, executes step 7;
step 5, the controller of the security chip judges whether the COS program downloading password in the COS program storage area is correct, if yes, the controller of the security chip downloads the COS program, clears the COS program downloading password, controls the security chip to reset, if no, the controller of the security chip checks the integrity of the COS program in the COS program storage area, judges whether the checking result is successful, if yes, step 6 is executed, and if no, step 7 is executed;
Step 6, the controller of the security chip executes validity check on the COS program according to the security data, judges whether the check result is successful, and if so, the controller of the security chip guides the COS program; if not, executing the step 7;
and 7, setting an error state by the controller of the security chip.
2. The method of claim 1, wherein,
the step 3 specifically comprises the following steps: the controller of the security chip controls a first operation module of the security chip to operate the data of the BOOT program in the BOOT program storage area according to a first algorithm to obtain a second operation result, judges whether the second operation result is the same as the BOOT program hash value in the security data or not, if so, the verification result is successful, the step 4 is executed, if not, the verification result is failed, and the step 7 is executed;
the step 4 specifically comprises the following steps: the controller of the security chip controls a second operation module of the security chip to carry out signature verification operation by using a second algorithm according to a second operation result, a BOOT program public key and a BOOT program signature value in the security data, and judges whether the signature verification result is successful, if so, step 5 is executed, and if not, step 7 is executed;
The controller of the security chip in step 5 checks the integrity of the COS program, determines whether the check is successful, if yes, executes step 6, and if not, executes step 7 specifically as follows:
the controller of the security chip controls a first operation module of the security chip to operate the data of the COS program in the COS program storage area according to a first algorithm to obtain a third operation result, whether the third operation result is the same as the COS program hash value in the security data or not is judged, if yes, the step 6 is executed, and if no, the step 7 is executed;
the step 6 is specifically as follows:
the controller of the security chip controls a second operation module of the security chip to carry out signature verification operation by using a second algorithm according to the third operation result, a COS program public key and a COS program signature value in the security data, and judges whether the signature verification result is successful or not, if so, the controller of the security chip guides the COS program; if not, step 7 is performed.
3. The method as claimed in claim 1, wherein in step 5, the controller of the security chip downloads a COS program, clears the COS program download password, and the controlling the security chip reset specifically includes:
M1, the controller of the security chip waits for receiving an instruction sent by an upper computer;
m2, the controller of the security chip judges the type of the received instruction, and when the received instruction is a COS program writing instruction, the controller executes the step m3; when the received instruction is the instruction for clearing the COS program downloading password, executing the step m4; when the received instruction is a reset instruction, executing the step m5;
m3, the controller of the security chip writes the COS program into a COS storage area according to the address in the COS program instruction and the data of the COS program, and returns to the step 1;
step m4, the controller of the security chip clears the COS program downloading password at a preset position in the flash memory of the security chip, and returns to the step m1;
and m5, resetting the security chip by the controller of the security chip.
4. The method of claim 3, wherein,
the step m2 further includes: when the received instruction is a COS program public key downloading instruction, executing a step m6;
m6, the controller of the security chip judges whether the preset position of the BOOT storage area of the flash memory stores a COS program public key, if so, the controller of the security chip reports errors and returns to the step m1; if not, executing the step m7;
And m7, the controller of the security chip writes the COS program public key in the downloaded COS program public key instruction into a preset position of the BOOT storage area, and returns to the step m1.
5. The method of claim 1, wherein,
the step 1 further includes:
step 01, a controller of the safety chip starts a temperature and voltage detection module;
the method further comprises the steps of:
and when the temperature and voltage detection module judges that the temperature or the voltage is abnormal, the safety chip is reset.
6. The method of claim 3, wherein,
the step m2 further includes:
when the instruction is an erasure instruction, executing the step m8;
when the instruction is an instruction for writing the COS program hash value, executing the step m9;
when the instruction is an instruction for writing a signature value of the COS program, executing a step m10;
m8, the controller of the security chip erases the COS program in the COS storage area, the COS program hash value and the COS program signature value in the security data storage area, and the process returns to the step m1;
step m9, the controller of the security chip writes the COS program hash value into the security data storage area, and returns to the step m1;
and (m 10) writing the COS program signature value into the secure data storage area by the controller of the secure chip, and returning to the step (m 1).
7. The method of claim 1, wherein,
step 2, step 3, step 4 and step 6 are key steps, and the safety data also comprises a preset key step execution sequence number check value corresponding to at least one key step;
the method further comprises the following steps before at least one key step is executed:
and the controller of the security chip judges whether the current execution sequence number value of the key step is the same as the execution sequence number check value of the key step corresponding to the key step to be executed, if so, the key step to be executed is executed, and if not, the step 7 is executed.
8. The method of claim 7, wherein,
the safety data also comprises an initial value of an execution sequence number of a key step;
the step 1 further comprises the following steps: the controller of the safety chip updates the initial value of the execution sequence number of the key step according to a preset rule to obtain the current execution sequence number value of the key step;
the key steps to be executed further include: and if the execution is successful, the controller of the security chip takes the obtained value updated by the current key step execution sequence number value according to the preset rule as the current key step execution sequence number value.
9. The method of claim 7, wherein,
the key steps to be executed further include: if the execution fails, the controller of the security chip sets the error state to a check error value.
10. The method of claim 9, wherein,
the executing step 7 specifically includes: the controller of the security chip sets the error state to an attack error value.
11. A device for secure activation of a chip, the device comprising:
the power-on module is used for powering on the security chip;
the starting module is used for starting a BOOT program by the controller of the security chip after the power-on module is powered on;
the first verification module is used for verifying the safety data of the safety data storage area by the controller of the safety chip;
the first judging module is used for judging the verification result of the first verification module, triggering the second verification module when the judgment result of the first judging module is yes, and triggering the state setting module when the judgment result of the first judging module is no;
the second checking module is used for executing integrity check on the BOOT program in the BOOT program storage area by the controller of the security chip;
The second judging module is used for judging the verification result of the second verification module, triggering the third verification module when the judgment result of the second judging module is yes, and triggering the state setting module when the judgment result of the second judging module is no;
the third verification module is used for executing validity verification on the BOOT program by the controller of the security chip according to the security data;
the third judging module is used for judging the verification result of the third verification module, triggering the fourth judging module when the judgment result of the third judging module is yes, and triggering the state setting module when the judgment result of the third judging module is no;
the fourth judging module is used for judging whether the COS program downloading password in the COS program storage area is correct or not by the controller of the security chip, triggering the downloading clearing reset module when the judging result of the fourth judging module is yes, and triggering the fourth checking module when the judging result of the fourth judging module is no;
the download clearing reset module is used for downloading a COS program by the controller of the security chip, clearing the COS program download password and controlling the security chip to reset;
The fourth verification module is used for verifying the integrity of the COS program in the COS program storage area by the controller of the security chip;
the fifth judging module is used for judging the verification result of the fourth verification module, triggering the fifth verification module when the judgment result of the fifth judging module is yes, and triggering the state setting module when the judgment result of the fifth judging module is no;
the fifth verification module is used for executing validity verification on the COS program by the controller of the security chip according to the security data;
the sixth judging module is used for judging the verification result of the fifth verification module, triggering the guiding module when the judgment result of the sixth judging module is yes, and triggering the state setting module when the judgment result of the sixth judging module is no;
the guide module is used for guiding COS programs by the controller of the security chip;
the setting state module is used for setting an error state by the controller of the security chip.
12. A computer readable storage medium, characterized in that the computer readable storage medium comprises a computer program which, when run on a computer, causes the computer to perform the method of any one of claims 1 to 10.
13. A security chip, characterized in that the chip is coupled to a memory for executing a computer program stored in the memory for performing the method of any of claims 1 to 10.
CN202211090759.4A 2022-09-07 2022-09-07 Method and device for safely starting chip Pending CN116257854A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211090759.4A CN116257854A (en) 2022-09-07 2022-09-07 Method and device for safely starting chip

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211090759.4A CN116257854A (en) 2022-09-07 2022-09-07 Method and device for safely starting chip

Publications (1)

Publication Number Publication Date
CN116257854A true CN116257854A (en) 2023-06-13

Family

ID=86679829

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211090759.4A Pending CN116257854A (en) 2022-09-07 2022-09-07 Method and device for safely starting chip

Country Status (1)

Country Link
CN (1) CN116257854A (en)

Similar Documents

Publication Publication Date Title
US11803366B2 (en) Firmware updating system and method
JP5740646B2 (en) How to download software
US8880898B2 (en) Anti-roll-back mechanism for counter
JP6054908B2 (en) Method for repairing variable sets, computer program and computer
US7711944B2 (en) Method and apparatus for securely updating and booting code image
CN110990084B (en) Chip secure starting method and device, storage medium and terminal
EP2854066A1 (en) System and method for firmware integrity verification using multiple keys and OTP memory
US20210149681A1 (en) Secure Firmware Management with Hierarchical Boot Sequence using Last Known Good Firmware
CN112035152A (en) Secure processing system and method for SoC chip firmware upgrade
JP2017021434A (en) Information processor and control method thereof
CN106919859B (en) Basic input output system protection method and device
TWI570591B (en) Allowing use of a test key for a bios installation
KR20210046418A (en) Semiconductor device inclduing secure patchable rom and pathc method thereof
CN112347518A (en) Storage device
CN113486360A (en) RISC-V based safe starting method and system
CN111159717A (en) Starting method and device for electronic equipment
CN116257854A (en) Method and device for safely starting chip
CN110730079A (en) Embedded system safe starting and credibility measuring system based on credible computing module
CN112966276B (en) Method, device and medium for safely starting computer
CN115220796A (en) Secure boot device
CN110740041B (en) Embedded system safe starting and credibility measuring method based on credible computing module
CN111695164A (en) Electronic device and control method thereof
CN117494232B (en) Method, device, system, storage medium and electronic equipment for executing firmware
US20230129942A1 (en) Method for locking a rewritable non-volatile memory and electronic device implementing said method
US20240070282A1 (en) Firmware update method and apparatus for a mcu of a vehicle

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination