TW202403545A - Electronic device and control method thereof - Google Patents
Electronic device and control method thereof Download PDFInfo
- Publication number
- TW202403545A TW202403545A TW111125201A TW111125201A TW202403545A TW 202403545 A TW202403545 A TW 202403545A TW 111125201 A TW111125201 A TW 111125201A TW 111125201 A TW111125201 A TW 111125201A TW 202403545 A TW202403545 A TW 202403545A
- Authority
- TW
- Taiwan
- Prior art keywords
- public key
- memory
- characteristic value
- read
- electronic device
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 103
- 238000012795 verification Methods 0.000 claims description 30
- 238000004364 calculation method Methods 0.000 claims description 25
- 238000001994 activation Methods 0.000 claims 1
- 101100020531 Saccharomyces cerevisiae (strain ATCC 204508 / S288c) LAC1 gene Proteins 0.000 description 31
- 101150085401 dgt2 gene Proteins 0.000 description 12
- 238000010586 diagram Methods 0.000 description 6
- 230000006870 function Effects 0.000 description 3
- 230000000977 initiatory effect Effects 0.000 description 3
- 238000002347 injection Methods 0.000 description 2
- 239000007924 injection Substances 0.000 description 2
- 230000000694 effects Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Images
Landscapes
- Electrophonic Musical Instruments (AREA)
- Control Of Electric Motors In General (AREA)
- Storage Device Security (AREA)
Abstract
Description
本發明是關於電子裝置,尤其是關於電子裝置的啟動流程及電子裝置的控制方法。The present invention relates to an electronic device, and in particular to a startup process of the electronic device and a control method of the electronic device.
圖1顯示習知運行Linux系統之電子裝置的啟動流程(boot flow)的示意圖,主要包含以下數個啟動程序:ROM boot(唯讀記憶體(read-only memory, ROM)啟動)110、Miniboot 120、U-boot 130及Kernel(核心)140。ROM boot、Miniboot、U-boot及Kernel為本技術領域具有通常知識者所熟知,故不再贅述。Figure 1 shows a schematic diagram of the boot flow of an electronic device running a Linux system, which mainly includes the following boot procedures: ROM boot (read-only memory (ROM) boot) 110, Miniboot 120 ,
為了避免啟動流程代碼(即韌體)遭到篡改,ROM boot 110會使用公鑰122及簽章(signature)124來驗證(verify)Miniboot 120的真實性(authenticity),而Miniboot 120使用公鑰122及簽章132來驗證U-boot 130的真實性。簽章124與簽章132是使用私鑰對啟動流程代碼(即,Miniboot 120與U-boot 130)進行簽章(sign)所產生之資料,而該私鑰與公鑰122是一密鑰對。In order to prevent the boot process code (i.e. firmware) from being tampered with, the
為防止公鑰122不被篡改,習知技術係將公鑰122儲存於受保護的儲存媒體內,習知技術的缺點在於,公鑰122的大小會大大地影響電子產品的成本(公鑰122愈大,則所需的儲存媒體愈大,成本愈高)。In order to prevent the
鑑於先前技術之不足,本發明之一目的在於提供一種電子裝置及其控制方法,以改善先前技術的不足。In view of the shortcomings of the prior art, one objective of the present invention is to provide an electronic device and a control method thereof to improve the shortcomings of the prior art.
本發明之一實施例提供一種電子裝置,該電子裝置存取儲存一公鑰及該電子裝置之複數個啟動流程代碼之一外部儲存裝置,該電子裝置包含:一唯讀記憶體、一計算電路以及一加密及解密電路。唯讀記憶體用來儲存該公鑰之一第一特徵值。計算電路用來執行該些啟動流程代碼。加密及解密電路用來依據該第一特徵值對該公鑰進行驗證。該公鑰用以驗證該些啟動流程代碼,該第一特徵值的位元數小於該公鑰的位元數。該唯讀記憶體、該計算電路及該加密及解密電路設置於一第一晶片上,而該外部儲存裝置由一第二晶片構成。An embodiment of the present invention provides an electronic device that accesses an external storage device that stores a public key and a plurality of startup process codes of the electronic device. The electronic device includes: a read-only memory and a computing circuit and an encryption and decryption circuit. The read-only memory is used to store one of the first characteristic values of the public key. The computing circuit is used to execute the startup process codes. The encryption and decryption circuit is used to verify the public key based on the first characteristic value. The public key is used to verify the startup process codes, and the number of bits of the first characteristic value is smaller than the number of bits of the public key. The read-only memory, the calculation circuit and the encryption and decryption circuit are provided on a first chip, and the external storage device is composed of a second chip.
本發明之另一實施例提供一種電子裝置的控制方法,該電子裝置包含一唯讀記憶體,該唯讀記憶體儲存一公鑰之一第一特徵值,該方法包含:從一外部儲存裝置讀取該公鑰及該電子裝置之複數個啟動流程代碼;執行該些啟動流程代碼;以及,依據該第一特徵值對該公鑰進行驗證。該公鑰用以驗證該些啟動流程代碼,該第一特徵值的位元數小於該公鑰的位元數。該唯讀記憶體設置於一第一晶片上,而該外部儲存裝置由一第二晶片構成。Another embodiment of the present invention provides a method for controlling an electronic device. The electronic device includes a read-only memory that stores a first characteristic value of a public key. The method includes: obtaining a first characteristic value from an external storage device. Read the public key and a plurality of startup process codes of the electronic device; execute the startup process codes; and verify the public key according to the first characteristic value. The public key is used to verify the startup process codes, and the number of bits of the first characteristic value is smaller than the number of bits of the public key. The read-only memory is disposed on a first chip, and the external storage device is composed of a second chip.
本發明之實施例所體現的技術手段可以改善先前技術之缺點的至少其中之一,因此本發明相較於先前技術可以降低成本。The technical means embodied in the embodiments of the present invention can improve at least one of the shortcomings of the prior art, so the present invention can reduce costs compared with the prior art.
有關本發明的特徵、實作與功效,茲配合圖式作實施例詳細說明如下。The features, implementation and effects of the present invention are described in detail below with reference to the drawings and examples.
以下說明內容之技術用語係參照本技術領域之習慣用語,如本說明書對部分用語有加以說明或定義,該部分用語之解釋係以本說明書之說明或定義為準。The technical terms used in the following description refer to the idioms in the technical field. If some terms are explained or defined in this specification, the explanation or definition of these terms shall prevail.
本發明之揭露內容包含電子裝置及其控制方法。由於本發明之電子裝置所包含之部分元件單獨而言可能為已知元件,因此在不影響該裝置發明之充分揭露及可實施性的前提下,以下說明對於已知元件的細節將予以節略。此外,本發明之電子裝置的控制方法的部分或全部流程可以是軟體及/或韌體之形式,並且可藉由本發明之電子裝置或其等效裝置來執行,在不影響該方法發明之充分揭露及可實施性的前提下,以下方法發明之說明將著重於步驟內容而非硬體。The disclosure of the present invention includes electronic devices and control methods thereof. Since some components included in the electronic device of the present invention may be individually known components, the following description will omit details of the known components without affecting the full disclosure and implementability of the device invention. In addition, part or all of the process of the control method of the electronic device of the present invention can be in the form of software and/or firmware, and can be executed by the electronic device of the present invention or its equivalent device, without affecting the sufficiency of the invention of the method. Under the premise of disclosure and implementability, the following description of the method invention will focus on the step content rather than the hardware.
圖2是本發明電子裝置之一實施例的功能方塊圖。電子裝置201耦接外部記憶體202(例如動態隨機存取記憶體(dynamic random access memory, DRAM))及外部儲存裝置203(例如快閃記憶體(flash memory)、嵌入式多媒體卡(embedded multimedia card, eMMC)或安全數位(secure digital, SD)記憶卡)。外部儲存裝置203儲存電子裝置201的啟動流程代碼Bcode(即,與電子裝置201啟動相關的韌體)及公鑰Pkey。FIG. 2 is a functional block diagram of an electronic device according to an embodiment of the present invention. The
電子裝置201包含計算電路210、儲存控制電路220、唯讀記憶體控制電路230、加密及解密電路240、第一唯讀記憶體250、第二唯讀記憶體260及儲存電路270。儲存電路270包含暫存器272及記憶體274(例如靜態隨機存取記憶體(static random access memory, SRAM))。在一實施例中,電子裝置201由一晶片構成,而計算電路210、儲存控制電路220、唯讀記憶體控制電路230、加密及解密電路240、第一唯讀記憶體250、第二唯讀記憶體260及儲存電路270設置於此晶片上,而外部記憶體202及外部儲存裝置203各由另一晶片構成。The
在一些實施例中,啟動流程代碼Bcode包含圖1之ROM boot以外的部分(其中公鑰Pkey可以對應到公鑰122),而ROM boot儲存於第一唯讀記憶體250。與Miniboot、U-boot及Kernel相關的程式碼可以以影像檔案(image file)的形式儲存於外部儲存裝置203。儲存控制電路220可以在適當的時間從外部儲存裝置203讀取啟動流程代碼Bcode,並且將啟動流程代碼Bcode儲存至外部記憶體202。計算電路210及加密及解密電路240可以存取外部記憶體202以取得啟動流程代碼Bcode。啟動流程代碼Bcode由計算電路210執行。計算電路210可以透過更改暫存器272的暫存值來控制唯讀記憶體控制電路230及加密及解密電路240。In some embodiments, the boot process code Bcode includes parts other than the ROM boot in Figure 1 (where the public key Pkey can correspond to the public key 122), and the ROM boot is stored in the first read-
圖3是本發明電子裝置的控制方法之一實施例的流程圖,包含以下步驟。FIG. 3 is a flow chart of an embodiment of a method for controlling an electronic device of the present invention, including the following steps.
步驟S310:唯讀記憶體控制電路230從第二唯讀記憶體260讀取第一特徵值DGT1。Step S310: The read-only
步驟S320:唯讀記憶體控制電路230將第一特徵值DGT1儲存至儲存電路270,例如,儲存到記憶體274中。Step S320: The read-only
步驟S330:計算電路210執行電子裝置201的啟動流程。以下將配合圖4詳細說明電子裝置201的啟動流程。Step S330: The
如圖3所示,第一特徵值DGT1是在電子裝置201啟動(步驟S330)之前就被從第二唯讀記憶體260讀出(步驟S310),並儲存至儲存電路270(步驟S320)。更明確地說,唯讀記憶體控制電路230被設計為一旦電子裝置201接上電源或是開機就自動執行步驟S310及步驟S320。因為第一特徵值DGT1在電子裝置201的啟動流程中扮演關鍵的角色(將於下方詳述),所以在啟動流程開始之前就先將第一特徵值DGT1備妥有助於提升啟動流程的順暢度及穩定度。As shown in FIG. 3 , the first characteristic value DGT1 is read from the second read-only memory 260 (step S310 ) before the
圖4顯示本發明電子裝置啟動流程之一實施例的流程圖。以下的討論請同時參閱圖2及圖4。FIG. 4 shows a flow chart of an embodiment of the electronic device startup process of the present invention. Please refer to both Figure 2 and Figure 4 for the following discussion.
步驟S410:計算電路210執行ROM boot。更明確地說,計算電路210從第一唯讀記憶體250讀取ROM boot並執行ROM boot。在一實施例中,ROM boot代碼中包含啟動公鑰驗證及啟動Miniboot簽章驗證的指令或代碼,計算電路210執行到啟動公鑰驗證及啟動Miniboot簽章驗證的指令或代碼時會發送控制指令至加密及解密電路240以進行驗證流程。在一實施例中,ROM boot代碼中亦包含將Miniboot代碼自外部儲存裝置203讀取至電子裝置201一記憶體的指令或代碼,其中該記憶體例如可包含於儲存電路270中。Step S410: The
步驟S420:計算電路210及加密及解密電路240驗證Miniboot的簽章。簽章驗證流程將在下方配合圖5詳述。Step S420: The
步驟S430:判斷驗證是否成功(成功代表簽章為真(authentic),即Miniboot沒有被篡改;失敗代表公鑰Pkey及/或簽章為假(inauthentic),即啟動流程代碼Bcode及/或公鑰Pkey可能被篡改)。如果驗證成功,則啟動流程前往步驟S440;否則,結束啟動流程(步驟S490)。Step S430: Determine whether the verification is successful (success means that the signature is authentic (authentic), that is, the Miniboot has not been tampered with; failure means that the public key Pkey and/or the signature is false (inauthentic), that is, the startup process code Bcode and/or the public key Pkey may have been tampered with). If the verification is successful, the startup process proceeds to step S440; otherwise, the startup process ends (step S490).
步驟S440:計算電路210執行Miniboot,即,計算電路210從電子裝置201的記憶體讀取Miniboot並執行。在一實施例中,Miniboot代碼包括用以初始化外部記憶體202的指令或代碼,計算電路210執行Miniboot的過程中包含初始化外部記憶體202的操作。Step S440: The
步驟S450:計算電路210及加密及解密電路240驗證U-boot的簽章。簽章驗證流程將在下方配合圖5詳述。Step S450: The
步驟S460:判斷驗證是否成功。如果驗證成功(代表U-boot沒有被篡改),則啟動流程前往步驟S470;否則,結束啟動流程(步驟S490)。Step S460: Determine whether the verification is successful. If the verification is successful (meaning that U-boot has not been tampered with), the startup process proceeds to step S470; otherwise, the startup process ends (step S490).
步驟S470:計算電路210執行U-boot,即,計算電路210從外部記憶體202讀取U-boot並執行。Step S470: The
步驟S480:計算電路210執行Kernel,即,計算電路210從外部記憶體202讀取Kernel並執行。Step S480: The
步驟S490:結束啟動流程,即,計算電路210停止執行啟動流程。Step S490: End the startup process, that is, the
在一實施例中,在執行步驟S480前,亦可利用計算電路210及加密及解密電路240驗證Kernel的簽章,確認Kernel未被修改後才執行Kernel。In one embodiment, before executing step S480, the
圖5為本發明簽章驗證流程之一實施例的流程圖,主要包含公鑰驗證程序S510及簽章驗證程序S520。以下的討論請同時參閱圖2及圖5。Figure 5 is a flow chart of one embodiment of the signature verification process of the present invention, which mainly includes a public key verification program S510 and a signature verification program S520. Please refer to both Figure 2 and Figure 5 for the following discussion.
公鑰驗證程序S510包含以下步驟。The public key verification procedure S510 includes the following steps.
步驟S512:加密及解密電路240從儲存電路270的記憶體274中讀取第一特徵值DGT1。第一特徵值DGT1已在啟動流程開始之前被儲存於儲存電路270(步驟S320)。在一實施例中,為提高安全性,電子裝置201中僅加密及解密電路240可控制唯讀記憶體控制電路230以自第二唯讀記憶體讀取第一特徵值DGT1,計算電路210並不知道第一特徵值DGT1的位置也無法讀取第一特徵值DGT1。Step S512: The encryption and
步驟S514:計算電路210從外部儲存裝置203讀取公鑰Pkey,並且將公鑰Pkey儲存至儲存電路270的暫存器272。Step S514: The
步驟S516:計算電路210以第一特徵值運算方法對公鑰Pkey進行特徵值運算以得到公鑰Pkey的第二特徵值DGT2,並且將第二特徵值DGT2儲存至儲存電路270的暫存器272。在一實施例中,可由加密及解密電路240對公鑰Pkey進行特徵值運算以得到公鑰Pkey的第二特徵值DGT2。於電子裝置201出廠前,電子裝置201的製造商使用該第一特徵值運算方法對公鑰Pkey進行特徵值運算以得到第一特徵值DGT1,並且將第一特徵值DGT1透過唯讀記憶體控制電路230儲存至第二唯讀記憶體260。在一些實施例中,該第一特徵值運算方法包含但不限於雜湊演算法(亦稱為雜湊函式(Hash function)),而其他的特徵值運算方法亦適用於本案。第一特徵值DGT1的長度(即,位元數)小於公鑰Pkey的長度。Step S516: The
步驟S518:加密及解密電路240從儲存電路270的暫存器272讀取第二特徵值DGT2,並且比對第一特徵值DGT1與第二特徵值DGT2。Step S518: The encryption and
步驟S519:加密及解密電路240判斷第一特徵值DGT1是否等於第二特徵值DGT2。如果第一特徵值DGT1等於第二特徵值DGT2,則進入簽章驗證程序S520;否則,加密及解密電路240判定簽章驗證失敗。Step S519: The encryption and
由於公鑰Pkey的第一特徵值DGT1是以第一特徵值運算方法對公鑰Pkey運算所產生結果(即,第一特徵值DGT1在某種程度上可代表公鑰Pkey),所以在第一特徵值DGT1及第二特徵值DGT2都沒有被篡改的情況下,步驟S519的結果應該為是。然而,如果第一特徵值DGT1及第二特徵值DGT2的任一者被篡改(代表電子裝置201及/或外部儲存裝置203很可能已遭到惡意攻擊),則計算電路210不應該繼續電子裝置201的啟動流程。因此,當步驟S519的結果為否時,加密及解密電路240透過暫存器272通知計算電路210公鑰Pkey為假,並且略過簽章驗證程序S520。當公鑰Pkey為假時,簽章驗證程序S520必將失敗。因此,計算電路210可以根據公鑰Pkey為假來直接認定簽章驗證失敗(即,步驟S430及步驟S460的結果為否)並結束啟動流程(步驟S490)。Since the first eigenvalue DGT1 of the public key Pkey is the result of the operation of the public key Pkey using the first eigenvalue operation method (that is, the first eigenvalue DGT1 can represent the public key Pkey to a certain extent), so in the first If neither the characteristic value DGT1 nor the second characteristic value DGT2 has been tampered with, the result of step S519 should be yes. However, if either of the first characteristic value DGT1 and the second characteristic value DGT2 is tampered with (representing that the
簽章驗證程序S520包含以下步驟。The signature verification procedure S520 includes the following steps.
步驟S522:加密及解密電路240讀取啟動流程代碼Bcode。更明確地說,如果正在執行步驟S420,則加密及解密電路240在此步驟是從儲存電路270讀取與Miniboot相關的程式碼;如果正在執行步驟S450,則加密及解密電路240在此步驟是從外部記憶體202讀取與U-boot相關的程式碼。Step S522: The encryption and
步驟S524:加密及解密電路240使用第二特徵值運算方法對啟動流程代碼Bcode進行運算,以得到啟動流程代碼Bcode的第三特徵值。在一些實施例中,第二特徵值運算方法等於第一特徵值運算方法。Step S524: The encryption and
步驟S526:加密及解密電路240使用公鑰Pkey解密簽章,以得到啟動流程代碼Bcode的第四特徵值。更明確地說,如果正在執行步驟S420,則加密及解密電路240在此步驟是解密Miniboot的簽章(例如圖1之簽章124);如果正在執行步驟S450,則加密及解密電路240在此步驟是解密U-boot的簽章(例如圖1之簽章132)。如果啟動流程代碼Bcode沒有遭到篡改,則第三特徵值應該等於第四特徵值。Step S526: The encryption and
步驟S528:加密及解密電路240判斷第三特徵值是否等於第四特徵值。當第三特徵值不等於第四特徵值時,代表Miniboot(或U-boot)及其簽章的至少其中一者已遭到篡改;此時計算電路210應該停止執行啟動流程。因此,當步驟S528的結果為否時,加密及解密電路240透過暫存器272通知計算電路210簽章驗證失敗。步驟S528的結果為是代表簽章驗證成功。Step S528: The encryption and
綜上所述,因為本發明在第二唯讀記憶體260儲存的是公鑰Pkey的特徵值(而非公鑰Pkey本身),且特徵值的長度小於公鑰Pkey的長度,所以本案可以使用較小的第二唯讀記憶體260(即,降低電子裝置201的成本)。舉例來說,如果公鑰Pkey是RSA2048加密演算法或RSA4096加密演算法之公鑰,則公鑰Pkey的長度是2048位元或4096位元;而且,當第一特徵值DGT1是雜湊函式SHA-256的結果時,第一特徵值DGT1的長度是256位元,只有2048位元或4096位元的1/8或1/16,大幅降低對第二唯讀記憶體260的需求。To sum up, because the present invention stores the characteristic value of the public key Pkey (not the public key Pkey itself) in the second read-
在一些實施例中,第二唯讀記憶體260可以是一次性可編程唯讀記憶體(one time programmable (OTP) read-only memory (ROM))(例如一次性寫入記憶體(one time programmable (OTP) memory)或電子可程式熔絲(electrically programmable fuse, eFuse))。一次性可編程唯讀記憶體可以防止資料被篡改,進一步確保第一特徵值DGT1的真實性。當第二唯讀記憶體260以一次性可編程唯讀記憶體實作時,儲存公鑰Pkey的特徵值(而非公鑰Pkey本身)還可以進一步提高第二唯讀記憶體260的燒錄成功率(即,提高電子裝置201的良率),原因是特徵值的位元數小於公鑰Pkey的位元數(待燒錄的值的位元數愈小,則燒錄的成功率愈高)。In some embodiments, the second read-
圖6為本發明一次性可編程唯讀記憶體之一實施例的示意圖。一次性可編程唯讀記憶體600包含記憶體區塊610及控制位元620。記憶體區塊610可以儲存前述的第一特徵值DGT1,而控制位元620指示記憶體區塊610是否可以被燒錄。當第二唯讀記憶體260以一次性可編程唯讀記憶體600實作時,唯讀記憶體控制電路230根據控制位元620的值決定是否燒錄記憶體區塊610。舉例來說,當控制位元620的值為0時,唯讀記憶體控制電路230才可燒錄記憶體區塊610。當第二唯讀記憶體260以圖6的一次性可編程唯讀記憶體600實作時,本發明的電子裝置的控制方法更包含第二唯讀記憶體260的燒錄控制。燒錄控制的流程如圖7所示,包含以下步驟。FIG. 6 is a schematic diagram of an embodiment of the one-time programmable read-only memory of the present invention. The one-time programmable read-
步驟S710:在對記憶體區塊610進行燒錄之前,唯讀記憶體控制電路230讀取控制位元620的值。Step S710: Before programming the
步驟S720:判斷控制位元620是否等於一預設值(例如位元0)。如果等於,則流程進入步驟S730;否則,流程進入步驟S740。Step S720: Determine whether the
步驟S730:唯讀記憶體控制電路230燒錄記憶體區塊610。Step S730: The read-only
步驟S740:唯讀記憶體控制電路230拒絕燒錄記憶體區塊610。Step S740: The read-only
許多一次性可編程唯讀記憶體是以位元為單位進行燒錄。舉例來說,如果記憶體區塊610被燒錄過後的值為「11111010」,則該值的第0及第2位元仍可以再次被燒錄為1,但其他位元則無法再被燒錄為0。圖7的燒錄控制可以防止記憶體區塊610的資料被篡改或惡意破壞(例如二次燒錄)。Many one-time programmable ROMs are programmed bit by bit. For example, if the value of
在一些實施例中,當第一特徵值運算方法是雜湊演算法(例如密碼雜湊函式(cryptographic hash function))時,第一特徵值DGT1及第二特徵值DGT2皆為公鑰Pkey的雜湊值(即,雜湊演算法的結果,又稱為訊息摘要(message digest)或摘要(digest))。因為雜湊值具有相當的獨特性,所以部分的雜湊值(例如雜湊值的前半部或後半部)就足以代表公鑰Pkey。換句話說,第二唯讀記憶體260可以只儲存部分的第一特徵值DGT1,以進一步降低電子裝置201的成本及提升一次性可編程唯讀記憶體600的燒錄成功率。當第二唯讀記憶體260只儲存部分的第一特徵值DGT1時,加密及解密電路240在步驟S518中以第二特徵值DGT2的相對應部分來與第一特徵值DGT1的該部分做比較。In some embodiments, when the first eigenvalue calculation method is a hash algorithm (such as a cryptographic hash function), the first eigenvalue DGT1 and the second eigenvalue DGT2 are both hash values of the public key Pkey. (That is, the result of a hash algorithm, also called a message digest or digest). Because the hash value is quite unique, a partial hash value (such as the first half or the second half of the hash value) is sufficient to represent the public key Pkey. In other words, the second read-
計算電路210可以是具有程式執行能力的電路或電子元件,例如中央處理器、微處理器、微控制器、微處理單元、數位訊號處理電路(digital signal processor, DSP)或其等效電路。在其他的實施例中,本技術領域具有通常知識者可以根據以上的揭露內容來設計計算電路210,也就是說,計算電路210可以是特殊應用積體電路(Application Specific Integrated Circuit, ASIC)或是由可程式化邏輯裝置(Programmable Logic Device, PLD)等電路或硬體實作。The
在一些實施例中,電子裝置201是一個晶片,而電子裝置201、外部記憶體202及外部儲存裝置203形成一個嵌入式系統。In some embodiments, the
本發明的嵌入式系統同時儲存公鑰Pkey及其第一特徵值DGT1,這有助於電子裝置201有效得知嵌入式系統是否遭受錯誤注入(fault injection)之惡意攻擊。因為如果嵌入式系統遭到錯誤注入之惡意攻擊,則公鑰Pkey及第一特徵值DGT1都會被改變,如此一來公鑰驗證程序S510必然不會成功。The embedded system of the present invention simultaneously stores the public key Pkey and its first characteristic value DGT1, which helps the
前揭實施例雖以電子裝置的啟動流程為例,然此並非對本發明之限制,本技術領域人士可依本發明之揭露適當地將本發明應用於其它類型的資料的簽章驗證程序。Although the foregoing embodiments take the startup process of an electronic device as an example, this is not a limitation of the present invention. Those skilled in the art can appropriately apply the present invention to signature verification procedures of other types of data based on the disclosure of the present invention.
雖然本發明之實施例如上所述,然而該些實施例並非用來限定本發明,本技術領域具有通常知識者可依據本發明之明示或隱含之內容對本發明之技術特徵施以變化,凡此種種變化均可能屬於本發明所尋求之專利保護範疇,換言之,本發明之專利保護範圍須視本說明書之申請專利範圍所界定者為準。Although the embodiments of the present invention are described above, these embodiments are not intended to limit the present invention. Those skilled in the art may make changes to the technical features of the present invention based on the explicit or implicit contents of the present invention. All these changes may fall within the scope of patent protection sought by the present invention. In other words, the patent protection scope of the present invention must be determined by the patent application scope of this specification.
110:唯讀記憶體啟動(ROM boot) 120:Miniboot 122:公鑰 130:U-boot 140:核心(Kernel) 124,132:簽章 201:電子裝置 202:外部記憶體 203:外部儲存裝置 210:計算電路 220:儲存控制電路 230:唯讀記憶體控制電路 240:加密及解密電路 250:第一唯讀記憶體 260:第二唯讀記憶體 270:儲存電路 272:暫存器 274:記憶體 Bcode:啟動流程代碼 Pkey:公鑰 DGT1:第一特徵值 DGT2:第二特徵值 S510:公鑰驗證程序 S520:簽章驗證程序 600:一次性可編程唯讀記憶體 610:記憶體區塊 620:控制位元 S310,S320,S330,S410,S420,S430,S440,S450,S460,S470,S480,S490,S510,S512,S514,S516,S518,S519,S520,S522,S524,S526,S528,S710,S720,S730,S740:步驟 110: Read-only memory boot (ROM boot) 120:Miniboot 122:Public key 130:U-boot 140: Kernel 124,132:Signature 201: Electronic devices 202:External memory 203:External storage device 210: Calculation circuit 220: Storage control circuit 230: Read-only memory control circuit 240: Encryption and decryption circuit 250: First ROM 260: Second ROM 270:Storage circuit 272: Temporary register 274:Memory Bcode: Start process code Pkey: public key DGT1: first eigenvalue DGT2: second eigenvalue S510: Public key verification procedure S520: Signature verification procedure 600: One-time programmable read-only memory 610: Memory block 620: Control bit S310,S320,S330,S410,S420,S430,S440,S450,S460,S470,S480,S490,S510,S512,S514,S516,S518,S519,S520,S522,S524,S526,S528,S710,S720 , S730, S740: steps
圖1顯示習知運行Linux系統之電子裝置的啟動流程的示意圖; 圖2是本發明電子裝置之一實施例的功能方塊圖; 圖3是本發明電子裝置的控制方法之一實施例的流程圖; 圖4顯示本發明電子裝置啟動流程之一實施例的流程圖; 圖5為本發明簽章驗證流程之一實施例的流程圖; 圖6為本發明一次性可編程唯讀記憶體之一實施例的示意圖;以及 圖7為本發明燒錄控制之一實施例的流程圖。 Figure 1 shows a schematic diagram of the startup process of a conventional electronic device running a Linux system; Figure 2 is a functional block diagram of an embodiment of the electronic device of the present invention; Figure 3 is a flow chart of an embodiment of a method for controlling an electronic device according to the present invention; Figure 4 shows a flow chart of one embodiment of the electronic device startup process of the present invention; Figure 5 is a flow chart of one embodiment of the signature verification process of the present invention; Figure 6 is a schematic diagram of an embodiment of the one-time programmable read-only memory of the present invention; and FIG. 7 is a flow chart of one embodiment of the programming control of the present invention.
S510,S512,S514,S516,S518,S519,S520,S522,S524,S526,S528:步驟 S510,S512,S514,S516,S518,S519,S520,S522,S524,S526,S528: Steps
Claims (19)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW111125201A TWI824602B (en) | 2022-07-05 | 2022-07-05 | Electronic device and control method thereof |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW111125201A TWI824602B (en) | 2022-07-05 | 2022-07-05 | Electronic device and control method thereof |
Publications (2)
Publication Number | Publication Date |
---|---|
TWI824602B TWI824602B (en) | 2023-12-01 |
TW202403545A true TW202403545A (en) | 2024-01-16 |
Family
ID=90052927
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW111125201A TWI824602B (en) | 2022-07-05 | 2022-07-05 | Electronic device and control method thereof |
Country Status (1)
Country | Link |
---|---|
TW (1) | TWI824602B (en) |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TW535114B (en) * | 1999-04-30 | 2003-06-01 | Ling-Huei Chen | Safety interface for certification of personal identification document |
CN106295363B (en) * | 2016-07-29 | 2019-05-14 | 北京小米移动软件有限公司 | Startup calibration method and device |
CN108268781B (en) * | 2016-12-30 | 2022-01-04 | 瑞昱半导体股份有限公司 | Electronic element of electronic device, method for starting electronic device and encryption method |
US11385902B2 (en) * | 2019-11-17 | 2022-07-12 | Nuvoton Technology Corporation | Secure firmware management with hierarchical boot sequence using last known good firmware |
CN111984962A (en) * | 2020-09-08 | 2020-11-24 | 英韧科技(上海)有限公司 | Firmware security verification method and device |
-
2022
- 2022-07-05 TW TW111125201A patent/TWI824602B/en active
Also Published As
Publication number | Publication date |
---|---|
TWI824602B (en) | 2023-12-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7461268B2 (en) | E-fuses for storing security version data | |
JP4769608B2 (en) | Information processing apparatus having start verification function | |
JP6373888B2 (en) | Information processing apparatus and control method | |
JP5493951B2 (en) | Information processing apparatus, validity verification method, and program | |
JP2005227995A (en) | Information processor, information processing method and computer program | |
JP7341784B2 (en) | storage device | |
CN110363010B (en) | System safety starting method based on MPSoC chip | |
JP2009003933A (en) | Method, system, and apparatus for encrypting, integrity, and anti-replay protecting data in nonvolatile memory in fault tolerant manner | |
JP2006164273A (en) | Protection booting device and method | |
CN109445705B (en) | Firmware authentication method and solid state disk | |
JP2007133875A (en) | Method and device for safely updating and booting code image | |
CN109814934B (en) | Data processing method, device, readable medium and system | |
JP7101318B2 (en) | Data attestation in memory | |
KR101954439B1 (en) | Soc having double security features, and double security method for soc | |
CN113553115A (en) | Starting method based on heterogeneous multi-core chip and storage medium | |
KR101988404B1 (en) | Soc having double security features, and double security method for soc | |
TWI824602B (en) | Electronic device and control method thereof | |
JP2005332221A (en) | Storage device | |
JP5759827B2 (en) | MEMORY SYSTEM, INFORMATION PROCESSING DEVICE, MEMORY DEVICE, AND MEMORY SYSTEM OPERATION METHOD | |
JP6622360B2 (en) | Information processing device | |
TWI467408B (en) | Embedded devices and control methods thereof | |
US20240005005A1 (en) | Electronic device and control method thereof | |
TWI738020B (en) | Electronic machine and its control method | |
CN114995918A (en) | Starting method and configuration method and device of baseboard management controller and electronic equipment | |
TWI826048B (en) | Data security verification method and electronic apparatus |