CN118133286A - Method and device for starting vehicle controller, readable storage medium and processor - Google Patents
Method and device for starting vehicle controller, readable storage medium and processor Download PDFInfo
- Publication number
- CN118133286A CN118133286A CN202311728440.4A CN202311728440A CN118133286A CN 118133286 A CN118133286 A CN 118133286A CN 202311728440 A CN202311728440 A CN 202311728440A CN 118133286 A CN118133286 A CN 118133286A
- Authority
- CN
- China
- Prior art keywords
- application program
- program
- vehicle controller
- target application
- starting
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 54
- 238000012795 verification Methods 0.000 claims abstract description 187
- 230000004044 response Effects 0.000 claims abstract description 17
- VIEYMVWPECAOCY-UHFFFAOYSA-N 7-amino-4-(chloromethyl)chromen-2-one Chemical compound ClCC1=CC(=O)OC2=CC(N)=CC=C21 VIEYMVWPECAOCY-UHFFFAOYSA-N 0.000 description 38
- 238000005070 sampling Methods 0.000 description 14
- 230000008569 process Effects 0.000 description 13
- 238000004904 shortening Methods 0.000 description 10
- 230000000694 effects Effects 0.000 description 7
- 101150058073 Calm3 gene Proteins 0.000 description 6
- 102100025926 Calmodulin-3 Human genes 0.000 description 6
- 238000011161 development Methods 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 230000008878 coupling Effects 0.000 description 2
- 238000010168 coupling process Methods 0.000 description 2
- 238000005859 coupling reaction Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 101100264195 Caenorhabditis elegans app-1 gene Proteins 0.000 description 1
- 230000006978 adaptation Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Classifications
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B60—VEHICLES IN GENERAL
- B60R—VEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
- B60R16/00—Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for
- B60R16/02—Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for electric constitutive elements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/4401—Bootstrapping
- G06F9/4406—Loading of operating system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44505—Configuring for program initiating, e.g. using registry, configuration files
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44521—Dynamic linking or loading; Link editing at or after load time, e.g. Java class loading
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Mechanical Engineering (AREA)
- Stored Programmes (AREA)
Abstract
The invention discloses a starting method and device of a vehicle controller, a readable storage medium and a processor. Wherein the method comprises the following steps: performing safety verification on a starting management program of a vehicle controller to obtain a first verification result; responding to the first verification result to be safe for starting the management program, and selecting a target application program from at least one application program of the vehicle controller, wherein the target application program is a program associated with safe starting of the vehicle controller in the application program; based on the starting authentication code of the target application program, carrying out safety verification on the target application program to obtain a second verification result; and starting the vehicle controller in response to the second check result being that the target application program is safe. The invention solves the technical problem of longer starting time of the vehicle controller in the early stage.
Description
Technical Field
The invention relates to the technical field of vehicle controllers, in particular to a starting method and device of a vehicle controller, a readable storage medium and a processor.
Background
At present, with the rapid popularization and development of vehicles, a vehicle controller (Micro Controller Unit, abbreviated as MCU) is used as a control center of the vehicle, and before the vehicle is started, strict verification is required to ensure the safety and stability of the vehicle controller, so as to avoid the vehicle runaway or other safety problems caused by the failure of the vehicle controller.
In the related art, before a vehicle starts, a startup management program (Bootstrap Program, abbreviated as BOOT) of the MCU needs to be checked, when the BOOT check is passed, all Application programs (APP) of the MCU are checked, and when all APP checks are passed, the vehicle controller can be started, which results in longer startup time of the vehicle controller and affects basic functions of the vehicle controller.
Aiming at the technical problem that the earlier starting time of the vehicle controller is longer, no effective solution is proposed at present.
Disclosure of Invention
The embodiment of the invention provides a starting method and device of a vehicle controller, a readable storage medium and a processor, which are used for at least solving the technical problem that the early starting time of the vehicle controller is long.
According to an aspect of an embodiment of the present invention, there is provided a method of starting a vehicle controller. The method may include: performing safety verification on a starting management program of a vehicle controller to obtain a first verification result; responding to the first verification result to be safe for starting the management program, and selecting a target application program from at least one application program of the vehicle controller, wherein the target application program is a program associated with safe starting of the vehicle controller in the application program; based on the starting authentication code of the target application program, carrying out safety verification on the target application program to obtain a second verification result; and starting the vehicle controller in response to the second check result being that the target application program is safe.
Optionally, selecting the target application from at least one application of the vehicle controller includes: acquiring an application program sampling rule, wherein the application program sampling rule comprises identification information of an application program to be extracted; and selecting a target application program from at least one application program of the vehicle controller based on the identification information.
Optionally, based on the start authentication code of the target application program, performing security verification on the target application program to obtain a second verification result, including: acquiring an application code of a target application program and an encryption key corresponding to the target application program; and inputting the application code of the target application program and the encryption key corresponding to the target application program into a target verification algorithm to obtain a second verification result.
Optionally, the second verification result includes a target start authentication code of the target application program, and the method further includes: acquiring an original starting authentication code of a target application program; and determining the security of the target application program in response to the target start-up authentication code of the target application program being the same as the original start-up authentication code of the target application program.
Optionally, performing security verification on a startup management program of the vehicle controller to obtain a first verification result, including: acquiring an application code of a startup management program and an encryption key corresponding to the startup management program; and inputting the application code of the starting management program and the encryption key corresponding to the starting management program into a target verification algorithm to obtain a first verification result.
Optionally, the first verification result includes a target startup authentication code of the startup management program, and the method further includes: acquiring an original starting authentication code of a starting management program; and determining that the startup management program is safe in response to the target startup authentication code of the startup management program being the same as the original startup authentication code of the startup management program.
Optionally, the start-up management program of the vehicle controller is stored in a one-time-brush manner.
According to another aspect of the embodiment of the invention, a starting device of a vehicle controller is also provided. The apparatus may include: the first verification unit is used for carrying out safety verification on a starting management program of the vehicle controller to obtain a first verification result; the selecting unit is used for responding to the first verification result to be safe for starting the management program and selecting a target application program from at least one application program of the vehicle controller, wherein the target application program is a program associated with safe starting of the vehicle controller in the application programs; the second verification unit is used for carrying out safety verification on the target application program based on the starting authentication code of the target application program to obtain a second verification result; and the starting unit is used for responding to the second checking result to ensure that the target application program is safe and starting the vehicle controller.
According to another aspect of the embodiments of the present invention, there is also provided a computer-readable storage medium including a stored program, wherein the program when executed by a processor controls a device in which the storage medium is located to perform the method of any one of the embodiments of the present invention.
According to another aspect of an embodiment of the present invention, there is also provided a processor. The processor is configured to execute a program, where the program executes the method according to any one of the embodiments of the present invention.
In the embodiment of the invention, a starting management program of a vehicle controller is subjected to safety verification to obtain a first verification result; responding to the first verification result to be safe for starting the management program, and selecting a target application program from at least one application program of the vehicle controller, wherein the target application program is a program associated with safe starting of the vehicle controller in the application program; based on the starting authentication code of the target application program, carrying out safety verification on the target application program to obtain a second verification result; and starting the vehicle controller in response to the second check result being that the target application program is safe. That is, in the embodiment of the present invention, after the verification of the start-up management program of the vehicle passes, the target application program associated with the safe start-up of the vehicle controller may be selected from the application programs of the vehicle controller, and then the selected target application program is subjected to the safe verification, and when the safety verification of the target application program passes, the vehicle controller is started up. Because the vehicle contains more programs which are not related to the safe starting of the vehicle controller, when the application programs of the vehicle are verified, only the target application programs which are related to the safe starting of the vehicle controller are verified, and all the application programs are not required to be verified safely, so that the problem that the verification time is too long due to the fact that all the application programs are verified is avoided, the aim of shortening the verification time is fulfilled, the technical problem that the early starting time of the vehicle controller is longer is solved, and the technical effect that the early starting time of the vehicle controller is shortened on the basis of ensuring the safe starting of the vehicle controller is realized.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this specification, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute a limitation on the application. In the drawings:
FIG. 1 is a flow chart of a method of starting a vehicle controller according to an embodiment of the invention;
FIG. 2 is a schematic diagram of an AES CMAC verification process according to an embodiment of the invention;
fig. 3 is a schematic view of a starting device of a vehicle controller according to an embodiment of the present invention.
Detailed Description
In order that those skilled in the art will better understand the present invention, a technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present invention without making any inventive effort, shall fall within the scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and the claims of the present invention and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the invention described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, functional unit, or apparatus that comprises a list of steps or units is not necessarily limited to those steps or units that are expressly listed or inherent to such process, method, functional unit, or apparatus.
Example 1
According to an embodiment of the present invention, there is provided an embodiment of a method of starting a vehicle controller, it being noted that the steps shown in the flowchart of the drawings may be performed in a computer system such as a set of computer executable instructions, and that although a logical sequence is shown in the flowchart, in some cases the steps shown or described may be performed in a different order than here.
Fig. 1 is a flowchart of a method for starting a vehicle controller according to an embodiment of the present invention, as shown in fig. 1, the method may include the steps of:
step S101, safety verification is carried out on a starting management program of a vehicle controller, and a first verification result is obtained.
In the technical solution provided in the above step S101 of the present invention, the startup management program may also be referred to as a BOOT program, and the startup management program may be stored using One-Time Password (OTP) to ensure the data security of the startup management program. The first verification result may include at least a target boot authentication code of the boot manager, where the target boot authentication code may be used to indicate the integrity and security of the boot manager, and for example, the target boot authentication code may be a Cipher message authentication code (Cipher-based Message Authentication Code, abbreviated as CMAC) corresponding to the boot manager. The present invention is merely an exemplary embodiment, and the specific content of the first verification result is not limited.
In this embodiment, the startup management program of the vehicle controller may be securely checked by the target check algorithm to obtain the first check result.
For example, the application code of the startup management program and the encryption key corresponding to the startup management program may be input to the target verification algorithm to perform calculation, so as to obtain the first verification result. The target verification algorithm is used for carrying out safety verification based on the application code of the starting management degree, and the encryption key corresponding to the starting management program is used for encrypting the target verification algorithm so as to ensure the safety and reliability of the whole verification process. The encryption KEY corresponding to the startup management program can also be called a BOOT KEY; the target verification algorithm may be an advanced encryption standard message authentication (Advanced Encryption STANDARD CIPHER-based Message Authentication Code, abbreviated AES CMAC) algorithm, which is merely exemplary and is not limited to a particular method of obtaining the first verification result.
Step S102, in response to the first verification result being that the startup management program is safe, selecting a target application program from at least one application program of the vehicle controller.
In the technical solution provided in the above step S102 of the present invention, the application program may be an APP in the MCU, for example, an operating system kernel, a file system, an application library, etc., which are only exemplary and not limited to specific contents of the application program.
In this embodiment, when the first verification result is that the startup management program is safe, the target application program is selected from the application programs of the vehicle controller. For example, the target application may be selected by sampling, which is only an exemplary example and is not limited to a specific method of selecting the target application.
Optionally, the target application program is selected according to the sampling rule by acquiring the sampling rule of the application program.
For example, the preset sampling rule may include identification information of the application to be extracted, such as an interrupt vector table, a certificate, a password, a security credential such as a key, a system configuration file, a debug interface identity verification component, and the like. The target application may be extracted from the applications based on the identification information in the sampling rules.
Optionally, when the first verification result is determined to be safe for the startup management program, whether the startup management program is safe or not may be determined by acquiring an original startup authentication code of the startup management program and comparing the original startup authentication code of the startup management program with a target startup authentication code included in the first verification result. For example, if the original boot authentication code of the boot manager is the same as the target boot authentication code contained in the first verification result, the first verification result may be determined to be secure to the boot manager. The original startup authentication code of the startup management program may be a correct CMAC value corresponding to the startup management program stored in advance.
Step S103, based on the starting authentication code of the target application program, carrying out safety verification on the target application program to obtain a second verification result.
In the technical scheme provided in the step S103, after the target application program is determined, the target application program may be subjected to security verification according to the start authentication code of the target application program, so as to obtain a second verification result.
In this embodiment, the application code of the target application program and the encryption key corresponding to the target application program may be calculated by the target verification algorithm, so as to obtain the second verification result.
For example, the application code of the target application program and the encryption key corresponding to the target application program may be input to the target verification algorithm to perform calculation, so as to obtain the second verification result. The target verification algorithm is used for carrying out safety verification based on the application code of the target application program, and the encryption key corresponding to the target application program is used for encrypting the target verification algorithm so as to ensure the safety and reliability of the whole verification process. The encryption KEY corresponding to the target application program can also be called as APP KEY; the target verification algorithm may be an AES CMAC algorithm, which is merely an exemplary example, and a specific method of obtaining the second verification result is not limited.
Optionally, since only the target application program is subjected to safety verification, the problem that the verification time is too long due to the fact that all application programs are verified is avoided, the purpose of shortening the verification time is achieved, the technical problem that the early-stage starting time of the vehicle controller is long is solved, and the technical effect of shortening the early-stage starting time of the vehicle controller is achieved.
Step S104, the vehicle controller is started in response to the second checking result being that the target application program is safe.
In the technical scheme provided in the step S104, when the second checking result is that the target application program is safe, the vehicle controller is started.
In this embodiment, the vehicle controller is started when the second check result is that the target application is safe, i.e. the APP in the MCU passes the check.
For example, when determining whether the target application program is safe, the original startup authentication code of the target application program may be acquired, and the original startup authentication code of the target application program is compared with the target startup authentication code included in the second verification result, so as to determine whether the target application program is safe. For example, if the original startup authentication code of the target application is the same as the target startup authentication code contained in the second verification result, the second verification result may be determined as the target application security. Otherwise, if the original start-up authentication code of the target application program is not identical to the target start-up authentication code contained in the second check result, it may be determined that the target application program is unsafe, and the vehicle controller is not started up. It should be noted that the above-described embodiments may be performed by the starting device of the vehicle controller.
In the above steps S101 to S104, after the verification of the start-up management program of the vehicle is passed, the target application program associated with the safe start-up of the vehicle controller may be selected from the application programs of the vehicle controller, so as to perform the safe verification of the selected target application program, and when the safe verification of the target application program is passed, the vehicle controller is started up. Because the vehicle contains more programs which are not related to the safe starting of the vehicle controller, when the application programs of the vehicle are verified, only the target application programs which are related to the safe starting of the vehicle controller are verified, and all the application programs are not required to be verified safely, so that the problem that the verification time is too long due to the fact that all the application programs are verified is avoided, the aim of shortening the verification time is fulfilled, the technical problem that the early starting time of the vehicle controller is longer is solved, and the technical effect that the early starting time of the vehicle controller is shortened on the basis of ensuring the safe starting of the vehicle controller is realized.
The above-described method of this embodiment is further described below.
As an alternative embodiment, step S102, selecting a target application from at least one application of the vehicle controller includes: acquiring an application program sampling rule, wherein the application program sampling rule comprises identification information of an application program to be extracted; and selecting a target application program from at least one application program of the vehicle controller based on the identification information.
In this embodiment, the sampling rule of the application program includes identification information of the application program to be extracted, where the application program to be extracted may be an application program that is closely related to safe starting of the vehicle controller, and the identification information of the application program to be extracted may be: interrupt vector tables, certificates, passwords, security credentials such as keys, system configuration files, debug interface authentication components, etc., are merely exemplary examples and are not limited to identifying information of an application to be extracted.
Alternatively, an application sampling rule may be acquired, and the target application may be selected from all applications of the vehicle controller according to identification information of the application to be extracted in the sampling rule.
Optionally, each application program in the vehicle controller corresponds to identification information, and the foregoing description indicates that the sampling rule of the application program includes identification information of the application program to be extracted, based on this, identification information consistent with the identification information to be extracted may be selected from the identification information of the application program according to the identification information of the application program to be extracted included in the application program sampling rule, and the application program identified by the identification information is determined as the target application program.
For example, assume that the identification information included in the sampling rule includes an "interrupt vector table" and a "certificate", where the application identified by the interrupt vector table is APP 1 and the application identified by the "certificate" is APP 2. The identification information to be extracted included in the sampling rule has a "certificate", based on which, after the sampling rule is obtained, an application program identified by the "certificate" can be selected as a target application program, that is, APP 2 is a target application program, according to the identification information "certificate" included in the sampling rule.
As an optional embodiment, step S103, performing security verification on the target application program based on the start-up authentication code of the target application program, to obtain a second verification result, includes: acquiring an application code of a target application program and an encryption key corresponding to the target application program; and inputting the application code of the target application program and the encryption key corresponding to the target application program into a target verification algorithm to obtain a second verification result.
In this embodiment, the application code of the target application program and the encryption key corresponding to the target application program are acquired. The encryption KEY corresponding to the target application program may be an APP KEY, where the encryption KEY of the target application program is used to encrypt an algorithm for performing security verification on the target application program.
Optionally, the application code of the target application program and the encryption key corresponding to the target application program are input into a target verification algorithm for security verification, and a second verification result can be obtained. For example, the target verification algorithm may be an AES CAMC algorithm, which is merely an exemplary example, and the specific contents of the target verification algorithm are not limited.
For example, assuming that the target application program is an operating system kernel, the APP KEY and the application code of the operating system kernel are input into the AES CAMC algorithm, the AES CAMC algorithm performs security verification on the application code of the operating system kernel, the verification process may be encrypted by the APP KEY of the operating system kernel, and the obtained second verification result may include a CMAC value corresponding to the operating system kernel.
As an alternative embodiment, the second check result includes a target start authentication code of the target application program, and the method further includes: acquiring an original starting authentication code of a target application program; and determining the security of the target application program in response to the target start-up authentication code of the target application program being the same as the original start-up authentication code of the target application program.
In this embodiment, the original startup authentication code of the target application is obtained, and the original startup authentication code of the target application is compared with the target startup authentication code of the target application to determine whether the target application is secure. If the original start-up authentication code of the target application is the same as the target start-up authentication code of the target application, then the target application may be determined to be secure. The original startup authentication code of the target application program may be stored in a Read-Only Memory (ROM) to ensure the security of the original startup authentication code of the target application program.
For example, assuming that the target application is an operating system kernel, the original start-up authentication code of the operating system kernel is obtained, and the original start-up authentication code of the operating system kernel is compared with the target start-up authentication code of the operating system kernel, and if the original start-up authentication code of the operating system kernel is the same as the target start-up authentication code of the operating system kernel, the operating system kernel security can be determined. For example, the CMAC value corresponding to the operating system kernel calculated by the target verification algorithm may be compared with a pre-stored CMAC value corresponding to the operating system kernel, and if the two values are consistent, it is indicated that the security verification of the operating system kernel passes; if the two are inconsistent, the kernel security check of the operating system is not passed.
As an optional embodiment, step S103 performs security verification on a startup management program of the vehicle controller to obtain a first verification result, including: acquiring an application code of a startup management program and an encryption key corresponding to the startup management program; and inputting the application code of the starting management program and the encryption key corresponding to the starting management program into a target verification algorithm to obtain a first verification result.
In this embodiment, the application code of the boot manager and the encryption key corresponding to the boot manager are acquired. The encryption KEY corresponding to the startup management program may be a BOOT KEY, where the encryption KEY of the startup management program is used to encrypt an algorithm for performing security verification on the startup management program.
Optionally, an application code of the startup management program and an encryption key corresponding to the startup management program are input into a target verification algorithm to carry out security verification, and a first verification result can be obtained. For example, the target verification algorithm may be an AES CAMC algorithm, which is merely an exemplary example, and the specific contents of the target verification algorithm are not limited.
For example, the BOOT KEY and the application code of the BOOT manager are input into the AES CAMC algorithm, and the AES CAMC algorithm performs verification on the application code of the BOOT manager to obtain a first verification result, where the verification process may be encrypted by the BOOT KEY, and the obtained first verification result may include a CMAC value corresponding to the BOOT manager.
As an alternative embodiment, the first verification result includes a target boot authentication code of the boot management program, and the method further includes: acquiring an original starting authentication code of a starting management program; and determining that the startup management program is safe in response to the target startup authentication code of the startup management program being the same as the original startup authentication code of the startup management program.
In this embodiment, the original boot authentication code of the boot manager is obtained, and the original boot authentication code of the boot manager is compared with the target boot authentication code of the boot manager to determine whether the boot manager is secure. If the original boot authentication code of the boot manager is the same as the target boot authentication code of the boot manager, then the boot manager may be determined to be secure. The original startup authentication code of the startup management program can be stored in the key-only management module, so that the security of the original startup authentication code of the startup management program is ensured.
For example, the CMAC value corresponding to the boot manager calculated by the target verification algorithm may be compared with the CMAC value corresponding to the pre-stored boot manager, and if the two values are consistent, it is indicated that the boot manager passes the security verification; if the two are inconsistent, the startup management program safety verification is not passed.
As an alternative embodiment, the start-up management program of the vehicle controller is stored in a one-time-brush manner.
In this embodiment, the start-up management program of the vehicle controller may be stored in a one-time-brush manner, that is, the start-up management program of the vehicle controller may be OTP stored to avoid tampering of the start-up management program of the vehicle controller.
Optionally, the startup management program and the application program of the vehicle controller are stored in the ROM to ensure the security of the startup management program and the application program, that is, to avoid the startup management program and the application program from being tampered with.
It should be noted that the above-described embodiments may be performed by the starting device of the vehicle controller.
In this embodiment, after the verification of the start-up management program of the vehicle is passed, the target application program associated with the safe start-up of the vehicle controller may be selected from the application programs of the vehicle controller, and then the selected target application program is subjected to the safe verification, and when the target application program passes the safe verification, the vehicle controller is started up. Because the vehicle contains more programs which are not related to the safe starting of the vehicle controller, when the application programs of the vehicle are verified, only the target application programs which are related to the safe starting of the vehicle controller are verified, and all the application programs are not required to be verified safely, so that the problem that the verification time is too long due to the fact that all the application programs are verified is avoided, the aim of shortening the verification time is fulfilled, the technical problem that the early starting time of the vehicle controller is longer is solved, and the technical effect that the early starting time of the vehicle controller is shortened on the basis of ensuring the safe starting of the vehicle controller is realized.
Example 2
The technical solution of the embodiment of the present invention will be illustrated in the following with reference to a preferred embodiment.
With the rapid popularization and development of vehicles, a vehicle controller MCU is used as a control center of the vehicle, and strict verification is required before the vehicle is started.
At present, before a vehicle starts, a BOOT program of an MCU needs to be checked, when the BOOT program passes the verification, all application programs APP of the MCU can be checked, and after all APP checks pass, the vehicle can be started, but because the APP contains a large number of APPs which are irrelevant to the safe starting of the vehicle, the verification time is too long for all APP checks, and therefore, the technical problem of longer early starting time of a vehicle controller still exists.
However, the embodiment of the invention provides an ASIL A level development flow simplification method based on a functional safety standard, by carrying out safety verification on a BOOT program in an MCU, after the BOOT safety verification is passed, selecting an APP closely related to the safety start of a vehicle controller from the APP of the MCU to carry out safety verification, if the APP passes the safety verification, the vehicle controller can be started, and because the vehicle contains more APPs which are not related to the safety start of the MCU, when the APP of the vehicle is verified, only the APP related to the safety start of the MCU is verified, and all the APPs are not required to be subjected to the safety verification, so that the problem of overlong verification time is avoided, the aim of shortening the verification time is fulfilled, the technical problem of longer early start time of the vehicle controller is solved, and the technical effect of shortening the early start time of the vehicle controller on the basis of ensuring the safety start of the vehicle controller is realized.
Embodiments of the present invention are further described below.
FIG. 2 is a schematic diagram of an AES CMAC verification process according to an embodiment of the invention, as shown in FIG. 2, a vehicle controller 200 includes: a read only memory 201 and a hardware security module 202.
The read only memory 201 may store therein: BOOT program 2011, APP program 2012, APP CMAC 2013.
The hardware security module 202 may include: AES CMAC operation module 2021, CMAC 2022, and key management module 2023. The key management module 2023 may include: BOOT CMAC 20231, BOOT encryption key 20232, and APP encryption key 20233. Among them, the BOOT encryption key 20232 and the APP encryption key 20233 may also be referred to as symmetric keys.
In this embodiment, the BOOT program 2011 and the BOOT encryption key 20232 are input to the AES CMAC operation module 2021, the AES CMAC operation module 2021 performs security verification on the BOOT program 2011 to obtain a BOOT verification result, and the BOOT verification result is stored in the CMAC 2022.
Optionally, during the security verification process, AES CMAC operation module 2021 encrypts the security verification process using BOOT encryption key 20232, so as to ensure the security of the data during the security verification process.
Optionally, the CMAC value corresponding to the BOOT program 2011 stored in the CMAC2022 is compared with the BOOT CMAC 20231 stored in the key management module 2023, and if the CMAC value of the BOOT program 2011 stored in the CMAC2022 is the same as the CMAC value stored in the BOOT CMAC 20231, it is determined that the BOOT verification result is acceptable.
Alternatively, when the BOOT verification result is qualified, the APP program 2012 in the read-only memory 201 and the APP encryption key 20233 stored in the key management module 2023 may be input into the AES CMAC operation module 2021, and the AES CMAC operation module 2021 performs security verification on the APP program 2012 to obtain the APP verification result, and stores the APP verification result in the CMAC 2022.
Optionally, during the security check of the APP program 2012 by the AES CMAC operation module 2021, the AES CMAC operation module 2021 encrypts the security check process by using the APP encryption key 20233, so as to ensure the security of the data during the security check process.
Optionally, the APP program 2012 is checked, the obtained check result may be stored in the CMAC2022, and the CMAC value of the APP stored in the CMAC2022 is compared with the CMAC value corresponding to the APP stored in the APP CMAC2013 in the read-only memory 201, and if the two are consistent, the security check of the APP program is qualified.
Optionally, the verification of the APP program 2012 employs a sampling verification method, where the verification content may be: interrupt vector table, security credentials such as certificates, passwords, keys, system configuration files, debug interface authentication components, etc.
For example, APP includes app_s1, app_s2, app_s3 … app_sn; wherein, the correct CMAC corresponding to app_s1 is app_s1_cmac, the correct CMAC corresponding to app_s2_cmac, the correct CMAC corresponding to app_s3 is app_s3_cmac … _appsn is app_sn_cmac, and if the extracted APP is app_s1, the APP is checked by using app_s1_cmac.
Alternatively, the CMAC value obtained by the verification stored in the APP verification result may be compared with the correct CMAC value corresponding to the APP stored in APP CMAC 2013, and if the two are consistent, the verification is passed, and if the two are inconsistent, the APP verification is not passed.
Optionally, when the BOOT check result and the APP check result are both qualified, the vehicle MCU is continuously started.
In the embodiment of the invention, the BOOT in the MCU is subjected to safety verification, after the BOOT passes the safety verification, the APP closely related to the safe starting of the vehicle controller is selected from the APP of the MCU to carry out the safety verification, if the APP passes the safety verification, the vehicle controller can be started, and as the vehicle contains more APP which is not related to the safe starting of the MCU, only the APP related to the safe starting of the MCU is verified when the APP of the vehicle is verified, all the APP is not required to be subjected to the safety verification, the problem of overlong verification time caused by the verification of all the APP is avoided, the aim of shortening the verification time is fulfilled, the technical problem of longer early starting time of the vehicle controller is further solved, and the technical effect of shortening the early starting time of the vehicle controller on the basis of ensuring the safe starting of the vehicle controller is realized.
Example 3
According to the embodiment of the invention, a starting device of the vehicle controller is also provided. The starting device of the vehicle controller may be used to execute the starting method of the vehicle controller in embodiment 1.
Fig. 3 is a schematic view of a starting device of a vehicle controller according to an embodiment of the present invention. As shown in fig. 3, the starting device 300 of the vehicle controller may include: a first checking unit 301, a selecting unit 302, a second checking unit 303 and a starting unit 304.
The first verification unit 301 is configured to perform security verification on a startup management program of the vehicle controller, to obtain a first verification result.
And the selecting unit 302 is configured to select a target application program from at least one application program of the vehicle controller in response to the first verification result being that the startup management program is safe, where the target application program is a program associated with safe startup of the vehicle controller in the application programs.
And the second checking unit 303 is configured to perform security check on the target application program based on the start authentication code of the target application program, so as to obtain a second checking result.
And a starting unit 304, configured to start the vehicle controller in response to the second test result being that the target application program is safe.
Optionally, the selecting unit 302 may include: the first acquisition module is used for acquiring an application program sampling rule, wherein the application program sampling rule comprises identification information of an application program to be extracted; and the selecting module is used for selecting a target application program from at least one application program of the vehicle controller based on the identification information.
Optionally, the second checking unit 303 may include: the second acquisition module is used for acquiring the application code of the target application program and the encryption key corresponding to the target application program; the first input module is used for inputting the application code of the target application program and the encryption key corresponding to the target application program into the target verification algorithm to obtain a second verification result.
Optionally, the second checking unit 303 may further include: the third acquisition module is used for acquiring an original starting authentication code of the target application program; and the first determining module is used for determining the security of the target application program in response to the fact that the target starting authentication code of the target application program is identical to the original starting authentication code of the target application program.
Optionally, the second checking unit 303 may further include: a fourth obtaining module, configured to obtain an application code of the startup management program and an encryption key corresponding to the startup management program; and the second input module is used for inputting the application code of the startup management program and the encryption key corresponding to the startup management program into the target verification algorithm to obtain a first verification result.
Optionally, the second checking unit 303 may further include: a fifth acquisition module, configured to acquire an original startup authentication code of the startup management program; and the second determining module is used for determining the security of the startup management program in response to the fact that the target startup authentication code of the startup management program is the same as the original startup authentication code of the startup management program.
In this embodiment, after the verification of the start-up management program of the vehicle is passed, the target application program associated with the safe start-up of the vehicle controller may be selected from the application programs of the vehicle controller, and then the selected target application program is subjected to the safe verification, and when the target application program passes the safe verification, the vehicle controller is started up. Because the vehicle contains more programs which are not related to the safe starting of the vehicle controller, when the application programs of the vehicle are verified, only the target application programs which are related to the safe starting of the vehicle controller are verified, and all the application programs are not required to be verified safely, so that the problem that the verification time is too long due to the fact that all the application programs are verified is avoided, the aim of shortening the verification time is fulfilled, the technical problem that the early starting time of the vehicle controller is longer is solved, and the technical effect that the early starting time of the vehicle controller is shortened on the basis of ensuring the safe starting of the vehicle controller is realized.
Example 4
According to an embodiment of the present invention, there is also provided a computer-readable storage medium including a stored program, wherein the program executes the start-up method of the vehicle controller in embodiment 1.
Example 5
According to an embodiment of the present invention, there is also provided a processor for running a program, wherein the program executes the start-up method of the vehicle controller in embodiment 1 when running.
The foregoing embodiment numbers of the present invention are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments.
In the foregoing embodiments of the present invention, the descriptions of the embodiments are emphasized, and for a portion of this disclosure that is not described in detail in this embodiment, reference is made to the related descriptions of other embodiments.
In the several embodiments provided in the present application, it should be understood that the disclosed technology may be implemented in other manners. The above-described embodiments of the apparatus are merely exemplary, and the division of units may be a logic function division, and there may be another division manner in actual implementation, for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some interfaces, units or modules, or may be in electrical or other forms.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone functional units, may be stored in a computer-readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in essence or a part contributing to the prior art or all or part of the technical solution in the form of a software functional component stored in a storage medium, including several instructions for causing a computer device (which may be a personal computer, a server or a network device, etc.) to perform all or part of the steps of the methods of the embodiments of the present invention. And the aforementioned storage medium includes: a usb disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a removable hard disk, a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The foregoing is merely a preferred embodiment of the present invention and it should be noted that modifications and adaptations to those skilled in the art may be made without departing from the principles of the present invention, which are intended to be comprehended within the scope of the present invention.
Claims (10)
1. A method of starting a vehicle controller, comprising:
performing safety verification on a starting management program of a vehicle controller to obtain a first verification result;
responding to the first verification result to be the safety of the starting management program, and selecting a target application program from at least one application program of the vehicle controller, wherein the target application program is a program associated with the safety starting of the vehicle controller in the application program;
Based on the starting authentication code of the target application program, carrying out security verification on the target application program to obtain a second verification result;
and starting the vehicle controller in response to the second check result being that the target application program is safe.
2. The method of claim 1, wherein selecting the target application from at least one application of the vehicle controller comprises:
acquiring an application program sampling rule, wherein the application program sampling rule comprises identification information of an application program to be extracted;
And selecting the target application program from the at least one application program of the vehicle controller based on the identification information.
3. The method of claim 1, wherein the security check is performed on the target application based on a start-up authentication code of the target application to obtain a second check result, comprising:
Acquiring an application code of the target application program and an encryption key corresponding to the target application program;
and inputting the application code of the target application program and the encryption key corresponding to the target application program into a target verification algorithm to obtain a second verification result.
4. A method according to claim 3, wherein the second check result includes a target boot authentication code for the target application, the method further comprising:
acquiring an original starting authentication code of the target application program;
And determining that the target application is secure in response to the target launch authentication code of the target application being the same as the original launch authentication code of the target application.
5. The method of claim 1, wherein the security check of the start-up management program of the vehicle controller to obtain the first check result comprises
Acquiring an application code of the starting management program and an encryption key corresponding to the starting management program;
and inputting the application code of the starting management program and the encryption key corresponding to the starting management program into a target verification algorithm to obtain the first verification result.
6. The method of claim 5, wherein the first check result includes the target boot authentication code of the boot manager, the method further comprising:
Acquiring an original starting authentication code of the starting management program;
And determining that the boot manager is secure in response to the target boot authentication code of the boot manager being the same as an original boot authentication code of the boot manager.
7. The method according to any one of claims 1 to 6, characterized in that the start-up management program of the vehicle controller is stored in a one-time-brush manner.
8. A starting device of a vehicle controller, characterized by comprising:
The first verification unit is used for carrying out safety verification on a starting management program of the vehicle controller to obtain a first verification result;
A selecting unit, configured to select a target application program from at least one application program of the vehicle controller in response to the first verification result being that the startup management program is safe, where the target application program is a program associated with the safe startup of the vehicle controller in the application program;
the second verification unit is used for carrying out safety verification on the target application program based on the starting authentication code of the target application program to obtain a second verification result;
And the starting unit is used for responding to the second checking result to ensure that the target application program is safe and starting the vehicle controller.
9. A computer readable storage medium, characterized in that the computer readable storage medium comprises a stored program, wherein the program, when run by a processor, controls a device in which the storage medium is located to perform the method of any one of claims 1 to 7.
10. A processor for running a program, wherein the program when run performs the method of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311728440.4A CN118133286A (en) | 2023-12-14 | 2023-12-14 | Method and device for starting vehicle controller, readable storage medium and processor |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311728440.4A CN118133286A (en) | 2023-12-14 | 2023-12-14 | Method and device for starting vehicle controller, readable storage medium and processor |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN118133286A true CN118133286A (en) | 2024-06-04 |
Family
ID=91234362
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311728440.4A Pending CN118133286A (en) | 2023-12-14 | 2023-12-14 | Method and device for starting vehicle controller, readable storage medium and processor |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN118133286A (en) |
-
2023
- 2023-12-14 CN CN202311728440.4A patent/CN118133286A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109684790B (en) | Software starting method, software authorization verification method, device and storage medium | |
| CN106293691B (en) | Method and apparatus for providing digital certificates | |
| CN110990084B (en) | Chip secure starting method and device, storage medium and terminal | |
| CN103329095B (en) | Authenticate a hypervisor with encoded information | |
| TW201635186A (en) | System and method for computing device with improved firmware service security using credential-derived encryption key | |
| JPH10282884A (en) | Data processing method and its system | |
| CN110688660B (en) | Method and device for safely starting terminal and storage medium | |
| CN108345805B (en) | Method and device for verifying firmware | |
| CN108427888A (en) | File signature method, file verification method and corresponding intrument and equipment | |
| WO2018076648A1 (en) | Secure enabling method and device for chip, and computer storage medium | |
| CN112148314B (en) | Mirror image verification method, device and equipment of embedded system and storage medium | |
| AU2015390172A1 (en) | Usage control method and system for medical detection device and medical detection device | |
| CN109117643B (en) | System processing method and related equipment | |
| US20050125659A1 (en) | Method and device for authenticating digital data by means of an authentication extension module | |
| CN115934194A (en) | Controller starting method and device, electronic equipment and storage medium | |
| KR101425456B1 (en) | Information generation system and method therefor | |
| CN115168866A (en) | Processor safety starting method and processor | |
| CN109033818B (en) | Terminal, authentication method, and computer-readable storage medium | |
| US9286459B2 (en) | Authorized remote access to an operating system hosted by a virtual machine | |
| CN113448681B (en) | Registration method, equipment and storage medium of virtual machine monitor public key | |
| CN112861137A (en) | Secure firmware | |
| CN116032484A (en) | Method and device for safely starting communication equipment and electronic equipment | |
| CN116561734A (en) | Verification method, verification device, computer and computer configuration system | |
| CN118133286A (en) | Method and device for starting vehicle controller, readable storage medium and processor | |
| CN114764347A (en) | Program verification system and method of multi-core controller and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |