CN117908972A - Safe starting method of operating system and related products - Google Patents
Safe starting method of operating system and related products Download PDFInfo
- Publication number
- CN117908972A CN117908972A CN202311595182.7A CN202311595182A CN117908972A CN 117908972 A CN117908972 A CN 117908972A CN 202311595182 A CN202311595182 A CN 202311595182A CN 117908972 A CN117908972 A CN 117908972A
- Authority
- CN
- China
- Prior art keywords
- substructure
- signature
- key
- kernel
- digital
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 81
- 230000008569 process Effects 0.000 claims abstract description 36
- 238000012795 verification Methods 0.000 claims description 52
- 238000004590 computer program Methods 0.000 claims description 9
- 230000004044 response Effects 0.000 claims description 6
- 238000013507 mapping Methods 0.000 claims description 4
- 238000010586 diagram Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 4
- 239000000203 mixture Substances 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000004807 localization Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The application discloses a safe starting method of an operating system and related products. The method comprises the following steps: checking the digital signature of the secondary BootLoader to obtain a first checking result; analyzing a kernel protection structure obtained by performing first password operation in advance on the kernel based on an operating system to obtain a first digital signature substructure, a first ciphertext substructure, a first digital envelope substructure and a first key protection substructure; sequentially carrying out second password operation on the first key protection substructure, the first digital envelope substructure and the first ciphertext substructure to the kernel, and checking the first digital signature substructure to obtain a second checking result; and when the first checking result indicates that the digital signature is correct and the second checking result indicates that the digital signature of the kernel is correct, loading the secondary Bootloader and the kernel. According to the scheme, the dual-device certificate, the asymmetric password and the symmetric password are adopted to carry out password operation on the kernel, so that confidentiality of the operating system in the starting process is improved.
Description
Technical Field
The present application relates to the field of operating systems, and in particular, to a method for safely starting an operating system and related products.
Background
The operating system is a key in the information localization process, and a safe starting technology is needed to improve the safety of the operating system. Wherein the operating system is a set of interrelated system software hosting and controlling computer operations, employing and running hardware, software resources, and providing common services to organize user interactions; secure booting is a way of booting based on various central processing unit (Central Processing Unit, CPU) secure architectures using the international general cryptographic algorithm. Because the method does not have the core technology of the international general cryptographic algorithm and the verification technology in the starting process, the existing safe starting technology does not accord with the principle of autonomous control, and the development of an autonomous controllable safe starting technology is needed to improve the safety of an operating system.
The domestic cryptographic algorithm is a set of cryptographic standards specified by the national commercial cryptographic management office. In the related art, the use of the domestic cryptographic algorithm can only prevent the system file from being tampered during the starting process of the operating system. However, the security of the operating system should not be limited to preventing system files from being tampered with during the boot process, but also to improve the confidentiality of the operating system during the boot process.
Disclosure of Invention
Based on the above problems, the application provides a safe starting method of an operating system and related products, which improves confidentiality of the operating system in the starting process, thereby improving safety of the operating system.
The embodiment of the application discloses the following technical scheme:
in a first aspect, an embodiment of the present application provides a method for securely starting an operating system, where the method includes:
Loading a BootROM program in response to the power-on of the operating system;
According to the signature equipment certificate, verifying a digital signature obtained based on the secondary Bootloader pre-signature to obtain a first verification result; the digital signature is generated by signing the secondary Bootloader by a signature private key; the signature equipment certificate is issued by a root certificate based on a domestic commercial asymmetric cryptographic algorithm;
Analyzing a kernel protection structure obtained by performing first password operation in advance based on a kernel of the operating system to obtain a first digital signature substructure, a first ciphertext substructure, a first digital envelope substructure and a first key protection substructure; the first digital signature substructure is generated by signing the kernel by a signature private key; the first ciphertext substructure is generated by encrypting the inner core by a symmetric encryption algorithm and a symmetric key; the first digital envelope substructure is generated by encrypting the symmetric key with an encryption device certificate; the first key protection substructure is generated by encrypting an encryption private key by the signature device certificate;
sequentially performing second cryptographic operation on the first key protection substructure, the first digital envelope substructure and the first ciphertext substructure to obtain the kernel, and verifying the first digital signature substructure according to the signature equipment certificate to obtain a second verification result;
And loading the secondary BootLoader and the kernel when the first check result indicates that the digital signature of the secondary BootLoader is correct and the second check result indicates that the digital signature of the kernel of the secondary BootLoader is correct.
Optionally, the performing a second cryptographic operation on the first key protection substructure, the first digital envelope substructure, and the first ciphertext substructure in sequence to obtain the kernel specifically includes:
decrypting the first key protection substructure according to a signature private key to obtain the encryption private key;
Decrypting the first digital envelope substructure according to the encryption private key to obtain a symmetric key about the symmetric encryption algorithm;
and decrypting the first ciphertext substructure according to the symmetric key to obtain the kernel.
Optionally, after the loading the secondary Bootloader and the kernel, the method further includes:
Analyzing a data area protection structure obtained by carrying out first password operation in advance on a data area based on a target process to obtain a second digital signature substructure, a second ciphertext substructure, a second digital envelope substructure and a second key protection substructure; wherein the second digital signature substructure is generated by signing the data region with the signature private key; the second ciphertext substructure is generated by encrypting the data area by a symmetric encryption algorithm and a symmetric key; the second digital envelope substructure is generated by encrypting the symmetric key by the encryption device certificate; the second key protection structure is generated by encrypting the encryption private key by the signature equipment certificate;
sequentially performing a second password operation on the second key protection substructure, the second digital envelope substructure and the second ciphertext substructure to obtain the data area, and verifying the second digital signature substructure according to the signature equipment certificate to obtain a third verification result;
And when the third checking result indicates that the digital signature of the data area is correct, mapping the data area into a data segment to load the target process.
Optionally, the sequentially performing a second cryptographic operation on the second key protection substructure, the second digital envelope substructure and the second ciphertext substructure to obtain the data area specifically includes:
Decrypting the second key protection substructure according to the signature private key to obtain the encryption private key;
decrypting the second digital envelope substructure according to the encryption private key to obtain a symmetric key about the symmetric encryption algorithm;
And decrypting the second ciphertext substructure according to the symmetric key to obtain the data area.
Optionally, the verifying, according to the signing device certificate, the digital signature obtained based on the secondary Bootloader pre-signature to obtain a first verification result specifically includes:
Loading a root certificate based on a domestic commercial asymmetric cryptographic algorithm, and verifying a signature device certificate according to the root certificate to obtain a fourth verification result;
and when the fourth verification result indicates that the signature equipment certificate is correct, verifying the digital signature obtained based on the secondary Bootloader pre-signature according to the signature equipment certificate to obtain a first verification result.
Optionally, the kernel protection structure is formed by splicing the first digital signature substructure, the first ciphertext substructure, the first digital envelope substructure and the first key protection substructure according to a TLV format; the security area is formed by splicing the second digital signature substructure, the second ciphertext substructure, the second digital envelope substructure and the second key protection substructure according to a TLV format;
the method comprises the steps of analyzing a kernel protection structure obtained by carrying out first password operation in advance on the basis of a kernel of the operating system to obtain a first digital signature substructure, a first ciphertext substructure, a first digital envelope substructure and a first key protection substructure, and specifically comprises the following steps:
analyzing a kernel protection structure obtained by carrying out first cryptographic operation in advance on the basis of a kernel of the operating system according to the TLV format to obtain a first digital signature substructure, a first ciphertext substructure, a first digital envelope substructure and a first key protection substructure;
the analyzing the security area protection structure obtained by carrying out the first password operation on the data area of the ELF file based on the target process in advance to obtain a second digital signature substructure, a second ciphertext substructure, a second digital envelope substructure and a second key protection substructure specifically comprises:
and analyzing the security area protection structure according to the TLV format to obtain a second digital signature substructure, a second ciphertext substructure, a second digital envelope substructure and a second key protection substructure.
In a second aspect, an embodiment of the present application provides a secure boot device for an operating system, where the device includes: the system comprises a first loading module, a first checking module, a first analyzing module, a second password operation module, a second checking module and a second loading module;
The loading module is used for responding to the power-on of the operating system and loading a BootROM program;
The first verification module is used for verifying a digital signature obtained based on a secondary Bootloader pre-signature according to the signature equipment certificate to obtain a first verification result;
The first analysis module is used for analyzing the kernel protection structure to obtain a first digital signature substructure, a first ciphertext substructure, a first digital envelope substructure and a first key protection substructure; the first digital signature substructure is generated by signing the kernel by a signature private key; the first ciphertext substructure is generated by encrypting the inner core by a symmetric encryption algorithm and a symmetric key; the first digital envelope substructure is generated by encrypting the symmetric key with an encryption device certificate; the first key protection substructure is generated by encrypting an encryption private key by the signature device certificate;
The second password operation module is used for sequentially carrying out second password operation on the first key protection substructure, the first digital envelope substructure and the first ciphertext substructure to obtain the kernel;
The second checking module is used for checking the first digital signature substructure according to the signature equipment certificate to obtain a second checking result;
The second loading module is configured to load the secondary BootLoader and the kernel when the first verification result indicates that the digital signature is correct and the second verification result indicates that the digital signature of the kernel of the secondary BootLoader is correct.
Optionally, the second cryptographic operation module is specifically configured to:
decrypting the first key protection substructure according to a signature private key to obtain the encryption private key;
Decrypting the first digital envelope substructure according to the encryption private key to obtain a symmetric key about the symmetric encryption algorithm;
and decrypting the first ciphertext substructure according to the symmetric key to obtain the kernel.
Optionally, the apparatus further comprises: the system comprises a second analysis module, a third verification module and a third loading module;
The second analysis module is used for analyzing a data area protection structure obtained by carrying out first password operation in advance on a data area based on a target process to obtain a second digital signature substructure, a second ciphertext substructure, a second digital envelope substructure and a second key protection substructure; wherein the second digital signature substructure is generated by signing the data region with the signature private key; the second ciphertext substructure is generated by encrypting the data area by a symmetric encryption algorithm and a symmetric key; the second digital envelope substructure is generated by encrypting the symmetric key by the encryption device certificate; the second key protection structure is generated by encrypting the encryption private key by the signature equipment certificate;
The second password operation module is further configured to sequentially perform a second password operation on the second key protection substructure, the second digital envelope substructure, and the second ciphertext substructure to obtain the data area;
the third verification module is used for verifying the second digital signature substructure according to the signature equipment certificate to obtain a third verification result;
And the third loading module is configured to map the data area into a data segment to load the target process when the third verification result indicates that the digital signature of the data area is correct.
Optionally, the second cryptographic operation module is specifically configured to:
Decrypting the second key protection substructure according to the signature private key to obtain the encryption private key;
decrypting the second digital envelope substructure according to the encryption private key to obtain a symmetric key about the symmetric encryption algorithm;
And decrypting the second ciphertext substructure according to the symmetric key to obtain the data area.
Optionally, the first verification module is specifically configured to:
Loading a root certificate based on a domestic commercial asymmetric cryptographic algorithm, and verifying a signature device certificate according to the root certificate to obtain a fourth verification result;
and when the fourth verification result indicates that the signature equipment certificate is correct, verifying the digital signature obtained based on the secondary Bootloader pre-signature according to the signature equipment certificate to obtain a first verification result.
Optionally, the first parsing module is specifically configured to:
the method comprises the steps of analyzing a kernel protection structure obtained by carrying out first password operation in advance on the basis of a kernel of the operating system to obtain a first digital signature substructure, a first ciphertext substructure, a first digital envelope substructure and a first key protection substructure, and specifically comprises the following steps:
analyzing a kernel protection structure obtained by carrying out first cryptographic operation in advance on the basis of a kernel of the operating system according to the TLV format to obtain a first digital signature substructure, a first ciphertext substructure, a first digital envelope substructure and a first key protection substructure;
the analyzing the security area protection structure obtained by carrying out the first password operation on the data area of the ELF file based on the target process in advance to obtain a second digital signature substructure, a second ciphertext substructure, a second digital envelope substructure and a second key protection substructure specifically comprises:
and analyzing the security area protection structure according to the TLV format to obtain a second digital signature substructure, a second ciphertext substructure, a second digital envelope substructure and a second key protection substructure.
In a third aspect, an embodiment of the present application provides a computer apparatus including:
a memory having a computer program stored thereon;
A processor for executing the computer program in the memory to implement the steps of the secure boot method of the operating system of any of the first aspects.
In a fourth aspect, an embodiment of the present application provides a computer-readable storage medium, on which is stored a computer program which, when executed by a processor, implements the steps of the method for secure booting of an operating system according to any one of the first aspects.
Compared with the prior art, the application has the following beneficial effects:
loading a BootROM program in response to the power-on of the operating system; verifying the digital signature according to the signature equipment certificate to obtain a first verification result; analyzing a kernel protection structure obtained by performing first password operation in advance on the kernel based on an operating system to obtain a first digital signature substructure, a first ciphertext substructure, a first digital envelope substructure and a first key protection substructure; the first digital signature substructure is generated by signing the kernel by a signature private key; the first ciphertext substructure is generated by encrypting the kernel by a symmetric encryption algorithm and a symmetric key; the first digital envelope substructure is generated by encrypting the symmetric key with an encryption device certificate; the first key protection substructure is generated by encrypting an encryption private key by a signing device certificate; sequentially performing second password operation on the first key protection substructure, the first digital envelope substructure and the first ciphertext substructure to obtain a kernel, and checking the first digital signature substructure according to the signature equipment certificate to obtain a second checking result; and loading the secondary BootLoader and the kernel when the first check result indicates that the digital signature of the secondary BootLoader is correct and the second check result indicates that the digital signature of the image is correct. In the embodiment of the application, the combination of the double equipment certificates (the signature equipment certificates and the encryption equipment certificates), the asymmetric passwords and the symmetric passwords is adopted to perform layer-by-layer first password operation on the kernel to generate the kernel protection structure, the layer-by-layer second password operation is performed on the kernel protection structure in the process of safe starting to obtain the kernel, the kernel is checked through the signature equipment certificates, the confidentiality of the operating system in the starting process is improved while the system file is not tampered, and the safety of the operating system is further improved.
Drawings
In order to more clearly illustrate the embodiments of the application or the technical solutions of the prior art, the drawings which are used in the description of the embodiments or the prior art will be briefly described, it being obvious that the drawings in the description below are only some embodiments of the application, and that other drawings can be obtained according to these drawings without inventive faculty for a person skilled in the art.
FIG. 1 is a flowchart of a method for establishing a trust chain according to an embodiment of the present application;
FIG. 2 is a flowchart of a method for generating a data region protection structure according to an embodiment of the present application;
FIG. 3 is a schematic diagram of an ELF file structure at a connection perspective according to an embodiment of the present application;
FIG. 4 is a flowchart of a method for generating a kernel protection structure according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of a trusted area of a CPU according to an embodiment of the present application;
FIG. 6 is a flowchart of a method for secure booting of an operating system according to an embodiment of the present application;
FIG. 7 is a flowchart of a method for obtaining a kernel from a kernel protection structure of a decryption operating system according to an embodiment of the present application;
FIG. 8 is a flowchart of a secure boot of another operating system according to an embodiment of the present application;
FIG. 9 is a flowchart of a method for decrypting a data area protection structure to obtain a data area according to an embodiment of the present application;
FIG. 10 is a schematic diagram of an ELF file structure in an execution view according to an embodiment of the present application;
Fig. 11 is a schematic structural diagram of a safety start device of an operating system according to an embodiment of the present application.
Detailed Description
As described above, to achieve autonomous controllability of secure booting of an operating system, a domestic and commercial cryptographic algorithm is used in secure booting of an operating system. However, in the related art, the operating system can only prevent the system file from being tampered during the starting process, so that confidentiality during the safe starting process of the operating system is relatively poor, and the safety of the operating system is insufficient.
In order to solve the technical problems, in the embodiment of the application, a digital signature is obtained by pre-signing the secondary BootLoader, a first cryptographic operation is performed on the kernel in advance to obtain a kernel protection structure, and the digital signature and the kernel protection structure are burnt into corresponding registers. The kernel protection structure consists of a first digital signature substructure generated by signing the kernel by a signature private key, a first ciphertext substructure generated by encrypting the kernel by a symmetric encryption algorithm and a symmetric key, a first digital envelope substructure generated by encrypting the symmetric key by an encryption device certificate, and a first key protection substructure generated by encrypting the encryption private key by the signature device certificate. When the operating system is started, the digital signature of the kernel can be verified only through layer-by-layer password operation, and the secondary BootLoader and the kernel are loaded after verification is passed so as to finish the starting of the operating system.
In order to make the present application better understood by those skilled in the art, the following description will clearly and completely describe the technical solutions in the embodiments of the present application with reference to the accompanying drawings, and it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
For easy understanding, the embodiment of the application firstly establishes a trust chain based on an SM2 algorithm in a domestic asymmetric cryptographic algorithm.
Referring to FIG. 1, a flow chart of a method of establishing a trust chain in accordance with an embodiment of the present application is shown.
As shown in fig. 1, the method includes:
s101: generating a root certificate based on an SM2 algorithm in a domestic commercial asymmetric encryption algorithm, and encrypting public and private Yue pairs and signature public and private Yue pairs based on the SM2 algorithm.
The encryption public key is located in the encryption equipment certificate issued by the root certificate, and the signature public key is located in the signature equipment certificate issued by the root certificate.
A Root Certificate (Root Certificate) is a public key Certificate belonging to a Root Certificate Authority (CA) and serves as a starting point of a trust chain in a public key infrastructure.
S102: the root certificate and the signed device certificate are burned into a designated register.
S103: and signing the secondary BootLoader according to the signature private key to obtain a digital signature related to the secondary BootLoader.
The secondary bootloader (second stage BootLoader, SSBL) is an applet that is executed during the boot process, and is located in the ROM (read-only memory) or flash memory of the chip. Its main role is to initialize hardware and load the validating and executing operating system kernel.
Specifically, hash data (abstract) is generated through an SM3 algorithm, then the hash data is transferred to a signature function, and a signature private key of SM2 is used for signing the secondary BootLoader to obtain a digital signature.
S104: and performing a first password operation on the data area of the target process to generate a data area protection structure.
The first cryptographic operation includes symmetric encryption, asymmetric encryption, information digest, signature, and the like.
As shown in fig. 2, S104 will be illustrated by the following S1041-S1045:
S1041: and signing the data area according to the signature private key to obtain a second digital signature sub-structure.
As an example, hash data is generated by SM3 algorithm, then the hash data is transferred to signature function, and signature is performed on the data area by SM2 signature private key to obtain second digital signature substructure.
S1042: and encrypting the data area according to the symmetric encryption algorithm and the symmetric key to obtain a second ciphertext sub-structure.
Firstly, generating a 128-bit random number based on a random number algorithm, and taking the 128-bit random number as a symmetric key; then, the data area is encrypted according to the symmetric encryption algorithm SM4 and the symmetric key to obtain a second ciphertext sub-structure.
By way of example, random number algorithms include, but are not limited to, true random number generator algorithms (True Random Number Generator, TRNG), pseudo random number generator algorithms (pseudo-Random Number Generator, PRNG), and pseudo random function algorithms (PRF).
S1043: and encrypting the symmetric key according to the encryption equipment certificate to obtain a second digital envelope substructure.
S1044: and encrypting the encryption private key according to the signature equipment certificate to obtain a second key protection substructure.
S1045: and connecting the second digital signature substructure, the second ciphertext substructure, the second digital envelope substructure and the second key protection substructure to obtain a data area protection structure.
In an alternative embodiment, the second digital signature substructure, the second ciphertext substructure, the second digital envelope substructure, and the second key protection substructure are concatenated in TLV format to obtain the data region protection structure. Wherein T-Type represents a Type, L-Length represents a Length, and V-Value represents a Value.
It should be noted that, in the embodiment of the present application, when the second digital signature substructure, the second ciphertext substructure, the second digital envelope substructure, and the second key protection substructure are connected to obtain the data area protection structure, the sequence between the substructures is not limited. The structure of the executable and linkable format ((Executable and Linkable Format, ELF) file in the connection view is shown in FIG. 3, and includes an ELF header, a program header table, a data area and a data area protection structure.
The data area header table is a set of data area header compositions, and the program header table (Program Header Table) is a set of data area header compositions.
The ELF header includes an offset address of the data area header table in the ELF file, a size of the single data area header, a number of the data area headers, an offset address of the program header table in the ELF file, a size of the single program header, and a number of the program headers. In addition, if the type of the ELF file is an executable file, the ELF header structure also includes the entry address of the program.
The Program head points to a Program, and the Program head includes information such as the type of the pointed Program, the offset address in the ELF file, the size, and the virtual address mapped to the memory. A Program is composed of a series of consecutive data region sections that have the same rights, such as read-only, read-write, readable and executable, etc.
The data area header points to a data area Section, and the data area header includes information such as the name and type of the pointed data area Section, and offset address and size in the ELF file.
S105: and performing a first password operation on the kernel of the operating system to obtain a kernel domain protection structure. As shown in fig. 4, S105 will be illustrated by the following S1051-S1055:
s1051: and signing the kernel of the operating system according to the signature private key to obtain a first digital signature sub-structure.
S1052: and encrypting the operating kernel according to the symmetric encryption algorithm and the symmetric key to obtain a first ciphertext sub-structure.
S1053: and encrypting the symmetric key according to the encryption public key to obtain a first digital envelope substructure.
S1054: and encrypting the encryption private key according to the signature public key to obtain a first key protection substructure.
S1055: and connecting the first digital signature substructure, the first ciphertext substructure, the first digital envelope substructure and the first key protection substructure to obtain a kernel protection structure.
In an alternative embodiment, the first digital signature substructure, the first ciphertext substructure, the first digital envelope substructure, and the first key protection substructure are concatenated in TLV format to obtain the data region protection structure. The TLV format has the following advantages: one is not limited by a specific data format, and can be suitable for various application scenes; secondly, the data in the TLV protocol contains three information of type, length and value, so that the complexity of data type inference and decoding in the analysis process is reduced; thirdly, the TLV-format data area protection structure can exchange and be compatible with different systems and different languages.
It should be noted that, in the embodiment of the present application, when the first digital signature substructure, the first ciphertext substructure, the first digital envelope substructure, and the first key protection substructure are connected to obtain the kernel protection structure, the sequence among the substructures is not limited.
S106: the digital signature, the data region protection structure, and the kernel protection structure are loaded to the specified register addresses, respectively.
For easy understanding, an embodiment of the present application provides a schematic structure of a trusted area of a CPU, as shown in fig. 5.
The trusted region is a hardware architecture of ARM design, and conceptually divides hardware and software resources supporting secure boot into a secure world and a normal world, all actions requiring cryptographic operations need to be executed in the secure world, and the rest of operations need to be executed in the normal world. The operation of the secure world and the normal world in the CPU is monitored and switched by the secure monitor. The secondary BootLoader digital signature is correspondingly loaded to the secondary BootLoader area in fig. 5, the data area protection structure is correspondingly loaded to the Linux user mode area in fig. 5, and the kernel protection structure is correspondingly loaded to the Linux kernel area in fig. 5.
S101-S106 build trust chain, lay foundation for realizing safe start of operating system subsequently.
Referring to fig. 6, a flowchart of a method for secure booting an operating system according to an embodiment of the present application is shown.
As shown in fig. 6, the method includes:
s601: in response to the operating system powering up, the BootROM program is loaded.
The operating system includes, but is not limited to, linux operating system.
BootROM programs are programs in read-only memory (ROM) that are read when the operating system is started, and function to initialize system hardware, load the operating system, and other critical operations.
S602: and verifying the digital signature obtained based on the secondary Bootloader pre-signature according to the signature equipment certificate to obtain a first verification result.
The digital signature is generated by signing the secondary Bootloader by a signature private key; the signing device certificate is issued by a root certificate based on a domestic and commercial asymmetric cryptographic algorithm.
In an alternative embodiment, loading a root certificate based on a domestic commercial asymmetric cryptographic algorithm, and verifying the signature equipment certificate according to the root certificate to obtain a fourth verification result; and when the fourth verification result indicates that the signature equipment certificate is correct, verifying the digital signature obtained based on the secondary Bootloader pre-signature according to the signature equipment certificate to obtain a first verification result.
By judging the correctness of the signature equipment certificate before the signature equipment certificate is used, the safety of the signature equipment certificate can be improved to a certain extent if the signature equipment certificate is correct and then the subsequent steps are executed; if the signature equipment certificate is incorrect, the subsequent steps are not executed, and system resources are saved.
S603: and analyzing a kernel protection structure obtained by carrying out first password operation in advance on the kernel based on the operating system to obtain a first digital signature substructure, a first ciphertext substructure, a first digital envelope substructure and a first key protection substructure.
The first digital signature substructure is generated by signing the kernel by a signature private key; the first ciphertext substructure is generated by encrypting the kernel by a symmetric encryption algorithm and a symmetric key; the first digital envelope substructure is generated by encrypting the symmetric key with an encryption device certificate; the first key protection sub-structure is generated by encrypting an encryption private key by a signing device certificate.
In an alternative embodiment, the kernel protection structure is parsed according to a TLV format to obtain a first digital signature sub-structure, a first ciphertext sub-structure, a first digital envelope sub-structure, and a first key protection sub-structure.
S604: and sequentially performing second password operation on the first key protection substructure, the first digital envelope substructure and the first ciphertext substructure to obtain a kernel, and checking the first digital signature substructure according to the signature equipment certificate to obtain a second checking result.
Wherein the second cryptographic operation includes symmetric decryption, asymmetric decryption, and decryption signing.
As shown in fig. 7, S604 will be explained by the following S6041-S6044.
S6041: and decrypting the first key protection sub-structure by using the signature private key to obtain an encryption private key.
S6042: and decrypting the first digital envelope substructure using the encrypted private key to obtain a symmetric key.
S6043: and decrypting the first ciphertext sub-structure by using a symmetric encryption algorithm and a symmetric key to obtain a kernel.
S6044: and verifying the first digital signature substructure about the kernel according to the signature equipment certificate to obtain a second verification result.
The signature of the kernel can be verified by using the signature equipment certificate only through layer-by-layer password operation, wherein the occurrence of an error in any step can directly lead to the fact that the digital signature of the kernel cannot be verified and the kernel cannot be loaded to realize the starting of an operating system. The combination of the symmetric encryption algorithm, the asymmetric encryption algorithm, the encryption equipment certificate and the signature equipment certificate is used for encrypting the kernel in the encryption process, so that the decryption difficulty is improved, and the confidentiality of an operating system is improved.
S605: and when the first checking result indicates that the digital signature of the secondary BootLoader is correct and the second checking result indicates that the digital signature of the kernel is correct, loading the secondary BootLoader and the kernel.
It should be appreciated that the operating system boots up after the secondary Bootloader and kernel are loaded.
In the embodiment of the application, the combination of the double equipment certificates (the signature equipment certificates and the encryption equipment certificates), the asymmetric passwords and the symmetric passwords is adopted to encrypt the kernel layer by layer to generate the kernel protection structure, the kernel protection structure is decrypted layer by layer to obtain the kernel in the process of safe starting, the kernel is checked through the signature equipment certificates, the confidentiality of the operating system in the starting process is improved while the system file is not tampered, and the safety of the operating system is further improved.
Since the above embodiment only improves confidentiality of the operating system, it does not protect the process after the operating system is started. For this reason, a flowchart of secure booting of an operating system is provided in an embodiment of the present application, see fig. 8.
As shown in fig. 8, the method includes:
S801: in response to the operating system powering up, the BootROM program is loaded.
S802: and verifying the digital signature obtained based on the secondary Bootloader pre-signature according to the signature equipment certificate to obtain a first verification result.
S803: and analyzing a kernel protected structure obtained by performing first password operation in advance on the kernel based on the operating system to obtain a first digital signature substructure, a first ciphertext substructure, a first digital envelope substructure and a first key protection substructure.
S804: and sequentially performing second password operation on the first key protection substructure, the first digital envelope substructure and the first ciphertext substructure to obtain a kernel, and checking the first digital signature substructure according to the signature equipment certificate to obtain a second checking result.
S805: and when the first checking result indicates that the digital signature of the secondary BootLoader is correct and the second checking result indicates that the digital signature of the kernel is correct, loading the secondary BootLoader and the kernel.
S806: and analyzing a data area protection structure obtained by carrying out first password operation on a data area based on the target process in advance to obtain a second digital signature substructure, a second ciphertext substructure, a second digital envelope substructure and a second key protection substructure.
The second digital signature substructure is generated by signing the data area by a signature private key; the second ciphertext sub-structure is generated by encrypting the data area by a symmetric encryption algorithm and a symmetric key; the second digital envelope substructure is generated by encrypting the symmetric key with an encryption device certificate; the second key protection sub-structure is generated by encrypting the encryption private key by the signing device certificate.
S807: and sequentially performing second password operation on the second key protection substructure, the second digital envelope substructure and the second ciphertext substructure to obtain a data area, and checking the second digital signature substructure related to the data area according to the equipment signature certificate to obtain a third checking result.
As shown in fig. 9, S807 will be explained by the following S8071 to S8074.
S8071: and decrypting the second key protection sub-structure according to the signature private key to obtain the encrypted private key.
S8072: decrypting the second digital envelope substructure according to the encryption private key to obtain a symmetric key about the symmetric encryption algorithm;
S8073: and decrypting the second ciphertext substructure according to the symmetric key to obtain the data area.
S8074: and checking the second digital signature seed structure related to the data area according to the device signature certificate to obtain a third checking result.
The signature of the data area can be verified by using the signature equipment certificate only through layer-by-layer cryptographic operation, wherein any error in any step can directly lead to the fact that the digital signature of the data area cannot be verified and the corresponding process cannot be loaded, so that the process is prevented from being reversely analyzed and the confidentiality of the process is improved.
S808: and when the third checking result indicates that the digital signature of the data area is correct, mapping the data area into a data segment to load the target process.
FIG. 10 is a diagram illustrating the structure of an ELF file from an execution perspective, according to one embodiment of the present application. When the third check result indicates that the digital signature of the data area is correct, the data area is mapped to each segment. It should be noted that a plurality of data areas may be mapped to one data segment, and one data area may be mapped to one data segment.
In the embodiment of the application, the data area of the target process is encrypted layer by adopting the combination of the double equipment certificates (the signature equipment certificates and the encryption equipment certificates), the asymmetric passwords and the symmetric passwords to generate the data area protection structure, the data area is obtained by decrypting the data protection structure layer by layer after the safe starting, the data area is verified by the signature equipment certificates, the confidentiality of the target process after the starting of the operating system is improved while the system file is not tampered, and the safety of the operating system is further improved.
Referring to fig. 11, the present application provides a secure boot device for an operating system.
As shown in fig. 11, the apparatus includes: a first loading module 1101, a first verification module 1102, a first parsing module 1103, a second cryptographic operation module 1104, a second verification module 1105 and a second loading module 1106;
A first loading module 1101, configured to load a BootROM program in response to an operating system being powered on;
The first verification module 1102 is configured to verify a digital signature obtained based on a secondary Bootloader pre-signature according to a signature device certificate to obtain a first verification result;
The first parsing module 1103 is configured to parse the kernel protection structure to obtain a first digital signature substructure, a first ciphertext substructure, a first digital envelope substructure, and a first key protection substructure; the first digital signature substructure is generated by signing the kernel by a signature private key; the first ciphertext substructure is generated by encrypting the kernel by a symmetric encryption algorithm and a symmetric key; the first digital envelope substructure is generated by encrypting the symmetric key with an encryption device certificate; the first key protection substructure is generated by encrypting an encryption private key by a signing device certificate;
a second cryptographic operation module 1104, configured to perform a second cryptographic operation on the first key protection substructure, the first digital envelope substructure, and the first ciphertext substructure in sequence to obtain a kernel;
A second checking module 1105, configured to check the first digital signature substructure according to the signature device certificate to obtain a second checking result;
The second loading module 1106 is configured to load the secondary BootLoader and the kernel when the first verification result indicates that the digital signature of the secondary BootLoader is correct, and the second verification result indicates that the digital signature of the kernel is correct.
Optionally, the second cryptographic operation module 1104 is specifically configured to:
Decrypting the first key protection substructure according to the signature private key to obtain an encrypted private key;
decrypting the first digital envelope substructure according to the encryption private key to obtain a symmetric key about the symmetric encryption algorithm;
and decrypting the first ciphertext substructure according to the symmetric key to obtain the kernel.
Optionally, the secure boot device of the operating system further includes: the system comprises a second analysis module, a third verification module and a third loading module;
The second analysis module is used for analyzing a data area protection structure obtained by carrying out first password operation on a data area based on a target process in advance to obtain a second digital signature substructure, a second ciphertext substructure, a second digital envelope substructure and a second key protection substructure; the second digital signature substructure is generated by signing the data area by a signature private key; the second ciphertext sub-structure is generated by encrypting the data area by a symmetric encryption algorithm and a symmetric key; the second digital envelope substructure is generated by encrypting the symmetric key with an encryption device certificate; the second key protection structure is generated by encrypting the encryption private key by the signature equipment certificate;
The second password operation module is further used for sequentially carrying out second password operation on the second key protection substructure, the second digital envelope substructure and the second ciphertext substructure to obtain a data area;
the third verification module is used for verifying the second digital signature substructure according to the signature equipment certificate to obtain a third verification result;
and the third loading module is used for mapping the data area into the data segment to load the target process when the third checking result indicates that the digital signature of the data area is correct.
Optionally, the second cryptographic operation module is specifically configured to:
decrypting the second key protection substructure according to the signature private key to obtain an encrypted private key;
Decrypting the second digital envelope substructure according to the encryption private key to obtain a symmetric key about the symmetric encryption algorithm;
And decrypting the second ciphertext substructure according to the symmetric key to obtain the data area.
Optionally, the first verification module 1102 is specifically configured to:
Loading a root certificate based on a domestic commercial asymmetric cryptographic algorithm, and verifying the signature equipment certificate according to the root certificate to obtain a fourth verification result;
and when the fourth verification result indicates that the signature equipment certificate is correct, verifying the digital signature obtained based on the secondary Bootloader pre-signature according to the signature equipment certificate to obtain a first verification result.
Optionally, the first parsing module 1103 is specifically configured to:
Analyzing a kernel protection structure obtained by carrying out first password operation in advance based on a kernel of an operating system according to a TLV format to obtain a first digital signature substructure, a first ciphertext substructure, a first digital envelope substructure and a first key protection substructure;
and analyzing the security area protection structure according to the TLV format to obtain a second digital signature substructure, a second ciphertext substructure, a second digital envelope substructure and a second key protection substructure.
The present application further provides a computer device based on the above-described method embodiments and apparatus embodiments. The computer device includes:
a memory having a computer program stored thereon;
a processor for executing a computer program in a memory to implement the steps of the method for secure booting of an operating system provided by any of the foregoing method embodiments.
Based on the method embodiments and the device embodiments described above, the present application further provides a computer readable storage medium having a computer program stored thereon, which when executed by a processor implements the method steps of the secure booting of an operating system provided by any of the line-of-sight methods described above.
It should be noted that, in the present specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment is mainly described in a different point from other embodiments. In particular, for the device embodiments, since they are substantially similar to the method embodiments, the description is relatively simple, and reference is made to the description of the method embodiments for relevant points. The apparatus embodiments described above are merely illustrative, wherein elements illustrated as separate elements may or may not be physically separate, and elements illustrated as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
The foregoing is only one specific embodiment of the present application, but the scope of the present application is not limited thereto, and any changes or substitutions easily contemplated by those skilled in the art within the technical scope of the present application should be included in the scope of the present application. Therefore, the protection scope of the present application should be subject to the protection scope of the claims.
Claims (10)
1. A method for secure booting of an operating system, the method comprising:
Loading a BootROM program in response to the power-on of the operating system;
The digital signature obtained based on the secondary Bootloader pre-signature is verified according to the signature equipment certificate to obtain a first verification result; the digital signature is generated by signing the secondary Bootloader by a signature private key; the signature equipment certificate is issued by a root certificate based on a domestic commercial asymmetric cryptographic algorithm;
Analyzing a kernel protection structure obtained by performing first password operation in advance based on a kernel of the operating system to obtain a first digital signature substructure, a first ciphertext substructure, a first digital envelope substructure and a first key protection substructure; the first digital signature substructure is generated by signing the kernel by a signature private key; the first ciphertext substructure is generated by encrypting the inner core by a symmetric encryption algorithm and a symmetric key; the first digital envelope substructure is generated by encrypting the symmetric key with an encryption device certificate; the first key protection substructure is generated by encrypting an encryption private key by the signature device certificate;
sequentially performing second cryptographic operation on the first key protection substructure, the first digital envelope substructure and the first ciphertext substructure to obtain the kernel, and verifying the first digital signature substructure according to the signature equipment certificate to obtain a second verification result;
and loading the secondary BootLoader and the kernel when the first verification result indicates that the digital signature of the secondary BootLoader is correct and the second verification result indicates that the digital signature of the kernel is correct.
2. The method according to claim 1, wherein the sequentially performing the second cryptographic operation on the first key protection substructure, the first digital envelope substructure, and the first ciphertext substructure to obtain the kernel specifically includes:
decrypting the first key protection substructure according to a signature private key to obtain the encryption private key;
Decrypting the first digital envelope substructure according to the encryption private key to obtain a symmetric key about the symmetric encryption algorithm;
and decrypting the first ciphertext substructure according to the symmetric key to obtain the kernel.
3. The method of claim 1, wherein after loading the secondary Bootloader and the kernel, the method further comprises:
Analyzing a data area protection structure obtained by carrying out first password operation in advance on a data area based on a target process to obtain a second digital signature substructure, a second ciphertext substructure, a second digital envelope substructure and a second key protection substructure; wherein the second digital signature substructure is generated by signing the data region with the signature private key; the second ciphertext substructure is generated by encrypting the data area by a symmetric encryption algorithm and a symmetric key; the second digital envelope substructure is generated by encrypting the symmetric key by the encryption device certificate; the second key protection structure is generated by encrypting the encryption private key by the signature equipment certificate;
sequentially performing a second password operation on the second key protection substructure, the second digital envelope substructure and the second ciphertext substructure to obtain the data area, and verifying the second digital signature substructure according to the signature equipment certificate to obtain a third verification result;
And when the third checking result indicates that the digital signature of the data area is correct, mapping the data area into a data segment to load the target process.
4. A method according to claim 3, wherein said sequentially performing a second cryptographic operation on said second key protection substructure, said second digital envelope substructure, and said second ciphertext substructure to obtain said data region, comprises:
Decrypting the second key protection substructure according to the signature private key to obtain the encryption private key;
decrypting the second digital envelope substructure according to the encryption private key to obtain a symmetric key about the symmetric encryption algorithm;
And decrypting the second ciphertext substructure according to the symmetric key to obtain the data area.
5. The method according to claim 1, wherein the verifying the digital signature according to the signing device certificate obtains a first verification result, specifically comprising:
Loading a root certificate based on a domestic commercial asymmetric cryptographic algorithm, and verifying a signature device certificate according to the root certificate to obtain a fourth verification result;
and when the fourth verification result indicates that the signature equipment certificate is correct, verifying the digital signature obtained based on the secondary Bootloader pre-signature according to the signature equipment certificate to obtain a first verification result.
6. The method of claim 3, wherein the kernel protection structure is formed by splicing the first digital signature substructure, the first ciphertext substructure, the first digital envelope substructure and the first key protection substructure according to TLV format; the security area is formed by splicing the second digital signature substructure, the second ciphertext substructure, the second digital envelope substructure and the second key protection substructure according to a TLV format;
the method comprises the steps of analyzing a kernel protection structure obtained by carrying out first password operation in advance on the basis of a kernel of the operating system to obtain a first digital signature substructure, a first ciphertext substructure, a first digital envelope substructure and a first key protection substructure, and specifically comprises the following steps:
analyzing a kernel protection structure obtained by carrying out first cryptographic operation in advance on the basis of a kernel of the operating system according to the TLV format to obtain a first digital signature substructure, a first ciphertext substructure, a first digital envelope substructure and a first key protection substructure;
The parsing of the secure area protection structure obtained by performing a first cryptographic operation on the data area of the executable and linkable format file based on the target process to obtain a second digital signature substructure, a second ciphertext substructure, a second digital envelope substructure and a second key protection substructure specifically includes:
and analyzing the security area protection structure according to the TLV format to obtain a second digital signature substructure, a second ciphertext substructure, a second digital envelope substructure and a second key protection substructure.
7. A secure launch apparatus for an operating system, said apparatus comprising: the system comprises a first loading module, a first checking module, a first analyzing module, a second password operation module, a second checking module and a second loading module;
the first loading module is used for responding to the power-on of the operating system and loading a BootROM program;
The first verification module is used for verifying a digital signature obtained based on a secondary Bootloader pre-signature according to the signature equipment certificate to obtain a first verification result;
The first analysis module is used for analyzing a kernel protection structure obtained by carrying out first password operation in advance on the basis of a kernel of the operating system to obtain a first digital signature substructure, a first ciphertext substructure, a first digital envelope substructure and a first key protection substructure; the first digital signature substructure is generated by signing the kernel by a signature private key; the first ciphertext substructure is generated by encrypting the inner core by a symmetric encryption algorithm and a symmetric key; the first digital envelope substructure is generated by encrypting the symmetric key with an encryption device certificate; the first key protection substructure is generated by encrypting an encryption private key by the signature device certificate;
The second password operation module is used for sequentially carrying out second password operation on the first key protection substructure, the first digital envelope substructure and the first ciphertext substructure to obtain the kernel;
The second checking module is used for checking the first digital signature substructure according to the signature equipment certificate to obtain a second checking result;
the second loading module is configured to load the second BootLoader and the kernel when the first check result indicates that the digital signature of the second BootLoader is correct, and the second check result indicates that the digital signature of the kernel is correct.
8. The device according to claim 7, wherein the second cryptographic operation module is specifically configured to:
decrypting the first key protection substructure according to a signature private key to obtain the encryption private key;
Decrypting the first digital envelope substructure according to the encryption private key to obtain a symmetric key about the symmetric encryption algorithm;
and decrypting the first ciphertext substructure according to the symmetric key to obtain the kernel.
9. A computer device, comprising:
a memory having a computer program stored thereon;
a processor for executing the computer program in the memory to implement the steps of the secure boot method of the operating system of any of claims 1-6.
10. A computer readable storage medium, on which a computer program is stored, characterized in that the program, when being executed by a processor, implements the method steps of the secure boot method of an operating system according to any of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311595182.7A CN117908972A (en) | 2023-11-27 | 2023-11-27 | Safe starting method of operating system and related products |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311595182.7A CN117908972A (en) | 2023-11-27 | 2023-11-27 | Safe starting method of operating system and related products |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117908972A true CN117908972A (en) | 2024-04-19 |
Family
ID=90694346
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311595182.7A Pending CN117908972A (en) | 2023-11-27 | 2023-11-27 | Safe starting method of operating system and related products |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117908972A (en) |
-
2023
- 2023-11-27 CN CN202311595182.7A patent/CN117908972A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10530753B2 (en) | System and method for secure cloud computing | |
| WO2021184973A1 (en) | External data accessing method and device | |
| US10885197B2 (en) | Merging multiple compute nodes with trusted platform modules utilizing authentication protocol with active trusted platform module provisioning | |
| JP5497171B2 (en) | System and method for providing a secure virtual machine | |
| US9684789B2 (en) | Arbitrary code execution and restricted protected storage access to trusted code | |
| US10726132B2 (en) | Enclave launch and authentication | |
| KR100823738B1 (en) | Method for integrity attestation of a computing platform hiding its configuration information | |
| RU2756040C2 (en) | Addressing trusted execution environment using signature key | |
| JP2012190441A (en) | Remote pre-boot authentication | |
| CN110770729B (en) | Method and apparatus for proving integrity of virtual machine | |
| CN110096894B (en) | Data anonymous sharing system and method based on block chain | |
| CN110730159B (en) | TrustZone-based secure and trusted hybrid system starting method | |
| Schläpfer et al. | Security on IoT devices with secure elements | |
| JP2022553393A (en) | SOFTWARE INTEGRITY PROTECTION METHOD AND APPARATUS AND SOFTWARE INTEGRITY VERIFICATION METHOD AND APPARATUS | |
| CN114035896A (en) | Batch cloud evidence obtaining method based on trusted computing | |
| CN115580413A (en) | Zero-trust multi-party data fusion calculation method and device | |
| US11997192B2 (en) | Technologies for establishing device locality | |
| CN117453343A (en) | Virtual machine measurement and secret calculation authentication method, device, system and storage medium | |
| CN117908972A (en) | Safe starting method of operating system and related products | |
| Huang et al. | Research on Linux trusted boot method based on reverse integrity verification | |
| US11831786B1 (en) | Chain of trust | |
| WO2024079438A1 (en) | A device and a method for performing a cryptographic operation | |
| CN115934258A (en) | Data processing method and device, electronic equipment and storage medium | |
| CN117910057A (en) | Operation method of trusted execution environment, computer architecture system and encrypted hard disk | |
| CN117375910A (en) | Trusted communication method and system based on untrusted cloud FPGA |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |