CN117521073A - Secure boot method, embedded device, electronic device, and storage medium - Google Patents
Secure boot method, embedded device, electronic device, and storage medium Download PDFInfo
- Publication number
- CN117521073A CN117521073A CN202311394936.2A CN202311394936A CN117521073A CN 117521073 A CN117521073 A CN 117521073A CN 202311394936 A CN202311394936 A CN 202311394936A CN 117521073 A CN117521073 A CN 117521073A
- Authority
- CN
- China
- Prior art keywords
- mirror image
- key
- information
- authentication code
- hash value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 64
- 238000012795 verification Methods 0.000 claims abstract description 103
- 238000013507 mapping Methods 0.000 claims abstract description 55
- 238000012545 processing Methods 0.000 claims description 12
- 238000004891 communication Methods 0.000 claims description 10
- 238000010586 diagram Methods 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 7
- 230000008569 process Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- VIEYMVWPECAOCY-UHFFFAOYSA-N 7-amino-4-(chloromethyl)chromen-2-one Chemical compound ClCC1=CC(=O)OC2=CC(N)=CC=C21 VIEYMVWPECAOCY-UHFFFAOYSA-N 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 230000007723 transport mechanism Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses a safe starting method, embedded equipment, electronic equipment and storage medium, wherein the method comprises the following steps: responding to a starting signal of the embedded equipment, when the first encryption algorithm is an asymmetric encryption algorithm, extracting a first signature public key corresponding to a first mirror image from a mirror image key mapping table and carrying out hash operation to obtain a first hash value; when the first hash value is the same as the root public key hash value, a second hash value is obtained according to the first encryption algorithm, the first signature public key and the first verification information; obtaining a third hash value according to the first hash algorithm, the first mirror image and the first intermediate information; when the third hash value is the same as the second hash value, the first mirror is started. Each mirror image of the method and the device only corresponds to one authentication information, each mirror image can support different verification algorithms, and compared with the scheme that all mirror images only support one verification algorithm, the method and the device can support multiple mirror image verification requirements of the embedded device at different stages, so that the safety of device starting is improved.
Description
Technical Field
The present disclosure relates to the field of computer technologies, but not limited to, and in particular, to a secure startup method, an embedded device, an electronic device, and a storage medium.
Background
Currently, embedded devices typically include only one authentication algorithm for secure booting, based on which the image at each stage of the booting process is authenticated. Along with the continuous advancement of cryptographic technology, different equipment manufacturers generally have different security requirements on signature technology, in addition, images at each stage in an embedded system are often provided by different suppliers, such as Bootloader is provided by a chip manufacturer, kernel and rootfs are provided by a terminal manufacturer, and each supplier also provides different security verification requirements for the protection of respective images, even directly provides signed images, so that the existing security starting scheme with only one verification algorithm cannot meet the multiple types of image verification requirements, and the security of equipment starting cannot be effectively ensured.
Disclosure of Invention
The embodiment of the application provides a safe starting method, an embedded device, an electronic device and a storage medium, which can support multiple mirror image verification requirements of the embedded device at different stages, so that the safety of starting the device is improved.
In a first aspect, an embodiment of the present application provides a secure booting method, applied to an embedded device, where the embedded device includes an EFUSE, where the EFUSE stores a root public key hash value, and the embedded device is at least preset with a first image, where the first image is corresponding to first authentication information, where the first authentication information includes an image key mapping table, a first encryption algorithm, a first hash algorithm, and first verification information, and the image key mapping table records key information corresponding to each image of the embedded device, where the method includes:
responding to a starting signal of the embedded equipment, when the first encryption algorithm is an asymmetric encryption algorithm, the first verification information is a first digital signature, a first signature public key corresponding to the first mirror image is extracted from the mirror image key mapping table, and the first hash algorithm is utilized to carry out hash operation on the first signature public key to obtain a first hash value;
when the first hash value is the same as the root public key hash value, performing signature verification operation on the first signature public key and the first verification information by using the first encryption algorithm to obtain a second hash value;
Carrying out hash operation on the first mirror image and first intermediate information by using the first hash algorithm to obtain a third hash value, wherein the first intermediate information is a part of the first authentication information except the first verification information;
and when the third hash value is the same as the second hash value, starting the first mirror image.
In some embodiments, when the first encryption algorithm is a message authentication code encryption algorithm, the first verification information is a first message authentication code, and after responding to the start signal of the embedded device, the method further comprises:
acquiring a message authentication code encryption key from the EFUSE, and acquiring a first message authentication code key ciphertext corresponding to the first mirror image from the mirror image key mapping table;
decrypting the first message authentication code key ciphertext according to the message authentication code encryption key to obtain a first message authentication code key plaintext;
obtaining a third message authentication code according to the first encryption algorithm, the first message authentication code key plaintext, the first intermediate information and the first mirror image;
and when the first verification information is the same as the third message authentication code, starting the first mirror image.
In some embodiments, the embedded device further includes a second image, the first image and the second image belong to a same image verification trust chain, the second image corresponds to second authentication information, the second authentication information includes a second encryption algorithm, a second hash algorithm, and second verification information, when the second encryption algorithm is an asymmetric encryption algorithm, the second verification information is a second digital signature, and after the first image is started, the method further includes:
extracting a second signature public key corresponding to the second mirror image from the mirror image key mapping table, and performing signature verification operation on the second signature public key and the second verification information by using the second encryption algorithm to obtain a fourth hash value;
performing hash operation on the second mirror image and second intermediate information by using the second hash algorithm to obtain a fifth hash value, wherein the second intermediate information is a part of the second authentication information except the second verification information;
and when the fourth hash value is the same as the fifth hash value, starting the second mirror image.
In some embodiments, when the second encryption algorithm is a message authentication code encryption algorithm, the second verification information is a second message authentication code, and after the first image is started, the method further comprises:
Obtaining a second message authentication code key ciphertext corresponding to the second mirror image from the mirror image key mapping table, decrypting the second message authentication code key ciphertext according to the message authentication code encryption key to obtain a second message authentication code key plaintext;
obtaining a fourth message authentication code according to the second encryption algorithm, the second message authentication code key plaintext, the second intermediate information and the second mirror image;
and when the fourth message authentication code is the same as the second verification information, starting the second mirror image.
In some embodiments, the mirror key map is obtained according to the steps of:
acquiring an asymmetric public key of the mirror image of the embedded equipment, and determining a first mirror image identifier corresponding to the asymmetric public key;
and writing the asymmetric public key into a storage space corresponding to the first mirror image identifier in the mirror image key mapping table according to the asymmetric public key.
In some embodiments, the mirror key map is obtained according to the steps of:
acquiring a message authentication code key ciphertext of the mirror image of the embedded equipment, and determining a second mirror image identifier corresponding to the message authentication code key ciphertext, wherein the message authentication code key ciphertext is obtained by encrypting the message authentication code key plaintext;
And writing the key ciphertext of the message authentication code into a storage space corresponding to the second mirror image identifier in the mirror image key mapping table according to the key ciphertext of the message authentication code.
In some embodiments, the first encryption algorithm comprises an asymmetric encryption algorithm, and the first digital signature in the first authentication information is obtained according to the steps of:
acquiring an asymmetric private key of the first mirror image and the first intermediate information;
and carrying out signature operation according to the asymmetric encryption algorithm, the first hash algorithm, the asymmetric private key, the first mirror image and the first intermediate information to obtain the first digital signature, and writing the first digital signature into the first authentication information. A step of
In a second aspect, an embodiment of the present application provides an embedded device, at least a first image is preset, the first image is corresponding to first authentication information, the first authentication information includes an image key mapping table, a first encryption algorithm, a first hash algorithm and first verification information, and the image key mapping table records key information corresponding to each image of the embedded device;
the embedded device further comprises:
one-time programmable memory EFUSE, store the root public key hash value;
The first data processing module is used for responding to the starting signal of the embedded equipment, when the first encryption algorithm is an asymmetric encryption algorithm, the first verification information is a first digital signature, a first signature public key corresponding to the first mirror image is extracted from the mirror image key mapping table, and the first hash algorithm is used for carrying out hash operation on the first signature public key to obtain a first hash value;
the second data processing module is used for performing signature verification operation on the first signature public key and the first digital signature by using the first encryption algorithm when the first hash value is the same as the root public key hash value to obtain a second hash value;
the third data processing module is used for carrying out hash operation on the first mirror image and first intermediate information by using the first hash algorithm to obtain a third hash value, wherein the first intermediate information is a part of the first authentication information except the first authentication information;
and the first safe starting module is used for starting the first mirror image when the third hash value is the same as the second hash value.
In a third aspect, embodiments of the present application provide an electronic device comprising at least one control processor and a memory for communicatively coupling with the at least one control processor; the memory stores instructions executable by the at least one control processor to enable the at least one control processor to perform the secure launch method according to the first aspect.
In a fourth aspect, embodiments of the present application further provide a computer-readable storage medium storing computer-executable instructions for performing the secure launch method according to the first aspect.
The embodiment of the application provides a secure start method, an embedded device, an electronic device and a storage medium, wherein the method comprises the following steps: responding to a starting signal of the embedded equipment, when the first encryption algorithm is an asymmetric encryption algorithm, extracting a first signature public key corresponding to the first mirror image from the mirror image key mapping table, and carrying out hash operation on the first signature public key by utilizing the first hash algorithm to obtain a first hash value; when the first hash value is the same as the root public key hash value, performing signature verification operation on the first signature public key and the first verification information by using the first encryption algorithm to obtain a second hash value; carrying out hash operation on the first mirror image and first intermediate information by using the first hash algorithm to obtain a third hash value, wherein the first intermediate information is a part of the first authentication information except the first verification information; and when the third hash value is the same as the second hash value, starting the first mirror image. According to the scheme provided by the embodiment of the application, each image of the application only corresponds to one authentication information, each image can support different verification algorithms, and compared with the scheme that all images in the device only support one verification algorithm, the scheme can support multiple image verification requirements of the embedded device at different stages, so that the safety of device starting is improved.
Drawings
FIG. 1 is a flow chart of the steps of a method for secure initiation of a first encryption algorithm as an asymmetric encryption algorithm provided in one embodiment of the present application;
FIG. 2 is a flowchart of the steps of a method for securely starting a first encryption algorithm, which is a message authentication code encryption algorithm, according to another embodiment of the present application;
FIG. 3 is a flowchart illustrating steps for starting a second image when the first encryption algorithm is an asymmetric encryption algorithm according to another embodiment of the present application;
FIG. 4 is a flowchart illustrating steps for starting a second image when the first encryption algorithm is a message authentication code encryption algorithm according to another embodiment of the present application;
FIG. 5 is a flowchart illustrating steps for obtaining a mirror key map according to another embodiment of the present application;
FIG. 6 is a flowchart illustrating steps for obtaining a mirror key map according to another embodiment of the present application;
FIG. 7 is a flowchart of the steps for obtaining a first digital signature in first authentication information according to another embodiment of the present application;
FIG. 8 is a schematic diagram of a mirror verification trust chain provided by another embodiment of the present application;
FIG. 9 is a block diagram of an embedded device according to another embodiment of the present application;
fig. 10 is a block diagram of an electronic device according to another embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application will be further described in detail with reference to the accompanying drawings and examples. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the present application.
It will be appreciated that although functional block diagrams are depicted in the device diagrams, logical sequences are shown in the flowchart, in some cases, the steps shown or described may be performed in a different order than the block diagrams in the device. The terms first, second and the like in the description, in the claims and in the above-described figures, are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order.
Currently, embedded devices typically include only one authentication algorithm for secure booting, based on which the image at each stage of the booting process is authenticated. Along with the continuous advancement of cryptographic technology, different equipment manufacturers generally have different security requirements on signature technology, in addition, images at each stage in an embedded system are often provided by different suppliers, such as Bootloader is provided by a chip manufacturer, kernel and rootfs are provided by a terminal manufacturer, and each supplier also provides different security verification requirements for the protection of respective images, even directly provides signed images, so that the existing security starting scheme with only one verification algorithm cannot meet the multiple types of image verification requirements, and the security of equipment starting cannot be effectively ensured.
In order to solve the above-mentioned problems, the embodiments of the present application provide a secure boot method, an embedded device, an electronic device, and a storage medium, where the method includes: responding to a starting signal of the embedded equipment, when the first encryption algorithm is an asymmetric encryption algorithm, extracting a first signature public key corresponding to the first mirror image from the mirror image key mapping table, and carrying out hash operation on the first signature public key by utilizing the first hash algorithm to obtain a first hash value; when the first hash value is the same as the root public key hash value, performing signature verification operation on the first signature public key and the first verification information by using the first encryption algorithm to obtain a second hash value; carrying out hash operation on the first mirror image and first intermediate information by using the first hash algorithm to obtain a third hash value, wherein the first intermediate information is a part of the first authentication information except the first verification information; and when the third hash value is the same as the second hash value, starting the first mirror image. According to the scheme provided by the embodiment of the application, each image of the application only corresponds to one authentication information, each image can support different verification algorithms, and compared with the scheme that all images in the device only support one verification algorithm, the scheme can support multiple image verification requirements of the embedded device at different stages, so that the safety of device starting is improved.
Embodiments of the present application are further described below with reference to the accompanying drawings.
Referring to fig. 1, an embodiment of the present application provides a secure booting method, where the method is applied to an embedded device, the embedded device includes an EFUSE, where the EFUSE stores a root public key hash value, the embedded device is preset with at least a first mirror image, the first mirror image is corresponding to first authentication information, the first authentication information includes a mirror image key mapping table, a first encryption algorithm, a first hash algorithm, and first verification information, and the mirror image key mapping table records key information corresponding to each mirror image of the embedded device, where the method includes, but is not limited to, the following steps:
step S110, responding to a starting signal of the embedded equipment, when the first encryption algorithm is an asymmetric encryption algorithm, the first verification information is a first digital signature, a first signature public key corresponding to a first mirror image is extracted from a mirror image key mapping table, and a first hash algorithm is utilized to carry out hash operation on the first signature public key to obtain a first hash value;
step S120, when the first hash value is the same as the root public key hash value, performing signature verification operation on the first signature public key and the first verification information by using a first encryption algorithm to obtain a second hash value;
Step S130, carrying out hash operation on the first mirror image and the first intermediate information by using a first hash algorithm to obtain a third hash value, wherein the first intermediate information is a part of the first authentication information except the first verification information;
in step S140, when the third hash value is the same as the second hash value, the first mirror is started.
In addition, in some embodiments, referring to fig. 2, when the first encryption algorithm is a message authentication code encryption algorithm, the first verification information is a first message authentication code, and after performing the step S110 in fig. 1 in response to the start signal of the embedded device, the secure start method of the present embodiment includes, but is not limited to, the following steps:
step S210, obtaining a message authentication code encryption key from EFUSE, and obtaining a first message authentication code key ciphertext corresponding to a first mirror image from a mirror image key mapping table;
step S220, decrypting the first message authentication code key ciphertext according to the message authentication code encryption key to obtain a first message authentication code key plaintext;
step S230, a third message authentication code is obtained according to the first encryption algorithm, the first message authentication code key plaintext, the first intermediate information and the first mirror image;
step S240, when the first verification information is the same as the third message authentication code, the first mirror image is started.
It should be noted that, since the EFUSE of the embedded device of the embodiment is used for saving key information, the embedded device of the embodiment supports security authentication in two modes of an asymmetric encryption algorithm and a message authentication code encryption algorithm, and the EFUSE stores a message authentication code symmetric encryption key plaintext for the message authentication code encryption algorithm and a root public key hash value for the asymmetric encryption algorithm.
It should be noted that, the key mapping table of this embodiment is used to record key information corresponding to each image of the embedded device, and specifically, the key mapping table includes id identifiers of each image and key information used for authenticating the image, which can provide an effective data base for performing a secure startup verification operation on the first image.
It should be noted that, the specific type of the asymmetric encryption algorithm supported by the embedded device is not limited in this embodiment, and may be an RSA algorithm, an ECC algorithm, an SM2 algorithm, or the like, and the specific type of the message authentication code encryption algorithm is not limited, and may be an HMAC encryption algorithm, a CMAC encryption algorithm, or an OMAC encryption algorithm, or the like.
It may be understood that the first encryption algorithm in the first authentication information corresponding to the first image in this embodiment includes an asymmetric encryption algorithm and a message authentication code encryption algorithm, that is, the image in the embedded device in this embodiment can support different verification algorithms, and when the asymmetric encryption algorithm is selected to perform start-up verification on the first image, the specific steps are as follows: responding to a starting signal of the embedded equipment, when the first encryption algorithm is an asymmetric encryption algorithm, extracting a first signature public key corresponding to the first mirror image from a mirror image key mapping table, and carrying out hash operation on the first signature public key by using a first hash algorithm to obtain a first hash value; when the first hash value is different from the root public key hash value, the first mirror image is started to fail; when the first hash value is the same as the root public key hash value, indicating that the public key value of the first mirror image in the mirror image key mapping table is reliable, then performing signature verification operation on the first signature public key and first verification information, namely the first digital signature, by using a first encryption algorithm to obtain a second hash value; and carrying out hash operation on the first mirror image and the first intermediate information, namely the first authentication information except the first digital signature and the first message authentication code, by using a first hash algorithm to obtain a third hash value, when the third hash value is the same as the second hash value, indicating that the secure start verification of the first mirror image is successful, indicating that the data corresponding to the first mirror image in the mirror image key mapping table is credible, starting the first mirror image, and when the third hash value is different from the second hash value, indicating that the data corresponding to the first mirror image in the mirror image key mapping table is not credible, and starting the first mirror image fails. When a message authentication code encryption algorithm is selected to start and check the first mirror image, the first verification information is a first message authentication code, and the specific steps are as follows: acquiring a message authentication code encryption key from the EFUSE, and acquiring a first message authentication code key ciphertext corresponding to a first mirror image from a mirror image key mapping table; decrypting the first message authentication code key ciphertext according to the message authentication code encryption key to obtain a first message authentication code key plaintext; obtaining a third message authentication code according to the first encryption algorithm, the first message authentication code key plaintext, the first intermediate information and the first mirror image; when the first verification information, namely the first message authentication code and the third message authentication code, are the same, the security starting verification for the first mirror image is successful, the data corresponding to the first mirror image in the mirror image key mapping table is credible, the first mirror image is started, and when the first verification information, namely the first message authentication code and the third message authentication code, are different, the data corresponding to the first mirror image in the mirror image key mapping table is not credible, and the first mirror image is started failure. Each mirror image of the method and the device only corresponds to one authentication information, the authentication information corresponding to different mirror images is only used for verifying the mirror image of the device and is not associated with the mirror images of other stages in the embedded device, each mirror image can support different verification algorithms, and compared with the scheme that all mirror images in the device only support one verification algorithm, the method and the device can support multiple mirror image verification requirements of the embedded device in different stages, so that the safety of starting the device is improved.
In addition, in some embodiments, the embedded device further includes a second image, where the first image and the second image belong to the same image verification trust chain, and the second image corresponds to second authentication information, where the second authentication information includes a second encryption algorithm, a second hash algorithm, and second verification information, and where the second encryption algorithm is an asymmetric encryption algorithm, and the second verification information is a second digital signature, referring to fig. 3, after executing step S140 shown in fig. 1, the secure boot method provided in the embodiment of the present application includes, but is not limited to, the following steps:
step S310, extracting a second signature public key corresponding to the second mirror image from the mirror image key mapping table, and performing signature verification operation on the second signature public key and second verification information by using a second encryption algorithm to obtain a fourth hash value;
step S320, carrying out hash operation on the second mirror image and the second intermediate information by using a second hash algorithm to obtain a fifth hash value, wherein the second intermediate information is a part of the second authentication information except the second authentication information;
in step S330, when the fourth hash value is the same as the fifth hash value, the second mirror is started.
In addition, referring to fig. 4, in some embodiments, when the second encryption algorithm is a message authentication code encryption algorithm and the second verification information is a second message authentication code, after performing step S140 shown in fig. 1, the secure boot method provided in the embodiments of the present application includes, but is not limited to, the following steps:
Step S410, obtaining a second message authentication code key ciphertext corresponding to the second mirror image from the mirror image key mapping table, and decrypting the second message authentication code key ciphertext according to the message authentication code encryption key to obtain a second message authentication code key plaintext;
step S420, a fourth message authentication code is obtained according to a second encryption algorithm, a second message authentication code key plaintext, second intermediate information and a second mirror image;
step S430, when the fourth message authentication code is the same as the second verification information, the second mirror image is started.
It should be noted that, referring to fig. 9, a first mirror image and a second mirror image … nth mirror image may be preset in the embedded device of this embodiment, this embodiment is illustrated in the case that two mirror images (i.e., the first mirror image and the second mirror image) are preset in the embedded device. Since the first image and the second image in this embodiment belong to the same image verification trust chain, the image verification trust chain needs to be verified step by step, and the next image can be verified after the previous image verification passes, as shown in fig. 9, the first image is an image of the previous stage of the second image, and with reference to the description of the above embodiment, the first image is started safely, which indicates that the first authentication information of the first image is already compared with the root public key hash value in the EFUSE, and the comparison is successful, which indicates that the first authentication information is trusted, then the data corresponding to the first image of the image key mapping table is also trusted, then the next image, namely, the second image, can be directly verified by using the trusted data, that is, only the first image is needed, that is, the first image is compared with the EFUSE, and the images of other stages in the embedded device do not need to be compared with the EFUSE, so that the verification step in the process of starting the EFUSE can be reduced, the efficiency of safe starting can be further improved, in addition, the storage space capacity of the EFUSE can be increased, the storage algorithm of the EFUSE can not be realized, and the related information can be embedded into the EFUSE based on the embodiment, and the information can not be embedded into the information because of the use of the corresponding data, and the information can be saved.
It can be understood that, referring to fig. 9, the second encryption algorithm in the second authentication information corresponding to the second mirror image in the present embodiment includes an asymmetric encryption algorithm and a message authentication code encryption algorithm, and the asymmetric encryption algorithm, the hash algorithm and the message authentication code encryption algorithm in the authentication information corresponding to each mirror image in the embedded device may be freely selected or dynamically combined when in use, so long as the security strength is noted. When the asymmetric encryption algorithm is selected to start and check the second mirror image, the specific steps are as follows: performing signature verification operation on the second signature public key and second verification information, namely the second digital signature, by using a second encryption algorithm to obtain a fourth hash value; carrying out hash operation on the second mirror image and second intermediate information, namely a part of the second authentication information except the second authentication information, by using a second hash algorithm to obtain a fifth hash value; when the fourth hash value is the same as the fifth hash value, the data corresponding to the second image in the image key mapping table is trusted, the second image is started, and when the fourth hash value is different from the fifth hash value, the second image is started to fail. When the message authentication code encryption algorithm is selected to start and check the second mirror image, the specific steps are as follows: obtaining a second message authentication code key ciphertext corresponding to the second mirror image from the mirror image key mapping table, and decrypting the second message authentication code key ciphertext according to the message authentication code encryption key to obtain a second message authentication code key plaintext; obtaining a fourth message authentication code according to the second encryption algorithm, the second message authentication code key plaintext, the second intermediate information and the second mirror image; when the fourth message authentication code is identical to the second verification information, namely the second message authentication code, verification is successful, the data corresponding to the second mirror image in the mirror image key mapping table is indicated to be credible, and the second mirror image is started; however, when the fourth message authentication code and the second message authentication code are different, the second mirror fails to be started.
Additionally, in some embodiments, referring to FIG. 5, the step of obtaining the mirror key map includes, but is not limited to, the steps of:
step S510, an asymmetric public key of the mirror image of the embedded equipment is obtained, and a first mirror image identification corresponding to the asymmetric public key is determined;
step S520, according to the asymmetric public key written into the storage space corresponding to the first mirror image identification in the mirror image key mapping table.
Additionally, in some embodiments, referring to FIG. 6, the step of obtaining the mirror key map includes, but is not limited to, the steps of:
step S610, obtaining a message authentication code key ciphertext of a mirror image of the embedded device, and determining a second mirror image identifier corresponding to the message authentication code key ciphertext, wherein the message authentication code key ciphertext is obtained by encrypting a message authentication code key plaintext;
step S620, according to the information authentication code key ciphertext is written into a storage space corresponding to the second mirror image identifier in the mirror image key mapping table.
It can be understood that the mirror image key mapping table records the mirror image identifier of each mirror image, and because the mirror images in the embedded device of the embodiment can support different verification algorithms, under the condition of selecting an asymmetric encryption algorithm, each mirror image provider provides an asymmetric public key to a terminal manufacturer, and the terminal manufacturer writes the public key corresponding to the nth mirror image into a storage space corresponding to the first mirror image identifier corresponding to the nth mirror image in the mirror image key mapping table; under the condition that a message authentication code encryption algorithm is selected, each mirror image provider provides a message authentication code key plaintext corresponding to an Nth mirror image for a terminal manufacturer, the terminal manufacturer encrypts the message authentication code key plaintext to obtain a message authentication code key ciphertext, and writes the message authentication code key ciphertext into a storage space corresponding to a second mirror image identifier corresponding to the Nth mirror image of a mirror image key mapping table, so that an effective data basis can be provided for carrying out subsequent security starting verification on each mirror image of the embedded equipment.
Additionally, in some embodiments, the first encryption algorithm comprises an asymmetric encryption algorithm, and referring to fig. 7, the step of obtaining the first digital signature in the first authentication information comprises, but is not limited to, the steps of:
step S710, acquiring an asymmetric private key of a first mirror image and first intermediate information;
step S720, signature operation is carried out according to the asymmetric encryption algorithm, the first hash algorithm, the asymmetric private key, the first mirror image and the first intermediate information, a first digital signature is obtained, and the first digital signature is written into the first authentication information.
It can be understood that the step of acquiring the first digital signature in the first authentication information in this embodiment is as follows: the asymmetric private key and the first intermediate information of the first mirror image are obtained, and referring to the description of the above embodiment, the first intermediate information is a part of the first authentication information except the first verification information, that is, a part of the first digital signature or the first message authentication code is removed, and the first digital signature is not generated by the first authentication information under the current condition, so that the current first intermediate information is a mirror image key mapping table, an asymmetric encryption algorithm, a hash algorithm and a message authentication code encryption algorithm, signature operation is performed according to the asymmetric encryption algorithm, the first hash algorithm, the asymmetric private key, the first mirror image and the first intermediate information, so that the first digital signature is obtained, and the first digital signature is written into the first authentication information, thereby providing an effective data base for subsequent secure startup verification of each mirror image of the embedded device.
In addition, referring to fig. 8, the present embodiment further provides an embedded device 800, at least a first mirror 810 is preset, the first mirror corresponds to first authentication information, the first authentication information includes a mirror key mapping table, a first encryption algorithm, a first hash algorithm, and first verification information, and the mirror key mapping table records key information corresponding to each mirror of the embedded device;
the embedded device 800 further comprises:
one-time programmable memory EFUSE820, storing root public key hash values;
the first data processing module 830 is configured to respond to a start signal of the embedded device, when the first encryption algorithm is an asymmetric encryption algorithm, the first verification information is a first digital signature, extract a first signature public key corresponding to the first mirror image from the mirror image key mapping table, and perform a hash operation on the first signature public key by using a first hash algorithm to obtain a first hash value;
the second data processing module 840 is configured to perform a signature verification operation on the first signature public key and the first digital signature by using the first encryption algorithm when the first hash value is the same as the root public key hash value, so as to obtain a second hash value;
the third data processing module 850 performs a hash operation on the first mirror image and the first intermediate information by using a first hash algorithm to obtain a third hash value, where the first intermediate information is a portion of the first authentication information except for the first verification information;
The first secure boot module 860 is configured to boot the first image when the third hash value is the same as the second hash value.
It should be noted that, the specific implementation manner of the embedded device 800 of the present embodiment is substantially the same as the specific embodiment and the principle of the secure boot method of the embodiment shown in fig. 1 and is not described herein again.
As shown in fig. 9, fig. 9 is a structural diagram of an electronic device provided in an embodiment of the present application. The present invention also provides an electronic device 900 comprising:
the processor 910 may be implemented by a general purpose central processing unit (Central Processing Unit, CPU), a microprocessor, an application specific integrated circuit (Application Specific Integrated Circuit, ASIC), or one or more integrated circuits, etc. for executing related programs to implement the technical solutions provided in the embodiments of the present application;
the Memory 920 may be implemented in the form of a Read Only Memory (ROM), a static storage device, a dynamic storage device, or a random access Memory (Random Access Memory, RAM). The memory 920 may store an operating system and other application programs, and when the technical solution provided in the embodiments of the present disclosure is implemented by software or firmware, relevant program codes are stored in the memory 920 and the processor 910 invokes the execution of the secure boot method of the embodiments of the present disclosure, for example, the execution of the method steps S110 to S140 in fig. 1, the method steps S210 to S240 in fig. 2, the method steps S310 to S330 in fig. 3, the method steps S410 to S430 in fig. 4, the method steps S510 to S520 in fig. 5, the method steps S610 to S620 in fig. 6, and the method steps S710 to S730 in fig. 7 described above;
An input/output interface 930 for inputting and outputting information;
the communication interface 940 is configured to implement communication interaction between the device and other devices, and may implement communication in a wired manner (e.g., USB, network cable, etc.), or may implement communication in a wireless manner (e.g., mobile network, WIFI, bluetooth, etc.);
a bus 950 for transferring information between components of the device (e.g., processor 910, memory 920, input/output interface 930, and communication interface 940);
wherein processor 910, memory 920, input/output interface 930, and communication interface 940 implement communication connections among each other within the device via a bus 950.
The present embodiment also provides a storage medium, which is a computer-readable storage medium storing a computer program that when executed by a processor implements the above-described secure booting method, for example, performs the above-described method steps S110 to S140 in fig. 1, the method steps S210 to S240 in fig. 2, the method steps S310 to S330 in fig. 3, the method steps S410 to S430 in fig. 4, the method steps S510 to S520 in fig. 5, the method steps S610 to S620 in fig. 6, and the method steps S710 to S730 in fig. 7.
The memory, as a non-transitory computer readable storage medium, may be used to store non-transitory software programs as well as non-transitory computer executable programs. In addition, the memory may include high-speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, the memory optionally includes memory remotely located relative to the processor, the remote memory being connectable to the processor through a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof. The apparatus embodiments described above are merely illustrative, in which the elements illustrated as separate components may or may not be physically separate, implemented to reside in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
Those of ordinary skill in the art will appreciate that all or some of the steps, systems, and methods disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof. Some or all of the physical components may be implemented as software executed by a processor, such as a central processing unit, digital signal processor, or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). The term computer storage media includes both volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data, as known to those skilled in the art. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by a computer. Furthermore, as is well known to those of ordinary skill in the art, communication media typically include computer readable instructions, data structures, program modules, or other data in a modulated data signal, such as a carrier wave or other transport mechanism, and may include any information delivery media.
While the preferred embodiment of the present invention has been described in detail, the present invention is not limited to the above embodiments, and those skilled in the art can make various equivalent modifications or substitutions without departing from the spirit and scope of the present invention, and these equivalent modifications or substitutions are included in the scope of the present invention as defined in the appended claims.
Claims (10)
1. A secure boot method, applied to an embedded device, where the embedded device includes an EFUSE, where the EFUSE stores a root public key hash value, and the embedded device is preset with at least a first mirror image, where the first mirror image corresponds to first authentication information, where the first authentication information includes a mirror image key mapping table, a first encryption algorithm, a first hash algorithm, and first verification information, and the mirror image key mapping table records key information corresponding to each mirror image of the embedded device, where the method includes:
responding to a starting signal of the embedded equipment, when the first encryption algorithm is an asymmetric encryption algorithm, the first verification information is a first digital signature, a first signature public key corresponding to the first mirror image is extracted from the mirror image key mapping table, and the first hash algorithm is utilized to carry out hash operation on the first signature public key to obtain a first hash value;
When the first hash value is the same as the root public key hash value, performing signature verification operation on the first signature public key and the first verification information by using the first encryption algorithm to obtain a second hash value;
carrying out hash operation on the first mirror image and first intermediate information by using the first hash algorithm to obtain a third hash value, wherein the first intermediate information is a part of the first authentication information except the first verification information;
and when the third hash value is the same as the second hash value, starting the first mirror image.
2. The secure boot method of claim 1, wherein when the first encryption algorithm is a message authentication code encryption algorithm, the first verification information is a first message authentication code, the method further comprising, after responding to the boot signal of the embedded device:
acquiring a message authentication code encryption key from the EFUSE, and acquiring a first message authentication code key ciphertext corresponding to the first mirror image from the mirror image key mapping table;
decrypting the first message authentication code key ciphertext according to the message authentication code encryption key to obtain a first message authentication code key plaintext;
Obtaining a third message authentication code according to the first encryption algorithm, the first message authentication code key plaintext, the first intermediate information and the first mirror image;
and when the first verification information is the same as the third message authentication code, starting the first mirror image.
3. The secure launch method according to claim 2, wherein said embedded device further comprises a second image, said first image and said second image belonging to the same image verification trust chain, said second image being associated with second authentication information, said second authentication information comprising a second encryption algorithm, a second hash algorithm and second verification information, said second verification information being a second digital signature when said second encryption algorithm is an asymmetric encryption algorithm, said method further comprising, after launching said first image:
extracting a second signature public key corresponding to the second mirror image from the mirror image key mapping table, and performing signature verification operation on the second signature public key and the second verification information by using the second encryption algorithm to obtain a fourth hash value;
performing hash operation on the second mirror image and second intermediate information by using the second hash algorithm to obtain a fifth hash value, wherein the second intermediate information is a part of the second authentication information except the second verification information;
And when the fourth hash value is the same as the fifth hash value, starting the second mirror image.
4. A secure boot method according to claim 3, wherein when the second encryption algorithm is a message authentication code encryption algorithm, the second verification information is a second message authentication code, the method further comprising, after booting the first image:
obtaining a second message authentication code key ciphertext corresponding to the second mirror image from the mirror image key mapping table, decrypting the second message authentication code key ciphertext according to the message authentication code encryption key to obtain a second message authentication code key plaintext;
obtaining a fourth message authentication code according to the second encryption algorithm, the second message authentication code key plaintext, the second intermediate information and the second mirror image;
and when the fourth message authentication code is the same as the second verification information, starting the second mirror image.
5. The secure boot method of claim 1, wherein the mirror key mapping table is obtained according to the steps of:
acquiring an asymmetric public key of the mirror image of the embedded equipment, and determining a first mirror image identifier corresponding to the asymmetric public key;
And writing the asymmetric public key into a storage space corresponding to the first mirror image identifier in the mirror image key mapping table according to the asymmetric public key.
6. The secure boot method of claim 1, wherein the mirror key mapping table is obtained according to the steps of:
acquiring a message authentication code key ciphertext of the mirror image of the embedded equipment, and determining a second mirror image identifier corresponding to the message authentication code key ciphertext, wherein the message authentication code key ciphertext is obtained by encrypting the message authentication code key plaintext;
and writing the key ciphertext of the message authentication code into a storage space corresponding to the second mirror image identifier in the mirror image key mapping table according to the key ciphertext of the message authentication code.
7. The secure boot method of claim 1, wherein the first encryption algorithm comprises an asymmetric encryption algorithm, and the first digital signature in the first authentication information is obtained according to the steps of:
acquiring an asymmetric private key of the first mirror image and the first intermediate information;
and carrying out signature operation according to the asymmetric encryption algorithm, the first hash algorithm, the asymmetric private key, the first mirror image and the first intermediate information to obtain the first digital signature, and writing the first digital signature into the first authentication information.
8. An embedded device, characterized by:
at least a first mirror image is preset, the first mirror image is correspondingly provided with first authentication information, the first authentication information comprises a mirror image key mapping table, a first encryption algorithm, a first hash algorithm and first verification information, and the mirror image key mapping table records key information corresponding to each mirror image of the embedded equipment;
the embedded device further comprises:
one-time programmable memory EFUSE, store the root public key hash value;
the first data processing module is used for responding to the starting signal of the embedded equipment, when the first encryption algorithm is an asymmetric encryption algorithm, the first verification information is a first digital signature, a first signature public key corresponding to the first mirror image is extracted from the mirror image key mapping table, and the first hash algorithm is used for carrying out hash operation on the first signature public key to obtain a first hash value;
the second data processing module is used for performing signature verification operation on the first signature public key and the first digital signature by using the first encryption algorithm when the first hash value is the same as the root public key hash value to obtain a second hash value;
The third data processing module is used for carrying out hash operation on the first mirror image and first intermediate information by using the first hash algorithm to obtain a third hash value, wherein the first intermediate information is a part of the first authentication information except the first authentication information;
and the first safe starting module is used for starting the first mirror image when the third hash value is the same as the second hash value.
9. An electronic device comprising at least one control processor and a memory for communication connection with the at least one control processor; the memory stores instructions executable by the at least one control processor to enable the at least one control processor to perform the secure launch method of any one of claims 1 to 7.
10. A computer-readable storage medium storing computer-executable instructions for causing a computer to perform the secure boot method of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311394936.2A CN117521073A (en) | 2023-10-25 | 2023-10-25 | Secure boot method, embedded device, electronic device, and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311394936.2A CN117521073A (en) | 2023-10-25 | 2023-10-25 | Secure boot method, embedded device, electronic device, and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117521073A true CN117521073A (en) | 2024-02-06 |
Family
ID=89748597
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311394936.2A Pending CN117521073A (en) | 2023-10-25 | 2023-10-25 | Secure boot method, embedded device, electronic device, and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117521073A (en) |
-
2023
- 2023-10-25 CN CN202311394936.2A patent/CN117521073A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11258792B2 (en) | Method, device, system for authenticating an accessing terminal by server, server and computer readable storage medium | |
| KR101393307B1 (en) | Secure boot method and semiconductor memory system for using the method | |
| CN109714303B (en) | BIOS starting method and data processing method | |
| CN106899566B (en) | Authentication method, authentication equipment and authentication client | |
| US9621549B2 (en) | Integrated circuit for determining whether data stored in external nonvolative memory is valid | |
| US9904806B2 (en) | Hardware security module, method of updating integrity check value stored in hardware security module, and method of updating program stored in terminal by using hardware security module | |
| CN108898005B (en) | Hard disk identification method, system, equipment and computer readable storage medium | |
| CN111666564B (en) | Application program safe starting method and device, computer equipment and storage medium | |
| US20120303954A1 (en) | Managing method, device and terminal for application program | |
| CN110334531B (en) | Virtual machine key management method, master node, system, storage medium and device | |
| CN107124279B (en) | Method and device for erasing terminal data | |
| CN112632573B (en) | Intelligent contract execution method, device, system, storage medium and electronic equipment | |
| CN112148314B (en) | Mirror image verification method, device and equipment of embedded system and storage medium | |
| CN111258756A (en) | Load balancing method and device, computer equipment and readable storage medium | |
| CN111177709A (en) | Execution method and device of terminal trusted component and computer equipment | |
| CN112866987B (en) | Networking verification method, networking verification device and computer readable storage medium | |
| CN111523124B (en) | Cloud sound box firmware protection method and system | |
| CN115879111A (en) | Method, device and system for safe starting | |
| CN117610008A (en) | Firmware processing method, device and equipment | |
| CN106372523B (en) | Modem file security protection method and system | |
| EP3926992A1 (en) | Electronic device, and authentication method in electronic device | |
| CN111400771A (en) | Target partition checking method and device, storage medium and computer equipment | |
| US20230103698A1 (en) | Information processing apparatus and control method therefor | |
| CN117521073A (en) | Secure boot method, embedded device, electronic device, and storage medium | |
| CN108228219B (en) | Method and device for verifying BIOS validity during in-band refreshing of BIOS |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |