CN117055929B - Method, equipment and medium for realizing safe upgrade of double-core system - Google Patents
Method, equipment and medium for realizing safe upgrade of double-core system Download PDFInfo
- Publication number
- CN117055929B CN117055929B CN202311311474.3A CN202311311474A CN117055929B CN 117055929 B CN117055929 B CN 117055929B CN 202311311474 A CN202311311474 A CN 202311311474A CN 117055929 B CN117055929 B CN 117055929B
- Authority
- CN
- China
- Prior art keywords
- subsystem
- upgrade
- flash
- storage area
- upgrade file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 54
- 238000012795 verification Methods 0.000 claims abstract description 53
- 238000005192 partition Methods 0.000 claims abstract description 27
- 230000004044 response Effects 0.000 claims description 8
- 238000000638 solvent extraction Methods 0.000 claims description 6
- 238000004590 computer program Methods 0.000 claims description 2
- 230000009977 dual effect Effects 0.000 claims 1
- 230000008569 process Effects 0.000 description 16
- 238000004891 communication Methods 0.000 description 10
- 230000006870 function Effects 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 238000012360 testing method Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 230000009191 jumping Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 239000002699 waste material Substances 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000035945 sensitivity Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Stored Programmes (AREA)
Abstract
The invention belongs to the technical field of software upgrading, and particularly provides a method, equipment and medium for realizing safe upgrading of a dual-core system, wherein the method comprises the following steps: adding head additional information into the upgrade file, performing flash partition, receiving the upgrade file and writing the upgrade file into an upgrade file storage area of the first subsystem flash; verifying the integrity and the security of the upgrade file by using the public key and the digital signature of the upgrade file header; when the verification passes, judging the subsystem for upgrading according to the type of the upgrading file at the head of the upgrading file; when the first subsystem is upgraded, setting an upgrading mark of a parameter storage area of the flash of the first subsystem, and executing upgrading operation by the first subsystem; when the second subsystem is upgraded, the first subsystem transmits an upgrade file to the second subsystem, and the second subsystem executes upgrade operation and feeds back an upgrade result upwards through the first subsystem; the software is stored in the fixed storage space, so that the device resource utilization is more efficient.
Description
Technical Field
The invention relates to the technical field of software upgrading, in particular to a method, equipment and medium for realizing safe upgrading of a dual-core system.
Background
Many scenes in the current information acquisition and automatic control fields mostly adopt real-time and non-real-time dual-core system architecture due to the need of considering data acquisition instantaneity and application function diversity, the dual-core system architecture is generally composed of an arm Linux chip and a single chip microcomputer chip, the single chip microcomputer is mainly responsible for instantaneity data acquisition and processing, the arm Linux chip is mainly responsible for advanced functions such as data statistics analysis, edge calculation and communication with an upper computer, the terminal software is inevitably required to be frequently updated due to the development of technology and the continuous perfection of terminal functions, and terminal operation safety problems are very important due to the sensitivity of the terminal application field, and the security of file transmission during remote upgrading of equipment can be ensured by a plurality of mature communication security encryption technologies at present.
The main technical implementation steps for realizing the online upgrade of the embedded Linux equipment are as follows: dividing flash of the embedded Linux equipment into an operation partition and a backup partition; downloading the upgrade file to the equipment flash backup partition through a network or other communication modes; switching the identity of the operation partition to be a backup partition, and switching the identity of the backup partition to be the operation partition; and restarting the equipment, guiding the running partition system storing the upgrade file to start by the guiding program, and upgrading the system software.
The problem with this upgrade is as follows: because the flash memory space is required to be divided into an operation partition and a backup partition, only a part of the space of the flash can be utilized when the equipment normally operates, and the waste of equipment resources is caused; after the equipment runs for a long time, the specific condition of the running system version of the equipment backup partition is not clear when the software is upgraded, and the complete system software is required to be downloaded and upgraded in order to avoid errors, so that the flexibility of equipment upgrading is reduced.
Disclosure of Invention
Aiming at the problems that the existing upgrading mode is easy to cause waste of equipment resources and reduce flexibility of equipment upgrading, the invention provides a safe upgrading method, equipment and medium for a double-core system.
In a first aspect, the present invention provides a method for implementing a secure upgrade of a dual-core system, where the dual-core system includes a first subsystem provided with a first chip and a second subsystem provided with a second chip, and the method includes the following steps:
adding head additional information to the upgrade file, wherein the additional information comprises the upgrade file type, the program version and the digital signature of the upgrade file;
partitioning flash of the two subsystems respectively, wherein each subsystem partition comprises an operating program storage area, a parameter storage area and an upgrade file storage area;
after receiving the upgrade instruction, the first subsystem receives an upgrade file and writes the upgrade file into an upgrade file storage area of the first subsystem flash;
verifying the integrity and the security of the upgrade file by using the public key and the digital signature of the upgrade file header;
when the verification passes, judging the subsystem for upgrading according to the type of the upgrading file at the head of the upgrading file;
when the first subsystem is upgraded, setting an upgrading mark of a parameter storage area of the flash of the first subsystem, and executing upgrading operation by the first subsystem;
when the second subsystem is upgraded, the first subsystem transmits an upgrade file to the second subsystem, and the second subsystem executes upgrade operation and feeds back an upgrade result upwards through the first subsystem;
and when the verification fails, judging that the upgrade has errors, and feeding back the corresponding error code upwards by the first subsystem.
As a further limitation of the technical solution of the present invention, the step of performing the upgrade operation by the first subsystem includes:
resetting the first chip, entering a uboot bootstrap program, and checking whether an upgrading mark of a parameter storage area of the flash of the first subsystem is set;
if yes, carrying out software upgrading of the first subsystem;
if not, starting the system according to the verification result of the running program storage area of the flash of the first subsystem.
As a further limitation of the technical solution of the present invention, the step of performing the software upgrade of the first subsystem includes:
checking the integrity and the safety of the upgrade file by using the public key and the digital signature of the upgrade file header;
resetting an upgrading mark of a parameter storage area of the flash of the first subsystem if verification fails; the method comprises the following steps: starting the system according to the verification result of the running program storage area of the flash of the first subsystem;
if the verification is passed; copying the digital signature of the head part of the upgrade file to a parameter storage area of the flash of the first subsystem;
covering the upgrade file on a partition corresponding to the running program storage area of the flash of the first subsystem;
after the coverage is completed, checking the integrity and the safety of the covered upgrade program by utilizing the public key and the digital signature of the parameter storage area of the flash of the first subsystem;
if the verification is passed, executing the steps of: resetting an upgrade flag of a parameter storage area of the flash of the first subsystem;
if the verification fails, executing the steps of: copying the digital signature of the upgrade file header to a parameter storage area of the first subsystem flash.
As a further limitation of the technical solution of the present invention, the step of starting the system according to the result of checking the running program storage area of the flash of the first subsystem includes:
verifying the integrity and the safety of an upgrade program of an operation program storage area of the first subsystem flash by using the public key and a digital signature of a parameter storage area of the first subsystem flash;
if the verification is passed, the first subsystem is guided to be normally started through uboot;
if the verification fails, the first subsystem terminates the startup.
As a further limitation of the technical solution of the present invention, the step of the first subsystem transmitting the upgrade file to the second subsystem, the second subsystem performing the upgrade operation and feeding back the upgrade result upward through the first subsystem includes:
the first subsystem issues an upgrade instruction and transmits an upgrade file to the second subsystem;
the second subsystem receives the upgrade instruction and then receives the upgrade file and stores the upgrade file in an upgrade file storage area of the flash of the second subsystem;
checking the integrity and the safety of the upgrade file by utilizing the public key and the digital signature of the upgrade file header;
if the verification is passed, setting an upgrading mark of a parameter storage area of the flash of the second subsystem;
the second subsystem performs an upgrade operation;
if the verification fails, the second subsystem feeds back the error code upwards through the first subsystem.
As a further limitation of the technical solution of the present invention, the step of performing the upgrade operation by the second subsystem includes:
resetting the second chip to enter a boot program, and checking whether an upgrading mark of a parameter storage area of the flash of the second subsystem is set;
if yes, the software of the second subsystem is upgraded;
if not, executing the normal starting flow of the second subsystem.
As a further limitation of the technical solution of the present invention, the step of performing a software upgrade of the second subsystem includes:
checking the integrity and the safety of the upgrade file by using the public key and the digital signature of the upgrade file header;
resetting an upgrading mark of a parameter storage area of the flash of the second subsystem if verification fails; executing a normal starting flow of the second subsystem;
if the verification is passed; copying the upgrade file to an application program execution address corresponding to an operation program storage area of the flash of the second subsystem;
copying the digital signature of the head part of the upgrade file to a parameter storage area of the flash of the second subsystem, and setting an upgrade result response mark of the parameter storage area of the flash of the second subsystem;
verifying the integrity and security of an application program in an operating program storage area of the flash of the second subsystem by utilizing the public key and a digital signature of a parameter storage area of the flash of the second subsystem;
if the verification is passed, resetting an upgrading mark of a parameter storage area of the flash of the second subsystem; skipping to execute the application program of the second subsystem;
if the verification fails, executing the steps of: copying the upgrade file to an application program execution address corresponding to the running program storage area of the flash of the second subsystem.
As a further limitation of the technical solution of the present invention, the normal start-up procedure of the second subsystem includes:
verifying the integrity and safety of an application program of an operating program storage area of the second subsystem flash by using a digital signature in a parameter storage area of the second subsystem flash;
if the verification is passed, skipping to execute the application program of the second subsystem;
after the application program of the second subsystem is jumped to be executed, checking whether an upgrade result response mark of a parameter storage area of the flash of the second subsystem is set or not;
if yes, the second subsystem responds to the upgrading success information to the first subsystem;
if not, normally executing the application program of the second subsystem;
if the verification fails, the second subsystem is started to fail.
In a third aspect, the present invention further provides an electronic device, where the electronic device includes: at least one processor; and a memory communicatively coupled to the at least one processor; the memory stores computer program instructions executable by the at least one processor to enable the at least one processor to perform the method of implementing a dual-core system security upgrade as described in the first aspect.
In a fourth aspect, the present disclosure further provides a non-transitory computer readable storage medium, where the non-transitory computer readable storage medium stores computer instructions, where the computer instructions cause the computer to execute the method for implementing the dual-core system security upgrade according to the first aspect.
From the above technical scheme, the invention has the following advantages:
(1) Partitioning the flash of the system, and storing the equipment system and the application software in a fixed storage space, so that the utilization of equipment resources is more efficient;
(2) The current running program version of the equipment is clear, and the processing modes of the upgrade are respectively checked by adopting different partitions, so that the equipment upgrade is more flexible;
(3) When receiving the upgrade file, the uboot enters an upgrade process to prepare an upgrade program, and multiple security checks are performed after the upgrade file is copied, so that the upgrade software in the equipment software upgrade process is not tampered and the power-down security in the upgrade process is ensured.
(4) Copying the upgrade file under uboot or boot environment can avoid the interference of the running program to the upgrade process when the system runs.
In addition, the invention has reliable design principle, simple structure and very wide application prospect.
It can be seen that the present invention has outstanding substantial features and significant advances over the prior art, as well as its practical advantages.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required to be used in the description of the embodiments or the prior art will be briefly described below, and it will be obvious to those skilled in the art that other drawings can be obtained from these drawings without inventive effort.
FIG. 1 is a schematic flow chart of a method of one embodiment of the invention.
FIG. 2 is a schematic flow chart of an embedded Linux system upgrade in a method of one embodiment of the invention.
FIG. 3 is a schematic flow chart of a single chip microcomputer system upgrade in a method of an embodiment of the invention.
Fig. 4 is a schematic diagram of an upgrade file structure according to an embodiment of the present invention.
Fig. 5 is a schematic diagram of an embedded Linux flash partition in an embodiment of the invention.
Fig. 6 is a schematic diagram of on-chip flash partition of a single chip microcomputer in an embodiment of the invention.
Detailed Description
The digital signature is based on the application of an asymmetric key encryption technology and a digital digest technology, and is a section of digital string which contains electronic file information and sender identity and can identify the sender identity and whether the sent information is tampered. The digital signature string includes the digital abstract generated by the electronic file after the Hash coding, namely a Hash function value and the public key and private key of the sender. The sender encrypts the private key and sends the encrypted private key to the receiver, the receiver decrypts the private key, and the receiver determines whether the data message is tampered or not by comparing the decrypted Hash function value.
According to the method, the upgrading file type is added to the upgrading file header, so that the Linux program and the singlechip program are upgraded in one path; the secure upgrade of the Linux program and the singlechip program is realized by adding digital signature information to the upgrade file header and multiple verification in the upgrade process; the upgrade file is received through the application program in running, so that the upgrade file transmission is realized through a complex communication protocol; and the Linux uboot or the singlechip boot program is used for program checking and moving, so that the interference of the application program and system interruption to the upgrading process is prevented. In order to make the technical solution of the present invention better understood by those skilled in the art, the technical solution of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present invention without making any inventive effort, shall fall within the scope of the present invention.
As shown in fig. 1, an embodiment of the present invention provides a method for implementing a secure upgrade of a dual-core system, where the dual-core system includes a first subsystem provided with a first chip and a second subsystem provided with a second chip, and the method includes the following steps:
step 1: adding head additional information to the upgrade file, wherein the additional information comprises the upgrade file type, the program version and the digital signature of the upgrade file; the structure of the upgrade file is shown in fig. 4.
Step 2: partitioning flash of the two subsystems respectively, wherein each subsystem partition comprises an operating program storage area, a parameter storage area and an upgrade file storage area;
step 3: after receiving the upgrade instruction, the first subsystem receives an upgrade file and writes the upgrade file into an upgrade file storage area of the first subsystem flash;
step 4: verifying the integrity and the security of the upgrade file by using the public key and the digital signature of the upgrade file header;
step 5: judging whether the verification is passed or not;
if yes, executing the step 6;
if not, executing the step 9;
step 6: judging a subsystem for upgrading according to the type of the upgrading file at the head part of the upgrading file;
step 7: when the first subsystem is upgraded, the first subsystem executes an upgrade operation;
step 8: when the second subsystem is upgraded, the first subsystem transmits an upgrade file to the second subsystem, and the second subsystem executes upgrade operation and feeds back an upgrade result upwards through the first subsystem;
step 9: and judging that the upgrade has errors, and feeding back the corresponding error codes upwards by the first subsystem.
In some embodiments, as shown in FIG. 2, the step of the first subsystem performing the upgrade operation includes:
s100: setting an upgrade flag of a parameter storage area of the flash of the first subsystem;
s101: the first chip is reset to enter a uboot bootstrap program;
s102: checking whether an upgrade flag of a parameter storage area of the flash of the first subsystem is set;
if yes, go to step S103;
if not, executing step S110;
s103: checking the integrity and the safety of the upgrade file by using the public key and the digital signature of the upgrade file header;
s104: checking whether the test is successful;
if yes; step S105 is performed; if not, go to step S109;
s105: copying the digital signature of the head part of the upgrade file to a parameter storage area of the flash of the first subsystem;
s106: covering the upgrade file on a partition corresponding to the running program storage area of the flash of the first subsystem;
s107: after the coverage is completed, checking the integrity and the safety of the covered upgrade program by utilizing the public key and the digital signature of the parameter storage area of the flash of the first subsystem;
s108: checking whether the test is successful;
if not, executing step S105; if yes, go to step S109;
s109: resetting an upgrade flag of a parameter storage area of the flash of the first subsystem;
s110: verifying the integrity and the safety of an upgrade program of an operation program storage area of the first subsystem flash by using the public key and a digital signature of a parameter storage area of the first subsystem flash;
s111: checking whether the test is successful;
if yes, go to step S112; if not, go to step S113;
s112: the first subsystem is guided to be normally started through uboot;
s113: the first subsystem terminates the startup.
In some embodiments, as shown in fig. 3, the step of the first subsystem transmitting the upgrade file to the second subsystem, the second subsystem performing the upgrade operation and feeding back the upgrade result upward through the first subsystem includes:
s201: the first subsystem issues an upgrade instruction and transmits an upgrade file to the second subsystem;
s202: the second subsystem receives the upgrade instruction and then receives the upgrade file and stores the upgrade file in an upgrade file storage area of the flash of the second subsystem;
s203: checking the integrity and the safety of the upgrade file by utilizing the public key and the digital signature of the upgrade file header;
s204: judging whether the verification is passed or not;
if yes, go to step S206; if not, executing step S205;
s205: feeding back an error code upwards through the first subsystem; step 222 is performed;
s206: setting an upgrade flag of a parameter storage area of the flash of the second subsystem;
s207: resetting the second chip to enter a boot program;
s208: checking whether an upgrade flag of a parameter storage area of the flash of the second subsystem is set;
if yes, go to step S209; if not, go to step S216;
s209: checking the integrity and the safety of the upgrade file by using the public key and the digital signature of the upgrade file header;
s210: judging whether the verification is passed or not;
if yes, go to step S211; if not, go to step 215;
s211: copying the upgrade file to an application program execution address corresponding to an operation program storage area of the flash of the second subsystem;
s212: copying the digital signature of the head part of the upgrade file to a parameter storage area of the flash of the second subsystem, and setting an upgrade result response mark of the parameter storage area of the flash of the second subsystem;
s213: verifying the integrity and security of an application program in an operating program storage area of the flash of the second subsystem by utilizing the public key and a digital signature of a parameter storage area of the flash of the second subsystem;
s214: judging whether the verification is passed or not;
if yes, go to step 218;
if not, go to step 211;
s215: resetting an upgrade flag of a parameter storage area of the flash of the second subsystem; step S216 is performed;
s216: verifying the integrity and safety of an application program of an operating program storage area of the second subsystem flash by using a digital signature in a parameter storage area of the second subsystem flash;
s217: judging whether the verification is passed or not;
if yes, go to step S219; if not, go to step S223;
s218: resetting an upgrade flag of a parameter storage area of the flash of the second subsystem; step S219 is performed;
s219: skipping to execute the application program of the second subsystem;
s220: after the application program of the second subsystem is jumped to be executed, checking whether an upgrade result response mark of a parameter storage area of the flash of the second subsystem is set or not;
if yes, go to step S221; if not, go to step S222;
s221: the second subsystem responds to the upgrade success information to the first subsystem; step S222 is performed;
s222: normally executing the application program of the second subsystem;
s223: the second subsystem fails to boot.
The embodiment of the invention provides a method for realizing safe upgrading of a dual-core system, wherein the dual-core system is a dual-core system of an embedded Linux unit and a singlechip unit, namely in the embodiment, the embedded Linux unit is a first subsystem, and the singlechip unit is a second subsystem;
firstly, making an upgrade file;
the upgrade file comprises three types, namely Linux kernel, rootfs and singlechip application programs, and is used for upgrading Linux kernel, linux root file system and singlechip application programs respectively.
All the upgrade files consist of header additional information and upgrade program files, and the header additional information part consists of upgrade file types, program versions and digital signatures of the upgrade files. The upgrade file type is used for informing the upgrade operation type to be executed by the upgrade program, the program version is used for recording the upgrade file version information, and the digital signature is used for verifying the integrity and the safety of the upgrade file.
Then, carrying out flash partition;
an embedded Linux flash partition and a singlechip on-chip flash partition;
as shown in fig. 5, the embedded Linux flash memory area is divided into an operating program memory area, a parameter memory area and an upgrade file memory area. The running program storage area is mainly used for storing a starting guide program, a system kernel program and a Linux root file system, the parameter storage area is used for storing mark information required in upgrading and starting processes and digital signatures of execution programs, and the upgrading file storage area is used for storing received upgrading files.
As shown in FIG. 6, the on-chip flash of the SCM is mainly divided into an operating program storage area, a parameter storage area and an upgrade file storage area. The running program storage area is mainly used for storing a starting guide program and an application program, the parameter storage area is used for storing flag bit information and digital signature information of the application program which are needed in the upgrading and starting processes, and the upgrading file storage area is used for storing a received upgrading file.
The embedded Linux software security upgrading flow is as follows:
(a1) The method comprises the steps that during the Linux operation period, upgrade software receives an upgrade instruction issued by an upper computer, and the upgrade software receives an upgrade file and writes the upgrade file into a flash upgrade file storage area;
(a2) Verifying the integrity and the safety of the upgrade file by using the public key and the digital signature carried by the upgrade file header, entering a single chip microcomputer upgrade in step (a 3) or a Linux software upgrade flow in step (a 4) according to the upgrade file type after verification is passed, and feeding back error information to the upper computer if verification is not passed;
(a3) When the single chip microcomputer upgrading process is entered, upgrading software transmits an upgrading file to the single chip microcomputer through a serial port or other channels, and after the single chip microcomputer executes upgrading operation, the upgrading software feeds back an upgrading result to the upper computer;
(a4) When the Linux software upgrading process is started, the upgrading software sets a flash parameter storage area upgrading mark, then resets the chip to enter a uboot guide program, uboot checks the flash parameter storage area upgrading mark, the Linux software upgrading in the step (a 5) is started when the upgrading mark is set, and the normal and safe starting process of the system in the step (a 6) is started when the upgrading mark is not set;
(a5) Checking the integrity and the safety of an upgrade file by using a public key and a digital signature of an upgrade file header of a flash upgrade file storage area, resetting an upgrade mark of a flash parameter storage area if the upgrade mark fails to pass the check, entering a normal safe starting flow of the system in the step (a 6), copying the digital signature information of the upgrade file header to the flash parameter storage area if the upgrade mark passes the check, covering a partition corresponding to a flash running program area by using the upgrade file, checking a running program area covering program by using the public key and the digital signature of the flash parameter storage area after the covering is completed, resetting the upgrade mark of the flash parameter storage area if the upgrade mark passes the check, entering the normal safe starting flow of the system in the step (a 6), and repeating the operation of the upgrade file covering execution program and checking if the upgrade mark fails to ensure the correct execution of the covering file operation;
(a6) And verifying the integrity and the safety of a flash running program storage area Linux kernel and rootfs by using the public key and the digital signature of the flash parameter storage area, and verifying that the system is guided to be normally started by uboot and not stopped to be started by the system.
The specific flow of the safe upgrading and starting of the singlechip software is as follows:
(b1) The single chip microcomputer application program receives a program upgrading instruction issued by the Linux chip, receives an upgrading file and stores the upgrading file into an upgrading file storage area of the flash on the single chip microcomputer chip, verifies the integrity and the safety of the upgrading file through a public key and a digital signature of an upgrading file header, sets a flash upgrading mark to execute the step (b 2) when the upgrading file passes the verification, and responds to the Linux error message when the upgrading file does not pass the verification;
(b2) Resetting the system, entering a boot program of the singlechip, checking a flash upgrading mark in the boot program, entering an application upgrading process in the step 3 if the upgrading mark is set, and entering a normal and safe starting process of the singlechip in the step (b 4) if the upgrading mark is not set;
(b3) Checking the integrity and the safety of the upgrade file through the public key and the digital signature after the system is reset, checking that the upgrade file fails to pass the reset flash upgrade mark, entering a normal safe starting process of the singlechip in step (b 4), copying the upgrade program to an application program execution address if the upgrade program fails to pass the check, copying the upgrade file digital signature to a flash parameter storage area, setting an upgrade result response mark, then checking the integrity and the safety of an execution application program, repeating the upgrade file copying step if the upgrade file fails to pass the check, resetting the upgrade mark and jumping the execution application program to enter step (b 5);
(b4) And (3) the boot uses the digital signature of the parameter storage area to carry out integrity and security verification on the execution application program, if the verification is passed, the execution application program is jumped to enter a step (b 5), and if the verification is not passed, the single-chip microcomputer program is wrongly started to fail.
(b5) After the SCM application program is executed in a jumping mode, a SCM upgrading result response mark is checked, if the mark is set, upgrading success information is responded to the Linux system, and if the mark is not set, the SCM application program is normally executed.
The method comprises the steps that upgrade file type information is added to an upgrade file header, and a Linux upgrade program is compatible with the Linux software and the singlechip program, so that the Linux software and the singlechip program of the dual-core system are upgraded by one upgrade path; the security of the software upgrading information and the power-down security are ensured by adding digital signature information to the upgrading file header, resetting the receiving file and the chip, covering an upgrading program and performing security verification for a plurality of times when the system is started in the upgrading process of the embedded Linux and the singlechip; and receiving an upgrade file when an application program runs, checking and moving the program by using a Linux uboot or singlechip boot program, and ensuring that the software is not interfered by the application program and system interruption in the process of upgrading by using the atomic operation of setting a mark.
The embodiment of the invention also provides electronic equipment, which comprises: the device comprises a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory are in communication with each other through the communication bus. The communication bus may be used for information transfer between the electronic device and the sensor. The processor may call logic instructions in memory to perform the following method: step 1: adding head additional information to the upgrade file, wherein the additional information comprises the upgrade file type, the program version and the digital signature of the upgrade file; step 2: partitioning flash of two systems respectively, wherein each partition of the two systems comprises an operating program storage area, a parameter storage area and an upgrade file storage area; step 3: after receiving the upgrade instruction, the first subsystem receives an upgrade file and writes the upgrade file into an upgrade file storage area of the first subsystem flash; step 4: verifying the integrity and the security of the upgrade file by using the public key and the digital signature of the upgrade file header; step 5: judging whether the verification is passed or not; if yes, executing the step 6; if not, executing the step 9; step 6: judging a system for upgrading according to the type of the upgrading file at the head part of the upgrading file; step 7: when the first subsystem is upgraded, the first subsystem executes an upgrade operation; step 8: when the second subsystem is upgraded, the first subsystem transmits an upgrade file to the second subsystem, and the second subsystem executes upgrade operation and feeds back an upgrade result upwards through the first subsystem; step 9: and judging that the upgrade has errors, and feeding back the corresponding error codes upwards by the first subsystem.
Further, the logic instructions in the memory described above may be implemented in the form of software functional units and stored in a computer-readable storage medium when sold or used as a stand-alone product. Based on this understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
Embodiments of the present invention provide a non-transitory computer readable storage medium storing computer instructions that cause a computer to perform the methods provided by the method embodiments described above, for example, including: step 1: adding head additional information to the upgrade file, wherein the additional information comprises the upgrade file type, the program version and the digital signature of the upgrade file; step 2: partitioning flash of two systems respectively, wherein each partition of the two systems comprises an operating program storage area, a parameter storage area and an upgrade file storage area; step 3: after receiving the upgrade instruction, the first subsystem receives an upgrade file and writes the upgrade file into an upgrade file storage area of the first subsystem flash; step 4: verifying the integrity and the security of the upgrade file by using the public key and the digital signature of the upgrade file header; step 5: judging whether the verification is passed or not; if yes, executing the step 6; if not, executing the step 9; step 6: judging a system for upgrading according to the type of the upgrading file at the head part of the upgrading file; step 7: when the first subsystem is upgraded, the first subsystem executes an upgrade operation; step 8: when the second subsystem is upgraded, the first subsystem transmits an upgrade file to the second subsystem, and the second subsystem executes upgrade operation and feeds back an upgrade result upwards through the first subsystem; step 9: and judging that the upgrade has errors, and feeding back the corresponding error codes upwards by the first subsystem.
Although the present invention has been described in detail by way of preferred embodiments with reference to the accompanying drawings, the present invention is not limited thereto. Various equivalent modifications and substitutions may be made in the embodiments of the present invention by those skilled in the art without departing from the spirit and scope of the present invention, and it is intended that all such modifications and substitutions be within the scope of the present invention/be within the scope of the present invention as defined by the appended claims. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (10)
1. A method of implementing a secure upgrade of a dual-core system, the dual-core system comprising a first subsystem provided with a first chip and a second subsystem provided with a second chip, the method comprising the steps of:
adding head additional information to the upgrade file, wherein the additional information comprises the upgrade file type, the program version and the digital signature of the upgrade file;
partitioning flash of the two subsystems respectively, wherein each subsystem partition comprises an operating program storage area, a parameter storage area and an upgrade file storage area;
after receiving the upgrade instruction, the first subsystem receives an upgrade file and writes the upgrade file into an upgrade file storage area of the first subsystem flash;
verifying the integrity and the security of the upgrade file by using the public key and the digital signature of the upgrade file header;
when the verification passes, judging the subsystem for upgrading according to the type of the upgrading file at the head of the upgrading file;
when the first subsystem is upgraded, setting an upgrading mark of a parameter storage area of the flash of the first subsystem, and executing upgrading operation by the first subsystem;
when the second subsystem is upgraded, the first subsystem transmits an upgrade file to the second subsystem, and the second subsystem executes upgrade operation and feeds back an upgrade result upwards through the first subsystem;
and when the verification fails, judging that the upgrade has errors, and feeding back the corresponding error code upwards by the first subsystem.
2. The method for implementing a two-core system security upgrade of claim 1, wherein the step of the first subsystem performing the upgrade operation comprises:
resetting the first chip, entering a uboot bootstrap program, and checking whether an upgrading mark of a parameter storage area of the flash of the first subsystem is set;
if yes, carrying out software upgrading of the first subsystem;
if not, starting the system according to the verification result of the running program storage area of the flash of the first subsystem.
3. The method for implementing a two-core system security upgrade of claim 2, wherein the step of performing a software upgrade of the first subsystem comprises:
checking the integrity and the safety of the upgrade file by using the public key and the digital signature of the upgrade file header;
resetting an upgrading mark of a parameter storage area of the flash of the first subsystem if verification fails; the method comprises the following steps: starting the system according to the verification result of the running program storage area of the flash of the first subsystem;
if the verification is passed; copying the digital signature of the head part of the upgrade file to a parameter storage area of the flash of the first subsystem;
covering the upgrade file on a partition corresponding to the running program storage area of the flash of the first subsystem;
after the coverage is completed, checking the integrity and the safety of the covered upgrade program by utilizing the public key and the digital signature of the parameter storage area of the flash of the first subsystem;
if the verification is passed, executing the steps of: resetting an upgrade flag of a parameter storage area of the flash of the first subsystem;
if the verification fails, executing the steps of: copying the digital signature of the upgrade file header to a parameter storage area of the first subsystem flash.
4. The method for implementing a secure upgrade of a dual-core system according to claim 3, wherein the step of starting the system according to a result of checking the running program memory area of the flash of the first subsystem comprises:
verifying the integrity and the safety of an upgrade program of an operation program storage area of the first subsystem flash by using the public key and a digital signature of a parameter storage area of the first subsystem flash;
if the verification is passed, the first subsystem is guided to be normally started through uboot;
if the verification fails, the first subsystem terminates the startup.
5. The method for implementing a two-core system security upgrade according to claim 1, wherein the step of the first subsystem transmitting the upgrade file to the second subsystem, the second subsystem performing the upgrade operation and feeding back the upgrade result upward through the first subsystem comprises:
the first subsystem issues an upgrade instruction and transmits an upgrade file to the second subsystem;
the second subsystem receives the upgrade instruction and then receives the upgrade file and stores the upgrade file in an upgrade file storage area of the flash of the second subsystem;
checking the integrity and the safety of the upgrade file by utilizing the public key and the digital signature of the upgrade file header;
if the verification is passed, setting an upgrading mark of a parameter storage area of the flash of the second subsystem;
the second subsystem performs an upgrade operation;
if the verification fails, the second subsystem feeds back the error code upwards through the first subsystem.
6. The method for implementing a two-core system security upgrade of claim 5, wherein the step of the second subsystem performing the upgrade operation comprises:
resetting the second chip to enter a boot program, and checking whether an upgrading mark of a parameter storage area of the flash of the second subsystem is set;
if yes, the software of the second subsystem is upgraded;
if not, executing the normal starting flow of the second subsystem.
7. The method for implementing a two-core system security upgrade of claim 6, wherein the step of performing a software upgrade of the second subsystem comprises:
checking the integrity and the safety of the upgrade file by using the public key and the digital signature of the upgrade file header;
resetting an upgrading mark of a parameter storage area of the flash of the second subsystem if verification fails; executing a normal starting flow of the second subsystem;
if the verification is passed; copying the upgrade file to an application program execution address corresponding to an operation program storage area of the flash of the second subsystem;
copying the digital signature of the head part of the upgrade file to a parameter storage area of the flash of the second subsystem, and setting an upgrade result response mark of the parameter storage area of the flash of the second subsystem;
verifying the integrity and security of an application program in an operating program storage area of the flash of the second subsystem by utilizing the public key and a digital signature of a parameter storage area of the flash of the second subsystem;
if the verification is passed, resetting an upgrading mark of a parameter storage area of the flash of the second subsystem; skipping to execute the application program of the second subsystem;
if the verification fails, executing the steps of: copying the upgrade file to an application program execution address corresponding to the running program storage area of the flash of the second subsystem.
8. The method for implementing a secure upgrade of a dual-core system according to claim 7, wherein the normal start-up procedure of the second subsystem comprises:
verifying the integrity and safety of an application program of an operating program storage area of the second subsystem flash by using a digital signature in a parameter storage area of the second subsystem flash;
if the verification is passed, skipping to execute the application program of the second subsystem;
after the application program of the second subsystem is jumped to be executed, checking whether an upgrade result response mark of a parameter storage area of the flash of the second subsystem is set or not;
if yes, the second subsystem responds to the upgrading success information to the first subsystem;
if not, normally executing the application program of the second subsystem;
if the verification fails, the second subsystem is started to fail.
9. An electronic device, the electronic device comprising: at least one processor; and a memory communicatively coupled to the at least one processor; the memory stores computer program instructions executable by at least one processor to enable the at least one processor to perform the method of implementing a dual core system security upgrade as claimed in any one of claims 1 to 8.
10. A non-transitory computer-readable storage medium storing computer instructions that cause the computer to perform the method of implementing a two-core system security upgrade of any of claims 1-8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311311474.3A CN117055929B (en) | 2023-10-11 | 2023-10-11 | Method, equipment and medium for realizing safe upgrade of double-core system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311311474.3A CN117055929B (en) | 2023-10-11 | 2023-10-11 | Method, equipment and medium for realizing safe upgrade of double-core system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117055929A CN117055929A (en) | 2023-11-14 |
| CN117055929B true CN117055929B (en) | 2024-01-09 |
Family
ID=88655773
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311311474.3A Active CN117055929B (en) | 2023-10-11 | 2023-10-11 | Method, equipment and medium for realizing safe upgrade of double-core system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117055929B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105786510A (en) * | 2016-02-29 | 2016-07-20 | 深圳市美贝壳科技有限公司 | Upgrading and partitioning system and security upgrading method for single-chip microcomputer |
| CN110134426A (en) * | 2019-04-18 | 2019-08-16 | 深圳市致宸信息科技有限公司 | A kind of embedded system upgrade method, device and terminal device |
| CN114840242A (en) * | 2022-04-14 | 2022-08-02 | 深圳矽递科技股份有限公司 | System upgrading method and device of electronic equipment and readable storage medium |
| CN115061704A (en) * | 2022-06-07 | 2022-09-16 | 六安智梭无人车科技有限公司 | Firmware upgrading method and electronic equipment |
| CN115904453A (en) * | 2022-09-01 | 2023-04-04 | 河北汉光重工有限责任公司 | Program online upgrading system and method based on double chips |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8200988B2 (en) * | 2001-08-03 | 2012-06-12 | Intel Corporation | Firmware security key upgrade algorithm |
-
2023
- 2023-10-11 CN CN202311311474.3A patent/CN117055929B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105786510A (en) * | 2016-02-29 | 2016-07-20 | 深圳市美贝壳科技有限公司 | Upgrading and partitioning system and security upgrading method for single-chip microcomputer |
| CN110134426A (en) * | 2019-04-18 | 2019-08-16 | 深圳市致宸信息科技有限公司 | A kind of embedded system upgrade method, device and terminal device |
| CN114840242A (en) * | 2022-04-14 | 2022-08-02 | 深圳矽递科技股份有限公司 | System upgrading method and device of electronic equipment and readable storage medium |
| CN115061704A (en) * | 2022-06-07 | 2022-09-16 | 六安智梭无人车科技有限公司 | Firmware upgrading method and electronic equipment |
| CN115904453A (en) * | 2022-09-01 | 2023-04-04 | 河北汉光重工有限责任公司 | Program online upgrading system and method based on double chips |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117055929A (en) | 2023-11-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106569847B (en) | Method for vehicle-mounted system to realize IAP remote upgrade based on mobile network | |
| CN112579130B (en) | Interactive IAP upgrading method | |
| CN106020865B (en) | System upgrading method and device | |
| KR101299099B1 (en) | Apparatus and method for management of optimized virtualization module in embedded system | |
| CN107809324B (en) | Vehicle-mounted automatic diagnosis system equipment and upgrading method thereof | |
| CN110995825B (en) | Intelligent contract issuing method, intelligent node equipment and storage medium | |
| EP2849113B1 (en) | Software distribution system and software distribution method | |
| CN112631628A (en) | Singlechip upgrading method, singlechip and storage medium | |
| CN113242288A (en) | Internet of things equipment firmware upgrading method, system and device and storage medium | |
| CN109542480A (en) | The operating system update method, apparatus and medium of nail print apparatus | |
| CN101506772B (en) | Environment state changes to alter functionality | |
| CN109117162B (en) | Multi-system upgrading method based on Hypervisor | |
| CN114860291A (en) | Method for guiding and flexibly storing and upgrading application program | |
| CN117055929B (en) | Method, equipment and medium for realizing safe upgrade of double-core system | |
| CN116340956B (en) | Trusted protection optimization method and device for electric embedded terminal equipment | |
| CN111158716B (en) | Version upgrade calling method and device, computer system and readable storage medium | |
| CN115481405A (en) | Safe starting and optimized upgrading method of embedded system | |
| CN112527371B (en) | Boot loader upgrading method and device, electronic equipment and storage medium | |
| CN115220755A (en) | Router online upgrading system based on credibility measurement | |
| CN112115477B (en) | Kernel repairing method and device, electronic equipment and storage medium | |
| US11231878B2 (en) | Content modification control | |
| CN112346772A (en) | Incremental updating method, device and storage medium | |
| CN114610415B (en) | Program starting method, system, storage medium and electronic equipment | |
| CN114268624B (en) | Version file transmission method and device and server | |
| CN115102826B (en) | Communication system and method for electric engineering machinery, upper computer and whole vehicle controller |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |