TWI773430B - Security activating system and method thereof - Google Patents

Security activating system and method thereof Download PDF

Info

Publication number
TWI773430B
TWI773430B TW110125347A TW110125347A TWI773430B TW I773430 B TWI773430 B TW I773430B TW 110125347 A TW110125347 A TW 110125347A TW 110125347 A TW110125347 A TW 110125347A TW I773430 B TWI773430 B TW I773430B
Authority
TW
Taiwan
Prior art keywords
frequency
time
time point
random number
starter
Prior art date
Application number
TW110125347A
Other languages
Chinese (zh)
Other versions
TW202303424A (en
Inventor
黃文宏
Original Assignee
新唐科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 新唐科技股份有限公司 filed Critical 新唐科技股份有限公司
Priority to TW110125347A priority Critical patent/TWI773430B/en
Priority to CN202110922917.7A priority patent/CN115600207A/en
Application granted granted Critical
Publication of TWI773430B publication Critical patent/TWI773430B/en
Publication of TW202303424A publication Critical patent/TW202303424A/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot

Abstract

A security activating system includes a microcontroller, a random number generator and a clock trim register. The microcontroller includes a bootloader, and the bootloader activates the boot process during the first activation time based on the first frequency. The random number generator transmits the random number. The clock trim register is disposed between the random number generator and the bootloader. The clock trim register adjust the first frequency to the second frequency based on the random number and transmits the second frequency to the bootloader. When the bootloader wants to execute the secure boot process , the bootloader activates the secure boot process at the second time point of the second activation time based on the second frequency. By randomly adjusting frequency, the attack to the microcontroller is prevented.

Description

安全啟動系統及其方法 Safe boot system and method therefor

本發明關於一種利用隨機調整的方式改變工作時間點之安全啟動系統及其方法。 The present invention relates to a safe starting system and method for changing the working time point by means of random adjustment.

在一個受到保護的安全系統中,啟動器(bootloader)則在當系統上電後判斷是否可執行後續的程式。其中,啟動器對可執行程式啟動驗證的檢查,以判斷可執行程式的安全性,唯有通過驗證的可執行程式被執行後,才可確保系統的安全性。然而,若在啟動器執行啟動驗證的步驟因為受到攻擊的關係而沒執行到可執行程式,那麼就無法確保系統的安全性。 In a protected security system, the bootloader determines whether subsequent programs can be executed after the system is powered on. Wherein, the launcher starts the verification of the executable program to judge the security of the executable program, and the security of the system can be ensured only after the executable program that has passed the verification is executed. However, if the step of executing the boot verification on the launcher is attacked and the executable program is not executed, the security of the system cannot be ensured.

舉例來說,故障注入攻擊(Fault Injection Attack)即是可攻擊啟動器關鍵指令的攻擊方式之一。假使駭客可預判出關鍵指令的執行時間點,便可在這時間點對啟動器做攻擊,進而造成可能為不安全的程式被啟動。因此固定不變的啟動器執行時間,對駭客而言反而是一個有利的攻擊條件之一,而愈是固定的執行時間則愈是不安全的執行環境。 For example, Fault Injection Attack is one of the attack methods that can attack the key commands of the launcher. If a hacker can predict the execution time point of a key command, they can attack the launcher at this time point, thereby causing potentially unsafe programs to be activated. Therefore, the fixed execution time of the launcher is one of the favorable attack conditions for hackers, and the more fixed the execution time is, the more insecure the execution environment is.

綜觀前所述,本發明之發明者思索並設計一種安全啟動系統及其方法,以期針對習知技術之缺失加以改善,進而增進產業上之實施利用。 In view of the foregoing, the inventors of the present invention have considered and designed a safe boot system and a method thereof, in order to improve the deficiencies of the prior art, thereby enhancing the implementation and utilization in the industry.

有鑑於上述習知之問題,本發明的目的在於提供一種安全啟動系統及其方法,用以解決習知技術中所面臨之問題。 In view of the above-mentioned conventional problems, an object of the present invention is to provide a safe booting system and a method thereof to solve the problems faced in the prior art.

基於上述目的,本發明提供一種安全啟動系統,其包括程序執行模組和頻率產生模組。當安全啟動系統上電時,程序執行模組根據第一頻率執行啟動程序,而於啟動程序之執行時間中的第一時間點執行安全程序。當安全啟動系統上電時,頻率產生模組根據隨機數產生第一頻率,以隨機改變第一時間點。 Based on the above object, the present invention provides a safe boot system, which includes a program execution module and a frequency generation module. When the secure boot system is powered on, the program execution module executes the boot procedure according to the first frequency, and executes the security procedure at the first time point in the execution time of the boot procedure. When the safe boot system is powered on, the frequency generating module generates the first frequency according to the random number to randomly change the first time point.

可選地,每一次安全啟動系統上電,第一時間點對應隨機數而不同,藉此避免安全啟動系統受到攻擊而不執行安全程序。 Optionally, each time the secure boot system is powered on, the first time point corresponds to a different random number, thereby preventing the secure boot system from being attacked without executing the security program.

基於上述目的,本發明提供一種安全啟動系統,其包括微處理器,微處理器包括啟動器、隨機數調整器以及頻率調整器。啟動器根據第一頻率而於第一啟動時間執行啟動程序。隨機數調整器發送隨機數。頻率調整器連接於隨機數調整器和啟動器之間,當啟動器欲執行安全程序時,頻率調整器根據隨機數調整第一頻率為第二頻率並將其傳輸至啟動器,啟動器根據第二頻率而於第二啟動時間的第二時間點執行安全程序。 Based on the above object, the present invention provides a safe booting system, which includes a microprocessor, and the microprocessor includes a starter, a random number adjuster and a frequency adjuster. The starter executes the start-up procedure at the first start-up time according to the first frequency. The random number adjuster sends random numbers. The frequency adjuster is connected between the random number adjuster and the starter. When the starter wants to execute the safety program, the frequency adjuster adjusts the first frequency to the second frequency according to the random number and transmits it to the starter, and the starter according to the first frequency. The safety procedure is executed at the second time point of the second activation time at the second frequency.

可選地,第二頻率高於第一頻率,第二啟動時間短於第一啟動時間。 Optionally, the second frequency is higher than the first frequency, and the second activation time is shorter than the first activation time.

可選地,第二頻率低於第一頻率,第二啟動時間長於第一啟動時間。 Optionally, the second frequency is lower than the first frequency, and the second activation time is longer than the first activation time.

一種安全啟動方法,其包括:(1)提供啟動器根據第一頻率而於第一啟動時間的第一時間點執行啟動程序。(2)當啟動器欲執行安全程序時, 根據隨機數,控制頻率調整器調整第一頻率為第二頻率並將其傳輸至啟動器。(3)根據第二頻率,控制啟動器於第二啟動時間的第二時間點執行安全啟動程序。 A safe starting method, comprising: (1) providing a starter to execute a starting procedure at a first time point of a first starting time according to a first frequency. (2) When the starter wants to execute the safety program, According to the random number, the control frequency adjuster adjusts the first frequency to the second frequency and transmits it to the starter. (3) According to the second frequency, the starter is controlled to execute the safe start procedure at the second time point of the second start time.

可選地,第二頻率高於第一頻率,第二啟動時間短於第一啟動時間,第二時間點早於第一時間點。 Optionally, the second frequency is higher than the first frequency, the second activation time is shorter than the first activation time, and the second time point is earlier than the first time point.

可選地,第二頻率低於第一頻率,第二啟動時間長於第一啟動時間,第二時間點晚於第一時間點。 Optionally, the second frequency is lower than the first frequency, the second activation time is longer than the first activation time, and the second time point is later than the first time point.

承上所述,本發明之安全啟動系統及其方法,透過頻率調整器對第一時間點的隨機調整,避免駭客無法精確地攻擊微處理器真正執行運作的第二時間點。 As mentioned above, the secure boot system and method of the present invention, through the random adjustment of the first time point by the frequency adjuster, prevent hackers from being unable to accurately attack the second time point when the microprocessor actually executes the operation.

10:啟動器 10: Launcher

20:隨機數調整器 20: Random Number Adjuster

30:頻率調整器 30: Frequency adjuster

40:時脈產生器 40: clock generator

f1,FE1:第一頻率 f1, FE1: the first frequency

f2:第二頻率 f2: second frequency

FG:頻率產生模組 FG: Frequency generation module

MCU:微處理器 MCU: Microprocessor

PE:程序執行模組 PE: program execution module

RN:隨機數 RN: random number

T0,AT1:第一啟動時間 T0, AT1: first start time

T1,T2:第二啟動時間 T1, T2: Second start time

TA,FT:第一時間點 TA,FT: The first time point

TA1,TA2:第二時間點 TA1, TA2: the second time point

S1~S5:步驟 S1~S5: Steps

第1圖為本發明之安全啟動系統之第一實施例的方塊圖。 FIG. 1 is a block diagram of a first embodiment of the secure boot system of the present invention.

第2圖為本發明之安全啟動系統之第二實施例的方塊圖。 FIG. 2 is a block diagram of a second embodiment of the secure boot system of the present invention.

第3A圖為啟動器於第一啟動時間的示意圖。 FIG. 3A is a schematic diagram of the starter at the first start-up time.

第3B圖為啟動器被攻擊的示意圖。 Figure 3B is a schematic diagram of the launcher being attacked.

第3C圖為啟動器之本發明的一實施例於第二啟動時間的示意圖。 FIG. 3C is a schematic diagram of an embodiment of the present invention of the starter at the second start-up time.

第3D圖為啟動器之本發明的另一實施例第二啟動時間的示意圖。 FIG. 3D is a schematic diagram of a second start-up time of the starter according to another embodiment of the present invention.

第4圖為本發明之安全啟動方法的流程圖。 FIG. 4 is a flow chart of the secure boot method of the present invention.

本發明之優點、特徵以及達到之技術方法將參照例示性實施例及所附圖式進行更詳細地描述而更容易理解,且本發明可以不同形式來實現,故不應被理解僅限於此處所陳述的實施例,相反地,對所屬技術領域具有通常知 識者而言,所提供的實施例將使本揭露更加透徹與全面且完整地傳達本發明的範疇,且本發明將僅為所附加的申請專利範圍所定義。 The advantages, features, and technical means of achieving the present invention will be more easily understood by being described in more detail with reference to the exemplary embodiments and the accompanying drawings, and the present invention may be implemented in different forms, so it should not be construed as being limited to what is described herein. The stated embodiments, on the contrary, are commonly known in the art The embodiments are provided so that this disclosure will be thorough, complete and complete to convey the scope of the invention to those skilled in the art, and the invention will only be defined by the appended claims.

應當理解的是,儘管術語「第一」、「第二」等在本發明中可用於描述各種元件、部件、區域、層及/或部分,但是這些元件、部件、區域、層及/或部分不應受這些術語的限制。這些術語僅用於將一個元件、部件、區域、層及/或部分與另一個元件、部件、區域、層及/或部分區分開。因此,下文討論的「第一元件」、「第一部件」、「第一區域」、「第一層」及/或「第一部分」可以被稱為「第二元件」、「第二部件」、「第二區域」、「第二層」及/或「第二部分」,而不悖離本發明的精神和教示。 It will be understood that although the terms "first", "second", etc. may be used herein to describe various elements, components, regions, layers and/or sections, these elements, components, regions, layers and/or sections You should not be limited by these terms. These terms are only used to distinguish one element, component, region, layer and/or section from another element, component, region, layer and/or section. Thus, "first element", "first feature", "first region", "first layer" and/or "first portion" discussed below may be referred to as "second element", "second feature" , "Second Area", "Second Layer" and/or "Second Section" without departing from the spirit and teachings of the present invention.

另外,術語「包括」及/或「包含」指所述特徵、區域、整體、步驟、操作、元件及/或部件的存在,但不排除一個或多個其他特徵、區域、整體、步驟、操作、元件、部件及/或其組合的存在或添加。 Additionally, the terms "comprising" and/or "comprising" refer to the presence of stated features, regions, integers, steps, operations, elements and/or components, but do not exclude one or more other features, regions, integers, steps, operations , elements, components and/or the presence or addition of combinations thereof.

除非另有定義,本發明所使用的所有術語(包括技術和科學術語)具有與本發明所屬技術領域的普通技術人員通常理解的相同含義。將進一步理解的是,諸如在通常使用的字典中定義的那些術語應當被解釋為具有與它們在相關技術和本發明的上下文中的含義一致的定義,並且將不被解釋為理想化或過度正式的意義,除非本文中明確地這樣定義。 Unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. It will be further understood that terms such as those defined in commonly used dictionaries should be construed as having definitions consistent with their meanings in the context of the related art and the present invention, and will not be construed as idealized or overly formal meaning, unless expressly defined as such herein.

請參閱第1圖,其為本發明之安全啟動系統之第一實施例的方塊圖。如第1圖所示,本發明之安全啟動系統,其包括程序執行模組PE和頻率產生模組FG。當安全啟動系統上電時,程序執行模組PE根據第一頻率執行啟動程序,而於啟動程序之執行時間中的第一時間點執行安全程序。當安全啟動系統上電時,頻率產生模組FG根據隨機數RN產生第一頻率FE1,以隨機改變第一時 間點。每一次安全啟動系統上電,第一時間點對應隨機數RN而不同,藉此避免安全啟動系統受到攻擊而不執行安全程序。 Please refer to FIG. 1 , which is a block diagram of a first embodiment of the secure boot system of the present invention. As shown in FIG. 1, the safe boot system of the present invention includes a program execution module PE and a frequency generation module FG. When the secure boot system is powered on, the program execution module PE executes the boot procedure according to the first frequency, and executes the security procedure at the first time point in the execution time of the boot procedure. When the safe boot system is powered on, the frequency generation module FG generates the first frequency FE1 according to the random number RN to randomly change the first frequency point in time. Each time the secure boot system is powered on, the first time point is different corresponding to the random number RN, thereby preventing the secure boot system from being attacked without executing the security program.

請參閱第2圖和第3A圖,其為本發明之安全啟動系統之第二實施例的方塊圖和啟動器於第一啟動時間的示意圖。如第1圖和第2A圖所示,本發明之安全啟動系統,其包括微處理器MCU、隨機數調整器(或稱隨機數產生器)20以及頻率調整器30。微處理器MCU具有啟動器10,啟動器10根據第一頻率f1而於第一啟動時間執行啟動程序,一般而言,啟動器10欲執行安全程序時,啟動器10於第一啟動時間T0的第一時間點TA執行安全程序來啟動合法程式,合法程式為經過安全驗證且用於執行使用者工作的應用程式。隨機數調整器20發送隨機數RN。頻率調整器30連接於隨機數調整器20和啟動器10之間,啟動器10欲執行安全程序時,頻率調整器30根據隨機數RN調整第一頻率f1為第二頻率f2並將其傳輸至啟動器10,啟動器10根據第二頻率f2而於第二啟動時間T1或T2的第二時間點TA1或TA2執行安全程序,啟動器10執行安全程序後接著執行合法程式,合法程式為經過廠商認證的程式。其中,第一頻率f1的調整為微處理器MCU上電後而啟動器10欲執行安全程序的期間,每次啟動器10欲執行安全程序時,每次的隨機數RN皆不同,使第二頻率f2的數值每次皆為隨機,導致第二頻率f2的數值每次皆不同,第二頻率f2相異於第一頻率f1。其中,頻率調整器30可例如為時脈修整暫存器(clock trim register)。 Please refer to FIG. 2 and FIG. 3A , which are a block diagram of a second embodiment of the safe boot system of the present invention and a schematic diagram of the starter at the first startup time. As shown in FIG. 1 and FIG. 2A , the secure boot system of the present invention includes a microprocessor MCU, a random number regulator (or random number generator) 20 and a frequency regulator 30 . The microprocessor MCU has a starter 10, and the starter 10 executes the start-up procedure at the first start-up time according to the first frequency f1. Generally speaking, when the starter 10 wants to execute the safety procedure, the starter 10 executes the start-up procedure at the first start-up time T0. At the first point of time, the TA executes the security program to activate the legal program, and the legal program is an application program that has been verified by security and is used to perform the user's work. The random number adjuster 20 sends the random number RN. The frequency adjuster 30 is connected between the random number adjuster 20 and the initiator 10. When the initiator 10 wants to execute the safety program, the frequency adjuster 30 adjusts the first frequency f1 to the second frequency f2 according to the random number RN and transmits it to The launcher 10, the launcher 10 executes the safety program at the second time point TA1 or TA2 of the second activation time T1 or T2 according to the second frequency f2, and the launcher 10 executes the safety program and then executes the legal program. Certified program. The adjustment of the first frequency f1 is during the period when the starter 10 wants to execute the safety program after the microprocessor MCU is powered on. Every time the starter 10 wants to execute the safety program, the random number RN is different each time, so that the second The value of the frequency f2 is random each time, so that the value of the second frequency f2 is different each time, and the second frequency f2 is different from the first frequency f1. The frequency adjuster 30 may be, for example, a clock trim register.

請參閱第3B圖,其為啟動器被攻擊的示意圖。如第3B圖所示,並搭配第2圖和第3A圖,由於一般的微處理器MCU的第一頻率f1為固定的,於微處理器MCU於上電後,啟動器10則於固定的第一啟動時間T0的固定第一時間點TA執行安全啟動程序,導致第一時間點TA容易被駭客預判出並攻擊,進而使駭客 啟動不合法程式來使啟動器10不完全依照所設定的第一時間點TA運作,使微處理器MCU無法如預期的方式運作,駭客於此時尋找微處理器MCU的漏洞以繞過預設的安全機制或取得受保護的資料。 See Figure 3B, which is a schematic diagram of the launcher being attacked. As shown in Fig. 3B, combined with Fig. 2 and Fig. 3A, since the first frequency f1 of the general microprocessor MCU is fixed, after the microprocessor MCU is powered on, the starter 10 is at a fixed The fixed first time point TA of the first startup time T0 executes the secure startup procedure, so that the first time point TA is easily pre-judged and attacked by hackers, thereby causing hackers to Start the illegal program so that the launcher 10 does not operate completely according to the set first time point TA, so that the microprocessor MCU cannot operate as expected. security mechanisms or access to protected data.

請參閱第3C圖,其為啟動器之本發明的一實施例於第二啟動時間的示意圖。如第3C圖所示,並搭配第2圖,啟動器10欲執行安全程序時,頻率調整器30根據隨機數RN調整第一頻率f1為第二頻率f2,此時隨機數RN為小於1,頻率調整器將原先第一頻率f1和隨機數RN相乘而使第一頻率f1縮小為第二頻率f2,使第二頻率f2低於第一頻率f1(例如第一頻率f1為3.2GHz,第二頻率為2.5GHz),由於第二頻率f2的配置,進而將原先的第一啟動時間T0延長,造成第二啟動時間T1長於第一啟動時間T0(亦即,第二啟動時間T1的量值大於第一啟動時間T0的量值),因第一時間點TA於第一啟動時間T0的相對位置和第二時間點TA1於第二啟動時間T1的相對位置相同,第二時間點TA1因而改變,使第二時間點TA1晚於第一時間點TA(亦即,第二時間點TA1的量值大於第一時間點TA的量值);若駭客仍於第一時間點TA攻擊,經過頻率調整器30的調整,啟動器10於第二啟動時間T1的第二時間點TA1執行安全程序,因第二時間點TA1晚於第一時間點TA,駭客未能成功攻擊微處理器MCU真正運作的第二時間點TA1,啟動器10仍能正常啟動安全程序。 Please refer to FIG. 3C , which is a schematic diagram of the starter at the second start-up time according to an embodiment of the present invention. As shown in FIG. 3C, and in conjunction with FIG. 2, when the starter 10 wants to execute the safety program, the frequency adjuster 30 adjusts the first frequency f1 to the second frequency f2 according to the random number RN. At this time, the random number RN is less than 1. The frequency adjuster multiplies the original first frequency f1 and the random number RN to reduce the first frequency f1 to the second frequency f2, so that the second frequency f2 is lower than the first frequency f1 (for example, the first frequency f1 is 3.2 GHz, the The second frequency is 2.5GHz), due to the configuration of the second frequency f2, the original first start-up time T0 is further extended, resulting in the second start-up time T1 being longer than the first start-up time T0 (that is, the magnitude of the second start-up time T1 greater than the first start time T0), since the relative position of the first time point TA at the first start time T0 and the relative position of the second time point TA1 at the second start time T1 are the same, the second time point TA1 changes accordingly. , so that the second time point TA1 is later than the first time point TA (that is, the magnitude of the second time point TA1 is greater than the magnitude of the first time point TA); if the hacker still attacks at the first time point TA, after After the adjustment of the frequency adjuster 30, the starter 10 executes the security program at the second time point TA1 of the second start time T1. Because the second time point TA1 is later than the first time point TA, the hacker fails to attack the microprocessor MCU. At the second time point TA1 of the actual operation, the launcher 10 can still normally start the safety program.

請參閱第3D圖,其為啟動器之本發明的另一實施例第二啟動時間的示意圖。如第3D圖所示,並搭配第1圖,啟動器10欲執行安全程序時,頻率調整器30根據隨機數RN調整第一頻率f1為第二頻率f2,此時隨機數RN為大於1,頻率調整器將原先第一頻率f1和隨機數RN相乘而使第一頻率f1放大為第二頻率f2,使第二頻率f2高於第一頻率f1(例如第一頻率f1為3.2GHz,第二頻率f2為 5GHz),由於第二頻率f2的配置,進而將原先的第一啟動時間T0縮短,造成第二啟動時間T2短於第一啟動時間T0(亦即,第二啟動時間T2的量值小於第一啟動時間T0的量值),因第一時間點TA於第一啟動時間T0的相對位置和第二時間點TA2於第二啟動時間T2的相對位置相同,第二時間點TA2早於第一時間點TA(亦即,第二時間點TA1的量值小於第一時間點TA的量值);若駭客仍於第一時間點TA攻擊,經過頻率調整器30的調整,啟動器10於第二啟動時間T2的第二時間點TA2執行安全程序,因第二時間點TA2早於第一時間點TA,駭客未能成功攻擊微處理器MCU真正運作的第二時間點TA2,啟動器10仍能正常啟動安全程序。 Please refer to FIG. 3D , which is a schematic diagram of a second start-up time of the starter according to another embodiment of the present invention. As shown in FIG. 3D, and in conjunction with FIG. 1, when the starter 10 wants to execute the safety program, the frequency adjuster 30 adjusts the first frequency f1 to the second frequency f2 according to the random number RN. At this time, the random number RN is greater than 1. The frequency adjuster multiplies the original first frequency f1 and the random number RN to amplify the first frequency f1 to the second frequency f2, so that the second frequency f2 is higher than the first frequency f1 (for example, the first frequency f1 is 3.2 GHz, the The second frequency f2 is 5GHz), due to the configuration of the second frequency f2, the original first start-up time T0 is shortened, causing the second start-up time T2 to be shorter than the first start-up time T0 (that is, the magnitude of the second start-up time T2 is smaller than the first start-up time T0 Start time T0), because the relative position of the first time point TA at the first start time T0 and the relative position of the second time point TA2 at the second start time T2 are the same, the second time point TA2 is earlier than the first time point point TA (that is, the magnitude of the second time point TA1 is smaller than the magnitude of the first time point TA); if the hacker is still attacking at the first time point TA, after the adjustment of the frequency adjuster 30, the starter 10 starts at the first time point TA. 2. The second time point TA2 of the startup time T2 executes the security program. Because the second time point TA2 is earlier than the first time point TA, the hacker fails to successfully attack the second time point TA2 when the microprocessor MCU is actually operating. The launcher 10 The safety program can still be started normally.

因為隨機數RN的配置,使第一頻率f1變為隨機的第二頻率f2(亦即,每次的隨機數RN的數值皆不同),每次啟動器10所接收的第二頻率f2為隨機而使第二頻率f2每次皆不同,第二時間點TA2從而每次都為相異,因此,第二時間點TA2難以被駭客預測並攻擊,使微處理器MCU的工作環境的安全性提升,啟動器10能正常執行安全啟動程序而隨後執行合法程式。 Because of the configuration of the random number RN, the first frequency f1 becomes a random second frequency f2 (that is, the value of the random number RN is different each time), and the second frequency f2 received by the initiator 10 is random each time The second frequency f2 is different each time, so the second time point TA2 is different each time. Therefore, the second time point TA2 is difficult to be predicted and attacked by hackers, which makes the working environment of the microprocessor MCU more secure. With the enhancement, the launcher 10 can normally execute the secure boot procedure and then execute the legitimate procedure.

請參閱第4圖,其為本發明之安全啟動方法的流程圖。如第4圖所示,搭配第1圖、第2A圖、第2C圖和第2D圖,說明本發明之安全啟動方法如下: Please refer to FIG. 4 , which is a flowchart of the secure boot method of the present invention. As shown in Fig. 4, together with Fig. 1, Fig. 2A, Fig. 2C and Fig. 2D, the safe booting method of the present invention is described as follows:

S1步驟:提供具有啟動器10的微處理器MCU。 Step S1: A microprocessor MCU with an initiator 10 is provided.

S2步驟:啟動器10如第2A圖所示根據第一頻率f1而於第一啟動時間T0執行啟動程序,並於第一啟動時間T0的第一時間點TA執行安全程序,頻率調整器30測量及取得第一頻率f1。 Step S2: As shown in FIG. 2A, the starter 10 executes the start-up procedure at the first start-up time T0 according to the first frequency f1, and executes the safety procedure at the first time point TA of the first start-up time T0, and the frequency regulator 30 measures the and obtain the first frequency f1.

S3步驟:啟動器10欲執行安全程序時,利用隨機數調整器20傳輸隨機數RN至頻率調整器30。 Step S3 : when the initiator 10 wants to execute the safety program, the random number adjuster 20 transmits the random number RN to the frequency adjuster 30 .

S4步驟:根據隨機數RN,控制頻率調整器30調整第一頻率f1為第二頻率f2並將其傳輸至啟動器10,第二頻率f2相異於第一頻率f1。 Step S4: According to the random number RN, the frequency adjuster 30 is controlled to adjust the first frequency f1 to a second frequency f2 and transmit it to the starter 10, and the second frequency f2 is different from the first frequency f1.

S5步驟:根據第二頻率f2,控制啟動器10於第二啟動時間T1或T2的第二時間點TA1或TA2執行安全啟動程序。其中,若第二頻率f2高於第一頻率f1,如第2D圖所示,第二啟動時間T2短於第一啟動時間T0,第二時間點TA2早於第一時間點TA;若第二頻率f2低於第一頻率f1,如第2C圖所示,第二啟動時間T1長於第一啟動時間T0,第二時間點TA1晚於第一時間點TA。 Step S5: According to the second frequency f2, the starter 10 is controlled to execute the safe start-up procedure at the second time point TA1 or TA2 of the second start-up time T1 or T2. Wherein, if the second frequency f2 is higher than the first frequency f1, as shown in Figure 2D, the second start-up time T2 is shorter than the first start-up time T0, and the second time point TA2 is earlier than the first time point TA; The frequency f2 is lower than the first frequency f1. As shown in FIG. 2C, the second start-up time T1 is longer than the first start-up time T0, and the second time point TA1 is later than the first time point TA.

根據本發明之安全啟動方法,將啟動器10的工作頻率調整為隨機頻率(亦即,第二頻率f2為隨機),第二啟動時間T1或T2的第二時間點TA1或TA2同樣也為隨機,以達到隨機啟動時間的目的,因此,駭客難以預測第二時間點TA1或TA2來進行攻擊。 According to the safe start method of the present invention, the operating frequency of the starter 10 is adjusted to a random frequency (that is, the second frequency f2 is random), and the second time point TA1 or TA2 of the second start time T1 or T2 is also random. , in order to achieve the purpose of random startup time, therefore, it is difficult for hackers to predict the second time point TA1 or TA2 to attack.

承上所述,本發明之安全啟動系統及其方法,透過頻率調整器30對第一時間點TA的隨機調整,避免駭客無法精確地攻擊微處理器MCU真正執行運作的第二時間點TA2或TA1。 Based on the above, in the secure boot system and method of the present invention, the random adjustment of the first time point TA by the frequency adjuster 30 prevents hackers from being unable to accurately attack the second time point TA2 when the microprocessor MCU is actually running. or TA1.

以上所述僅為舉例性,而非為限制性者。任何未脫離本發明之精神與範疇,而對其進行之等效修改或變更,均應包含於後附之申請專利範圍中。 The above description is exemplary only, not limiting. Any equivalent modifications or changes that do not depart from the spirit and scope of the present invention shall be included in the appended patent application scope.

10:啟動器 10: Launcher

20:隨機數調整器 20: Random Number Adjuster

30:頻率調整器 30: Frequency adjuster

f1:第一頻率 f1: the first frequency

f2:第二頻率 f2: second frequency

MCU:微處理器 MCU: Microprocessor

RN:隨機數 RN: random number

Claims (9)

一種安全啟動系統,其包括:一程序執行模組,當該安全啟動系統上電時,該程序執行模組根據一第一頻率執行一啟動程序,而於該啟動程序之執行時間中的一第一時間點執行一安全程序,該第一時間點於該啟動程序的相對位置固定;以及一頻率產生模組,當該安全啟動系統上電時,該頻率產生模組根據一隨機數產生該第一頻率,以隨機改變該第一時間點。 A safe boot system, comprising: a program execution module, when the safe boot system is powered on, the program execution module executes a boot program according to a first frequency, and at a first time in the execution time of the boot program A safety program is executed at a time point, the first time point is fixed at the relative position of the start-up program; and a frequency generation module, when the safety start-up system is powered on, the frequency generation module generates the first time according to a random number a frequency to randomly change the first time point. 如請求項1所述之安全啟動系統,其中每一次該安全啟動系統上電,該第一時間點對應該隨機數而不同,藉此避免該安全啟動系統受到攻擊而不執行該安全程序。 The secure boot system according to claim 1, wherein each time the secure boot system is powered on, the first time point is different from the random number, thereby preventing the secure boot system from being attacked and not executing the security program. 一種安全啟動系統,其包括:一啟動器,該啟動器根據一第一頻率而於一第一啟動時間的一第一時間點執行一啟動程序;一隨機數調整器,發送一隨機數;以及一頻率調整器,連接於該隨機數調整器和該啟動器之間,當該啟動器欲執行一安全程序時,該頻率調整器根據該隨機數調整該第一頻率為一第二頻率並將其傳輸至該啟動器,該啟動器根據該第二頻率而於一第二啟動時間的一第二時間點執行該安全程序,該第一時間點於該第一啟動時間的相對位置和該第二時間點於該第二啟動時間的相對位置相同。 A safe booting system, comprising: a starter, the starter executes a start-up procedure at a first time point of a first start-up time according to a first frequency; a random number adjuster sends a random number; and A frequency adjuster is connected between the random number adjuster and the starter. When the starter wants to execute a safety program, the frequency adjuster adjusts the first frequency to a second frequency according to the random number and adjusts it to a second frequency. It is transmitted to the initiator, which executes the safety program according to the second frequency at a second time point of a second activation time, the relative position of the first time point at the first activation time and the first activation time. The relative positions of the two time points to the second activation time are the same. 如請求項3所述之安全啟動系統,其中該第二頻率高於該第 一頻率,該第二啟動時間短於該第一啟動時間。 The safe boot system of claim 3, wherein the second frequency is higher than the first frequency a frequency, the second activation time is shorter than the first activation time. 如請求項3所述之安全啟動系統,其中該第二頻率低於該第一頻率,該第二啟動時間長於該第一啟動時間。 The safe activation system of claim 3, wherein the second frequency is lower than the first frequency, and the second activation time is longer than the first activation time. 如請求項3所述之安全啟動系統,其中該啟動器、該隨機數調整器與該頻率調整器係整合於一處理器中。 The secure boot system of claim 3, wherein the initiator, the random number adjuster and the frequency adjuster are integrated into a processor. 一種安全啟動方法,其包括:提供一啟動器根據一第一頻率而於一第一啟動時間的一第一時間點執行一啟動程序;當該啟動器欲執行一安全程序時,根據一隨機數,控制一頻率調整器調整該第一頻率為一第二頻率並將其傳輸至該啟動器;以及根據該第二頻率,控制該啟動器於一第二啟動時間的一第二時間點執行該安全程序,該第一時間點於該第一啟動時間的相對位置和該第二時間點於該第二啟動時間的相對位置相同。 A safety startup method, comprising: providing a starter to execute a start-up procedure at a first time point of a first start-up time according to a first frequency; when the starter wants to execute a safety procedure, according to a random number , controlling a frequency regulator to adjust the first frequency to a second frequency and transmitting it to the starter; and according to the second frequency, controlling the starter to execute the starter at a second time point of a second start time In the safety program, the relative position of the first time point to the first activation time and the relative position of the second time point to the second activation time are the same. 如請求項7所述之安全啟動方法,其中該第二頻率高於該第一頻率,該第二啟動時間短於該第一啟動時間,該第二時間點早於該第一時間點。 The safe activation method of claim 7, wherein the second frequency is higher than the first frequency, the second activation time is shorter than the first activation time, and the second time point is earlier than the first time point. 如請求項7所述之安全啟動方法,其中該第二頻率低於該第一頻率,該第二啟動時間長於該第一啟動時間,該第二時間點晚於該第一時間點。 The safe activation method of claim 7, wherein the second frequency is lower than the first frequency, the second activation time is longer than the first activation time, and the second time point is later than the first time point.
TW110125347A 2021-07-09 2021-07-09 Security activating system and method thereof TWI773430B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
TW110125347A TWI773430B (en) 2021-07-09 2021-07-09 Security activating system and method thereof
CN202110922917.7A CN115600207A (en) 2021-07-09 2021-08-12 Secure boot system and method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW110125347A TWI773430B (en) 2021-07-09 2021-07-09 Security activating system and method thereof

Publications (2)

Publication Number Publication Date
TWI773430B true TWI773430B (en) 2022-08-01
TW202303424A TW202303424A (en) 2023-01-16

Family

ID=83807104

Family Applications (1)

Application Number Title Priority Date Filing Date
TW110125347A TWI773430B (en) 2021-07-09 2021-07-09 Security activating system and method thereof

Country Status (2)

Country Link
CN (1) CN115600207A (en)
TW (1) TWI773430B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107735981A (en) * 2016-02-23 2018-02-23 谷歌有限责任公司 For defending the clock cycle of cipher attack to be randomized
US20200257802A1 (en) * 2017-08-31 2020-08-13 Texas Instruments Incorporated Randomized Execution Countermeasures Against Fault Injection Attacks During Boot Of An Embedded Device

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107735981A (en) * 2016-02-23 2018-02-23 谷歌有限责任公司 For defending the clock cycle of cipher attack to be randomized
US20200257802A1 (en) * 2017-08-31 2020-08-13 Texas Instruments Incorporated Randomized Execution Countermeasures Against Fault Injection Attacks During Boot Of An Embedded Device

Also Published As

Publication number Publication date
CN115600207A (en) 2023-01-13
TW202303424A (en) 2023-01-16

Similar Documents

Publication Publication Date Title
US20190266331A1 (en) Security processor for an embedded system
JP5703391B2 (en) System and method for tamper resistant boot processing
US9292300B2 (en) Electronic device and secure boot method
CA2515711C (en) Deploying and receiving software over a network susceptible to malicious communication
JP4954228B2 (en) Bootloader safety update without knowledge of safety key
US20170308705A1 (en) System, device and method for anti-rollback protection of over-the-air updated device images
CN109522736B (en) Method and system for carrying out password operation in operating system
JP2006018825A (en) System and method for protected operating system boot using state validation
WO2016145679A1 (en) Terminal upgrade method and device
TWI745629B (en) Computer system and method for initializing computer system
TWI773430B (en) Security activating system and method thereof
EP3462361B1 (en) Method for securing runtime execution flow
CN111284450B (en) Method and apparatus for enhancing safety of vehicle controller
US20080104711A1 (en) System and method for an isolated process to control address translation
CN107451463B (en) Method for verifying secure boot function
US7624442B2 (en) Memory security device for flexible software environment
EP3134843A2 (en) System and method for boot sequence modification using chip-restricted instructions residing on an external memory device
CN112307481B (en) System trusted starting method, electronic equipment and computer readable storage medium
JP2021197161A (en) Secure boot at shutdown
JP7317178B1 (en) Information processing equipment
JP2020173806A (en) Safety device and safety method for monitoring system startup
US20230244789A1 (en) Method for booting an electronic device
CN110929283B (en) Hierarchical protection system of UEFI BIOS and corresponding implementation method
WO2011050655A1 (en) Mobile terminal and method for system data anti-cloning thereof
CN115795490B (en) Trusted starting method and device, industrial control host and readable storage medium