CN117874784A - Vehicle encryption system and method - Google Patents

Abstract

The application provides a vehicle encryption system and method. The vehicle encryption system comprises a working upper computer and a vehicle microprocessor. The method comprises the steps of respectively generating a plurality of first encryption information corresponding to an encryption task and a plurality of second encryption information corresponding to the encryption task based on the obtained target encryption information of each encryption task by a working upper computer, obtaining the target encryption information corresponding to the encryption task at least based on the downloaded first encryption information of each encryption task and the downloaded second encryption information of each encryption task by a preprocessing module of a vehicle microprocessor, and storing the target encryption information of each encryption task into a secret key management module. The safety authentication mechanism is ensured to be established in the vehicle microprocessor, and the running safety of the vehicle microprocessor is ensured.

Description

Vehicle encryption system and method

Technical Field

The application relates to the technical field of vehicle safety, in particular to a vehicle encryption system and method.

Background

With the further release of information security policies, the requirements on vehicle information security are also becoming more and more stringent, and related requirements are increasing. The safe starting of a vehicle microprocessor (Microcontroller Unit, MCU for short) is an important part of the information safety link. Secure boot (english full name secure boot) ensures that the software being booted is trusted, secure, and not tampered.

At present, a part of vehicle-mounted MCU utilizes a built-in hardware security module (English full name hardware security module, HSM module for short) to realize the management of security keys.

However, some MCUs cannot realize the security management requirement through the HSM module.

Accordingly, the present application provides a vehicle encryption method to solve the above technical problems.

Disclosure of Invention

It is an object of the present application to provide a vehicle encryption system and method that solves at least one of the above mentioned technical problems. The specific scheme is as follows:

according to a first aspect of a specific embodiment of the present application, the present application provides a vehicle encryption system, comprising:

the work upper computer is configured to generate a plurality of first encryption information corresponding to the encryption task and a plurality of second encryption information corresponding to the encryption task based on the obtained target encryption information of each of the plurality of encryption tasks, wherein the plurality of first encryption information of each encryption task is obtained by encrypting at least the corresponding target encryption information applied to a plurality of first algorithms, and the plurality of second encryption information of each encryption task is obtained by encrypting the corresponding target encryption information applied to a plurality of second algorithms;

the vehicle microprocessor includes a preprocessing module and a key management module, the preprocessing module is configured to: and obtaining target encryption information of the corresponding encryption task at least based on the downloaded first encryption information of each encryption task and the downloaded second encryption information of the corresponding encryption task, and storing the target encryption information of each encryption task into the key management module.

Optionally, the preprocessing module is configured to obtain target encryption information of a corresponding encryption task based on at least the downloaded first encryption information of each encryption task and the downloaded second encryption information of the corresponding encryption task, and store the target encryption information of each encryption task in the key management module, including:

decrypting the acquired multiple pieces of first encryption information of each encryption task through the multiple pieces of first algorithms to at least acquire the waiting encryption information of the corresponding encryption task;

encrypting the waiting encryption information of each encryption task through a plurality of second algorithms to obtain a plurality of third encryption information of the corresponding encryption task;

and when the plurality of third encryption information of each encryption task and the plurality of second encryption information of the corresponding encryption task meet the same preset conditions, respectively storing the plurality of waiting encryption information as target encryption information into the key management module.

Optionally, the preprocessing module is further configured to: and uploading the successful information when the plurality of third encryption information of each encryption task and the plurality of second encryption information of the corresponding encryption task meet the same preset conditions.

Optionally, the preprocessing module is further configured to: and after the plurality of waiting encryption information are respectively stored into the key management module as target encryption information, setting a starting identifier in the key management module.

Optionally, the preprocessing module is further configured to: when the third encryption information of any encryption task and the second encryption information corresponding to any encryption task do not meet the same preset condition, uploading loading failure information, and triggering the upper computer to download the first encryption information of each encryption task and the second encryption information of the corresponding encryption task again.

Optionally, the plurality of encryption tasks includes: a master entitlement task, a bootloader authentication task, and an application entitlement task;

the plurality of target encryption information includes: an authorization key applied to the master entitlement task, a bootloader key applied to the bootloader entitlement task, a first message authentication code of a bootloader applied to the bootloader authentication task, and an application key applied to the application entitlement task.

Optionally, the work upper computer is further configured to: generating a second message authentication code of the application program based on the acquired application program key and the application program file;

the vehicle microprocessor further includes a flash memory, and the vehicle microprocessor is further configured to save the downloaded second message authentication code to the flash memory.

Optionally, the working upper computer is configured to generate, based on the obtained target encryption information of each of the plurality of encryption tasks, a plurality of first encryption information corresponding to the encryption task and a plurality of second encryption information corresponding to the encryption task, respectively, and at least includes:

acquiring a boot loader file;

the first message authentication code is generated based on the bootloader key and the bootloader file.

Optionally, the system further comprises a production upper computer;

the production upper computer is respectively in communication connection with the work upper computer and the preprocessing module and is configured to download the first encryption information of each encryption task and the second encryption information of the corresponding encryption task downloaded by the work upper computer to the preprocessing module.

According to a second aspect of the specific embodiment of the present application, the present application provides a vehicle encryption method, including:

in the execution process of the trust root, a bootloader secret key applied to a bootloader authority task and stored in a secret key management module is obtained;

applying the bootloader secret key to a preset first encryption algorithm to obtain a first algorithm result;

when the first algorithm result is determined to meet a preset first trusted condition, starting a boot loader;

in the execution process of the boot loader, an application program key applied to an application program authority task stored in the key management module is obtained;

applying the application key to a preset second encryption algorithm to obtain a second algorithm result;

and starting an application program when the second algorithm result is determined to meet a preset second credible condition.

Optionally, when it is determined that the first algorithm result meets a preset first trusted condition, starting a bootloader, including:

when the second algorithm result is determined to meet a preset second trusted condition, acquiring a first message authentication code and a bootloader of the bootloader, which are applied to a bootloader authentication task and are stored in the key management module;

applying the boot loader to a preset third encryption algorithm to obtain a third message authentication code;

and starting a bootloader when the third message authentication code is equal to the first message authentication code.

Optionally, when the second algorithm result is determined to meet a preset second trusted condition, starting an application program, including:

when the second algorithm result is determined to meet a preset second trusted condition, acquiring a second message authentication code and an application program of the application program stored in the flash memory;

applying the application program to a preset fourth encryption algorithm to obtain a fourth message authentication code;

and starting an application program when the fourth message authentication code is equal to the second message authentication code.

Optionally, the method further comprises:

responding to an update request or a deletion request downloaded by an upper computer, and acquiring an authorization key applied to the master authority task, which is stored in a key management module;

applying the authorization key to a preset fifth encryption algorithm to obtain a third algorithm result;

and when the third algorithm result meets a preset third trusted condition, authorizing the upper computer to update or delete the target encryption information in the key management module.

Compared with the prior art, the scheme provided by the embodiment of the application has at least the following beneficial effects:

the application provides a vehicle encryption system and method. The vehicle encryption system comprises a working upper computer and a vehicle microprocessor. The method comprises the steps of respectively generating a plurality of first encryption information corresponding to an encryption task and a plurality of second encryption information corresponding to the encryption task based on the obtained target encryption information of each encryption task by a working upper computer, obtaining the target encryption information corresponding to the encryption task at least based on the downloaded first encryption information of each encryption task and the downloaded second encryption information of each encryption task by a preprocessing module of a vehicle microprocessor, and storing the target encryption information of each encryption task into a secret key management module. The safety authentication mechanism is ensured to be established in the vehicle microprocessor, and the running safety of the vehicle microprocessor is ensured.

Drawings

FIG. 1 illustrates a schematic diagram of a vehicle encryption system according to an embodiment of the present application;

FIG. 2 illustrates an application launch process schematic of a vehicle microprocessor according to an embodiment of the present application;

FIG. 3 illustrates another schematic diagram of a vehicle encryption system according to an embodiment of the present application;

fig. 4 shows a flowchart of a vehicle encryption method according to an embodiment of the present application.

Detailed Description

For the purposes of making the objects, technical solutions and advantages of the present application more apparent, the present application will be described in further detail below with reference to the accompanying drawings, wherein it is apparent that the described embodiments are only some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present disclosure.

The terminology used in the embodiments of the application is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in the examples and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise, the "plurality" generally includes at least two.

It should be understood that the term "and/or" as used herein is merely one relationship describing the association of the associated objects, meaning that there may be three relationships, e.g., a and/or B, may represent: a exists alone, A and B exist together, and B exists alone. In addition, the character "/" herein generally indicates that the front and rear associated objects are an "or" relationship.

It should be understood that although the terms first, second, third, etc. may be used in embodiments of the present application to describe, these descriptions should not be limited to these terms. These terms are only used to distinguish one from another. For example, a first may also be referred to as a second, and similarly, a second may also be referred to as a first, without departing from the scope of embodiments of the present application.

The words "if", as used herein, may be interpreted as "at … …" or "at … …" or "in response to a determination" or "in response to a detection", depending on the context. Similarly, the phrase "if determined" or "if detected (stated condition or event)" may be interpreted as "when determined" or "in response to determination" or "when detected (stated condition or event)" or "in response to detection (stated condition or event), depending on the context.

It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a product or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such product or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a commodity or device comprising such element.

In particular, the symbols and/or numerals present in the description, if not marked in the description of the figures, are not numbered.

Alternative embodiments of the present application are described in detail below with reference to the accompanying drawings.

Embodiments provided herein, namely embodiments of a vehicle encryption system.

An embodiment of the present application is described in detail below with reference to fig. 1.

The embodiment of the application provides a vehicle encryption system, which comprises a working upper computer and a vehicle microprocessor.

In the embodiment of the application, the vehicle microprocessor without the HSM module is used for establishing a safety authentication mode similar to that of the HSM module in the vehicle microprocessor through the working upper computer. The target encryption information of each of a plurality of encryption tasks required for security authentication is stored in a key management module of a vehicle microprocessor through a working upper computer. When the vehicle microprocessor is started, the information of each stage in the vehicle microprocessor is safely authenticated through the target encryption information of each of a plurality of encryption tasks in the key management module, so that the running safety of the vehicle microprocessor is ensured.

The work upper computer is configured to generate a plurality of first encryption information corresponding to the encryption task and a plurality of second encryption information corresponding to the encryption task respectively based on the acquired target encryption information of each of the plurality of encryption tasks.

In some embodiments, the plurality of encryption tasks includes: master entitlement tasks, bootloader authentication tasks, and application entitlement tasks. The plurality of target encryption information includes: an authorization key applied to the master entitlement task, a bootloader key applied to the bootloader entitlement task, a first message authentication code of a bootloader applied to the bootloader authentication task, and an application key applied to the application entitlement task.

When the target encryption information of each of the plurality of encryption tasks stored in the key management module needs to be deleted or updated, the master authority task is executed, the authorization key is applied to the authorization decryption algorithm, and whether the executor has the execution authority is determined. When the authorization key is matched with the authorization decryption algorithm, determining that the executor has the execution authority; when the authorization key does not match the authorization decryption algorithm, it is determined that the actor does not have the execution authority.

Message authentication code (english acronym Message Authentication Code, abbreviated as MAC) is a small piece of information generated after a specific algorithm, checking the integrity of a certain piece of message, and performing identity verification. It can be used to check whether its content has been altered during the message delivery process, whether the cause of the alteration is from an accidental or deliberate attack. Meanwhile, the method can be used as identity verification of the message source to confirm the source of the message.

As shown in fig. 2, the start-up procedure of the vehicle microprocessor includes the steps of: the first step, trust root starting after power-on; and the second step, the boot loader is started, and the third step, the boot loader starts the application program.

In the vehicle encryption system, before the boot loader in the second step is started, the boot loader authority task is executed, the boot loader key is firstly applied to the loading decryption algorithm, and whether the executor has the boot loader starting authority is determined. When the boot loader key is matched with the loading decryption algorithm, determining that the executor has the starting authority of the boot loader; when the bootloader key does not match the load decryption algorithm, it is determined that the executor does not have the boot permission of the bootloader. Before the boot loader is started, the boot loader authentication task can be executed, and the integrity of the boot loader can be verified through the first message authentication code and the symmetric key packet encryption algorithm of the boot loader stored in the key management module, so that the boot loader is ensured not to be tampered. For example, the symmetric key block encryption algorithm is the AES-128 encryption algorithm.

Before the third step of application program starting, executing the application program authority task, firstly applying the application program key to the application decryption algorithm, and determining whether the executor has the starting authority of the application program. When the application key is matched with the application decryption algorithm, determining that the executor has the starting authority of the application; when the application key does not match the application decryption algorithm, it is determined that the executor does not have the startup authority of the application. Before the application program is started, an application program authentication task can be executed, and the integrity of the application program is verified through a second message authentication code and a symmetric key packet encryption algorithm of the application program stored in the flash memory, so that the application program is ensured not to be tampered. For example, the symmetric key block encryption algorithm is the AES-128 encryption algorithm.

The plurality of first encryption information of each encryption task is obtained by at least encrypting the corresponding target encryption information by applying the corresponding target encryption information to a plurality of first algorithms, and the plurality of second encryption information of each encryption task is obtained by encrypting the corresponding target encryption information by applying the corresponding target encryption information to a plurality of second algorithms.

For example, the plurality of first algorithms for each encryption task includes: an M1 algorithm, an M2 algorithm and an M3 algorithm; the plurality of second algorithms for each encryption task includes an M4 algorithm and an M5 algorithm; the target encryption information of each encryption task generates a plurality of first encryption information of an M1-M3 algorithm; the target encryption information of each encryption task generates a plurality of second encryption information of an M4-M5 algorithm; since the M1-M5 algorithm is irreversible, the security of the encryption algorithm is ensured.

The vehicle microprocessor includes a preprocessing module and a key management module, the preprocessing module is configured to: and obtaining target encryption information of the corresponding encryption task at least based on the downloaded first encryption information of each encryption task and the downloaded second encryption information of the corresponding encryption task, and storing the target encryption information of each encryption task into the key management module.

In the embodiment of the application, the preprocessing module in the vehicle microprocessor can communicate with an upper computer for downloading information and is simultaneously in communication connection with the key management module. And the preprocessing module stores the decrypted target encryption information of each encryption task into the key management module.

The key management module refers to an area which cannot be accessed in the special EEPROM. The security of a plurality of target encryption information stored by the key management module is improved.

In some specific embodiments, the preprocessing module is configured to obtain the target encryption information of the corresponding encryption task based on at least the downloaded first encryption information of each encryption task and the downloaded second encryption information of the corresponding encryption task, and store the target encryption information of each encryption task in the key management module, including: decrypting the acquired multiple pieces of first encryption information of each encryption task through the multiple pieces of first algorithms to at least acquire the waiting encryption information of the corresponding encryption task; encrypting the waiting encryption information of each encryption task through a plurality of second algorithms to obtain a plurality of third encryption information of the corresponding encryption task; and when the plurality of third encryption information of each encryption task and the plurality of second encryption information of the corresponding encryption task meet the same preset conditions, respectively storing the plurality of waiting encryption information as target encryption information into the key management module.

In order to prevent damage to the target encrypted information before storing the target encrypted information, the information decrypted by the present embodiment is used as the waiting encrypted information. And verifying the reliability of the waiting encryption information, and storing the waiting encryption information as target encryption information under the condition of ensuring the reliability of the waiting encryption information, thereby ensuring the safety and the reliability of the target encryption information stored in the key management module.

For example, decrypting the plurality of first encryption information of each encryption task through the M1, M2 and M3 algorithms to at least obtain the waiting encryption information of the corresponding encryption task; encrypting the waiting encryption information of each encryption task through M4 and M5 algorithms to obtain a plurality of third encryption information of the corresponding encryption task; corresponding to each encryption task, when the third encryption information obtained by the M4 algorithm is the same as the second encryption information obtained by the M4 algorithm and the third encryption information obtained by the M5 algorithm is the same as the second encryption information obtained by the M5 algorithm, determining the waiting encryption information of the corresponding encryption task as target encryption information, and storing the target encryption information in the key management module.

In some specific embodiments, the preprocessing module is further configured to: and uploading the successful information when the plurality of third encryption information of each encryption task and the plurality of second encryption information of the corresponding encryption task meet the same preset conditions.

In this embodiment, when the same preset condition is satisfied, the downloaded upper computer is notified of successful loading.

In some specific embodiments, the preprocessing module is further configured to: and after the plurality of waiting encryption information are respectively stored into the key management module as target encryption information, setting a starting identifier in the key management module.

In this embodiment, after the target encryption information is stored in the key management module, a start identifier is set in the key management module, so that the vehicle microprocessor uses the target encryption information in the key management module to authenticate security through the start identifier.

In some specific embodiments, the preprocessing module is further configured to: when the third encryption information of any encryption task and the second encryption information corresponding to any encryption task do not meet the same preset condition, uploading loading failure information, and triggering the upper computer to download the first encryption information of each encryption task and the second encryption information of the corresponding encryption task again.

In this embodiment, when the preset same condition is not satisfied, the downloaded upper computer is notified of the loading failure, and the downloaded upper computer downloads the plurality of first encryption information of each encryption task and the plurality of second encryption information of the corresponding encryption task again until the vehicle microprocessor can save the target encryption information of each encryption task into the key management module. Thereby ensuring that a safety mechanism is established in the vehicle microprocessor.

In some embodiments, the work upper computer is further configured to: and generating a second message authentication code of the application program based on the acquired application program key and the application program file.

The vehicle microprocessor further includes a flash memory, and the vehicle microprocessor is further configured to save the downloaded second message authentication code to the flash memory.

In this embodiment, the second message authentication code is stored in the flash memory of the vehicle microprocessor, so that the second message authentication code in the flash memory can be updated when the application program in the vehicle microprocessor is updated. The integrity of the application program file can be verified through the second message authentication code, and random tampering of the application program file is avoided.

In some specific embodiments, the working upper computer is configured to generate, based on the obtained target encryption information of each of the plurality of encryption tasks, a plurality of first encryption information corresponding to the encryption task and a plurality of second encryption information corresponding to the encryption task, respectively, and at least includes: acquiring a boot loader file; the first message authentication code is generated based on the bootloader key and the bootloader file.

In this particular embodiment, the first message authentication code is generated by the bootloader key and the bootloader file. The integrity of the boot loader file can be verified through the first message authentication code, and random tampering of the boot loader file is avoided.

In some embodiments, the system further comprises a production host computer, as shown in FIG. 3.

The production upper computer is respectively in communication connection with the work upper computer and the preprocessing module and is configured to download the first encryption information of each encryption task and the second encryption information of the corresponding encryption task downloaded by the work upper computer to the preprocessing module.

In this embodiment, when the manufacturer produces the vehicle, if a safety mechanism is built in batches for the vehicle microprocessors on the production line, a production host computer is disposed between the work host computer and the vehicle microprocessors. The work upper computer downloads the first encryption information of each encryption task and the second encryption information of the corresponding encryption task to the production upper computer, and then the production upper computer downloads the first encryption information of each encryption task and the second encryption information of the corresponding encryption task to the preprocessing module of the work upper computer. The production host computer ensures the work of loading the target encryption information to the key management module of the vehicle microprocessor.

The vehicle encryption system comprises a working upper computer and a vehicle microprocessor. The method comprises the steps of respectively generating a plurality of first encryption information corresponding to an encryption task and a plurality of second encryption information corresponding to the encryption task based on the obtained target encryption information of each encryption task by a working upper computer, obtaining the target encryption information corresponding to the encryption task at least based on the downloaded first encryption information of each encryption task and the downloaded second encryption information of each encryption task by a preprocessing module of a vehicle microprocessor, and storing the target encryption information of each encryption task into a secret key management module. The safety authentication mechanism is ensured to be established in the vehicle microprocessor, and the running safety of the vehicle microprocessor is ensured.

The application further provides an embodiment of a method for adapting to the above embodiment, and the explanation based on the meaning of the same name is the same as that of the above embodiment, and has the same technical effects as those of the above embodiment, and is not repeated here.

As shown in fig. 4, the present application provides a vehicle encryption method applied to a vehicle microprocessor in the system as described above, including:

step S401, in the process of trust root execution, obtaining a boot loader key applied to a boot loader authority task stored in a key management module;

step S402, the bootloader key is applied to a preset first encryption algorithm to obtain a first algorithm result;

step S403, when it is determined that the first algorithm result meets a preset first trusted condition, starting a bootloader;

step S404, during the execution of the boot loader, acquiring an application key applied to an application authority task stored in the key management module;

step S405, the application key is applied to a preset second encryption algorithm to obtain a second algorithm result;

step S406, when it is determined that the second algorithm result meets the preset second trusted condition, starting the application program.

Optionally, when it is determined that the first algorithm result meets a preset first trusted condition, starting a bootloader, including:

step S403-1, when the second algorithm result is determined to meet a preset second trusted condition, acquiring a first message authentication code and a bootloader of the bootloader applied to the bootloader authentication task, which are stored in the key management module;

step S403-2, the bootloader is applied to a preset third encryption algorithm to obtain a third message authentication code;

step S403-3, when the third message authentication code is equal to the first message authentication code, starting a bootloader.

Optionally, when the second algorithm result is determined to meet a preset second trusted condition, starting an application program, including:

step S406-1, when the second algorithm result is determined to meet a preset second trusted condition, a second message authentication code and an application program of the application program stored in the flash memory are obtained;

step S406-2, the application program is applied to preset a fourth encryption algorithm, and a fourth message authentication code is obtained;

step S406-3, when the fourth message authentication code is equal to the second message authentication code, starting an application program.

Optionally, the method further comprises:

step S411, responding to the update request or the deletion request downloaded by the upper computer, and acquiring the authorization key applied to the master authority task stored in the key management module;

step S412, the authorization key is applied to a preset fifth encryption algorithm to obtain a third algorithm result;

and step S413, when the third algorithm result meets the preset third trusted condition, authorizing the upper computer to update or delete the target encryption information in the key management module.

According to the embodiment of the application, the running process of the vehicle microprocessor is safely protected through the target encryption information of each of the plurality of encryption tasks stored in the key management module, and the running safety of the vehicle microprocessor is ensured.

The present embodiment provides an electronic device, including: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the one processor to enable the at least one processor to perform the method steps described in the embodiments above.

Embodiments of the present application provide a non-transitory computer storage medium storing computer executable instructions that perform the method steps described in the embodiments above.

Finally, it should be noted that: in the present specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different point from other embodiments, and identical and similar parts between the embodiments are all enough to refer to each other.

The above embodiments are only for illustrating the technical solution of the present application, and are not limiting thereof; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the corresponding technical solutions.

Claims (10)

1. A vehicle encryption system, comprising:

the work upper computer is configured to generate a plurality of first encryption information corresponding to the encryption task and a plurality of second encryption information corresponding to the encryption task based on the obtained target encryption information of each of the plurality of encryption tasks, wherein the plurality of first encryption information of each encryption task is obtained by encrypting at least the corresponding target encryption information applied to a plurality of first algorithms, and the plurality of second encryption information of each encryption task is obtained by encrypting the corresponding target encryption information applied to a plurality of second algorithms;

the vehicle microprocessor includes a preprocessing module and a key management module, the preprocessing module is configured to: and obtaining target encryption information of the corresponding encryption task at least based on the downloaded first encryption information of each encryption task and the downloaded second encryption information of the corresponding encryption task, and storing the target encryption information of each encryption task into the key management module.

2. The system of claim 1, wherein the preprocessing module is configured to obtain target encryption information of each encryption task based on at least the downloaded first encryption information of each encryption task and the downloaded second encryption information of the corresponding encryption task, and wherein storing the target encryption information of each encryption task in the key management module comprises:

decrypting the acquired multiple pieces of first encryption information of each encryption task through the multiple pieces of first algorithms to at least acquire the waiting encryption information of the corresponding encryption task;

encrypting the waiting encryption information of each encryption task through a plurality of second algorithms to obtain a plurality of third encryption information of the corresponding encryption task;

and when the plurality of third encryption information of each encryption task and the plurality of second encryption information of the corresponding encryption task meet the same preset conditions, respectively storing the plurality of waiting encryption information as target encryption information into the key management module.

3. The system of claim 2, wherein the preprocessing module is further configured to: and uploading the successful information when the plurality of third encryption information of each encryption task and the plurality of second encryption information of the corresponding encryption task meet the same preset conditions.

4. The system of claim 2, wherein the preprocessing module is further configured to: and after the plurality of waiting encryption information are respectively stored into the key management module as target encryption information, setting a starting identifier in the key management module.

5. The system of claim 2, wherein the preprocessing module is further configured to: when the third encryption information of any encryption task and the second encryption information corresponding to any encryption task do not meet the same preset condition, uploading loading failure information, and triggering the upper computer to download the first encryption information of each encryption task and the second encryption information of the corresponding encryption task again.

6. The system of claim 1, wherein the plurality of encryption tasks comprises: a master entitlement task, a bootloader authentication task, and an application entitlement task;

the plurality of target encryption information includes: an authorization key applied to the master entitlement task, a bootloader key applied to the bootloader entitlement task, a first message authentication code of a bootloader applied to the bootloader authentication task, and an application key applied to the application entitlement task.

7. The system of claim 6, wherein the work host computer is further configured to: generating a second message authentication code of the application program based on the acquired application program key and the application program file;

the vehicle microprocessor further includes a flash memory, and the vehicle microprocessor is further configured to save the downloaded second message authentication code to the flash memory.

8. The system of claim 6, wherein the work upper computer is configured to generate a plurality of first encryption information corresponding to the encryption task and a plurality of second encryption information corresponding to the encryption task based on the obtained target encryption information of each of the plurality of encryption tasks, respectively, and the work upper computer at least includes:

acquiring a boot loader file;

the first message authentication code is generated based on the bootloader key and the bootloader file.

9. The system of claim 1, further comprising a production host computer;

the production upper computer is respectively in communication connection with the work upper computer and the preprocessing module and is configured to download the first encryption information of each encryption task and the second encryption information of the corresponding encryption task downloaded by the work upper computer to the preprocessing module.

10. A vehicle encryption method for use in the vehicle microprocessor of the system of claim 7, comprising:

in the execution process of the trust root, a bootloader secret key applied to a bootloader authority task and stored in a secret key management module is obtained;

applying the bootloader secret key to a preset first encryption algorithm to obtain a first algorithm result;

when the first algorithm result is determined to meet a preset first trusted condition, starting a boot loader;

in the execution process of the boot loader, an application program key applied to an application program authority task stored in the key management module is obtained;

applying the application key to a preset second encryption algorithm to obtain a second algorithm result;

and starting an application program when the second algorithm result is determined to meet a preset second credible condition.