WO2017133559A1 - Secure boot method and device - Google Patents

Secure boot method and device Download PDF

Info

Publication number
WO2017133559A1
WO2017133559A1 PCT/CN2017/072296 CN2017072296W WO2017133559A1 WO 2017133559 A1 WO2017133559 A1 WO 2017133559A1 CN 2017072296 W CN2017072296 W CN 2017072296W WO 2017133559 A1 WO2017133559 A1 WO 2017133559A1
Authority
WO
WIPO (PCT)
Prior art keywords
startup
value
boot
standard
image
Prior art date
Application number
PCT/CN2017/072296
Other languages
French (fr)
Chinese (zh)
Inventor
冉小凯
盛志凡
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2017133559A1 publication Critical patent/WO2017133559A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/572Secure firmware programming, e.g. of basic input output system [BIOS]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/4401Bootstrapping

Definitions

  • the present disclosure relates to the field of security technology, for example, to a secure boot method and apparatus.
  • booting The process from power-on to full-running is called booting. There are generally two boot modes for booting, one for trusted boot and the other for secure boot.
  • Trusted startup is to measure the startup items that need to be run, whether it is safe or not, continue to run the startup item, and then notify the verifier of the measurement result of the startup item, and the authenticator evaluates the security status of the running device.
  • Secure boot means that in addition to the Core Root of trusted measurement (CRTM), the security of the boot entry is evaluated before each boot entry is run, only if the boot entry is secure. Continue to run the startup item, otherwise, refuse to run and issue an alarm.
  • CRTM Core Root of trusted measurement
  • a safe boot method is disclosed in the Chinese Patent Publication No. 102136044A, which is issued on July 27, 2011.
  • the scheme is roughly as follows: the startup component having the operation control right calls the decapsulation function in the trusted platform module TPM.
  • the decapsulation function is called to obtain a value in a platform configuration register PCR corresponding to the current startup component having operation control right when the startup component having operation control is executed, which has the current value
  • the operation control is provided.
  • the startup component returns the decryption key; decrypts the next cryptographic component to be started by using the decryption key returned by the call, and measures the decrypted startup component, obtains a metric value, and controls the TPM to decrypt the metric value and the decryption key
  • the value in the PCR corresponding to the obtained startup component is hashed, and the result of the hash operation is obtained as the current decryption.
  • Component value corresponding to a PCR the assembly operation of handing over control to start the decryption obtained, returning to step A, until all the starting components of the device to complete start.
  • the solution utilizes a security chip and a sealing and de-sealing operation to decrypt and mirror the boot component and extend the measurement results to the PCR register of the security chip. This essentially guarantees the security of the boot by digital signature. Since the security chip's sealing and unsealing operations use standard asymmetric encryption algorithms, the algorithm specifies that the decrypted data length should not be greater than the secret key length, so each time it can be decrypted The data is less than 150 bytes, so this method can guarantee the correctness of the boot image, but there are serious efficiency problems.
  • the number of boot images in the system boot chain is limited to be less than the number of PCR registers in the platform; if the metric value of the boot image is extended to the platform.
  • the scheme faces serious limitations when upgrading the system: because the upgrade of one mirror in the boot chain will affect the back of the boot chain. All mirrors must be re-measured and extended for each subsequent boot image. This approach makes the system upgrade process extremely cumbersome.
  • the main technical problem to be solved by the present disclosure is to provide a security startup method for solving the technical problems of low startup efficiency and complicated system upgrade process caused by the digital signature method in the related art.
  • a secure booting method which includes:
  • the startup startup item in the startup chain reads the startup image of its lower-level startup item
  • reading the startup image of the lower-level startup item includes: reading an installation location and a size of the lower-level startup item.
  • the security chip includes: a trusted password module or a trusted platform module.
  • calculating a security verification value of the startup image includes: calculating a hash value of the startup image according to a domestic password hash algorithm.
  • the startup mirror of the lower-level startup item is read at the upper-level startup item As before, it also includes: installing the subordinate boot items to consecutive sectors of the disk.
  • the method further includes: when the lower-level startup item is initially deployed or updated, the standard verification value of the startup image is stored in the security chip by means of authorizing writing.
  • the present disclosure also provides a secure boot device, including a security chip, a superior boot entry in a boot chain, and a subordinate boot entry thereof;
  • the superior startup item includes:
  • a mirror reading module configured to read a startup image of the subordinate startup item
  • a calculation module configured to calculate a security verification value of the startup image
  • a standard value reading module configured to read, by means of an unauthorized read, a standard validity value corresponding to the startup image stored in the security chip;
  • control module configured to compare the security challenge value and the standard validation value, if the security validation value matches the standard validation value, initiate the subordinate startup item; if the security validation value and the location The standard validity values do not match and stop starting.
  • the startup image of the lower-level startup item read by the image reading module includes: reading the installation location and size of the lower-level startup item.
  • the security chip includes: a trusted password module or a trusted platform module.
  • the computing module is configured to calculate a hash value of the boot image according to a domestic password hash algorithm.
  • the method further includes an installation unit configured to install the lower-level startup item to a continuous sector of the disk before the upper-level startup item reads the startup image of the lower-level startup item.
  • the method further includes a standard value storage unit configured to store, in the initial deployment or update of the subordinate startup item, a standard validity value of the startup image in an authorized write manner.
  • a standard value storage unit configured to store, in the initial deployment or update of the subordinate startup item, a standard validity value of the startup image in an authorized write manner.
  • Embodiments of the present disclosure also provide a non-transitory computer readable storage medium storing computer executable instructions arranged to perform the above method.
  • An embodiment of the present disclosure further provides an electronic device, including:
  • At least one processor At least one processor
  • the memory stores instructions executable by the at least one processor, the instructions being executed by the at least one processor to cause the at least one processor to perform the method described above.
  • the security startup method provided by the present disclosure establishes a mechanism for the superior startup item in the startup chain to verify the security of the lower-level startup item, and stores the standard verification value of the startup image of the lower-level startup item in the security chip, and when the superior startup item tests the lower level
  • the standard validity value corresponding to the lower-level startup item is obtained from the security chip by the unauthorized read mode, and the standard validity value is compared with the calculated security verification value of the startup image of the lower-level startup item, and the security test is passed. Whether the value matches the standard validation value to determine the security of the subordinate startup item.
  • This startup method avoids the technical problem of low startup efficiency caused by the use of the de-sealing mechanism by the length of the decrypted data in the related art.
  • it is only necessary to update the standard verification value of the startup item that needs to be updated to the security chip when the system is updated, and does not affect other startup items that do not need to be updated, thereby simplifying the system. Upgrade process.
  • FIG. 1 is a flowchart of a secure booting method according to Embodiment 1 of the present disclosure
  • FIG. 2 is a flowchart of a GRUB update according to Embodiment 1 of the present disclosure
  • FIG. 3 is a flowchart of kernel update according to Embodiment 1 of the present disclosure.
  • FIG. 5 is a schematic diagram of an apparatus for a safety starting device according to Embodiment 2 of the present disclosure.
  • FIG. 6 is a schematic diagram of another apparatus for a safety starting device according to Embodiment 2 of the present disclosure.
  • FIG. 7 is a schematic diagram of another apparatus for a safety starting device according to Embodiment 2 of the present disclosure.
  • Figure 8 is a schematic diagram of the standard value storage unit of Figure 7;
  • FIG. 9 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure.
  • Embodiment 1 is a diagrammatic representation of Embodiment 1:
  • FIG. 1 Please refer to FIG. 1:
  • the upper-level startup item in the startup chain reads the startup image of the lower-level startup item.
  • the startup chain here is virtual. It is used to represent a trust relationship.
  • the superior startup item in the startup chain can trust its lower-level startup item.
  • the lower-level startup item can only be started and obtained after the superior startup item passes its validation.
  • Operation rights for example, in a computer system, BIOS (Basic Input Output System) and GRUB (GRand Unified Bootloader) are in a subordinate relationship.
  • BIOS Basic Input Output System
  • GRUB GRand Unified Bootloader
  • the startup of GRUB needs to be verified by the BIOS. After GRUB's validation, GRUB obtains the operation right and continues to work on its subordinate startup items, so that the superior starts the subordinate until all the startup items in the startup chain are started.
  • the upper boot entry and the lower startup entry are not necessarily two adjacent startup entries in the startup chain, for example, a startup chain given in this implementation.
  • the "BIOS-GRUB-kernel-root file system” in theory, it should be verified by GRUB kernel, and then the kernel can verify the root file system.
  • this method is also feasible, but in practical applications, it can be GRUB first validates the kernel and then validates the root file system.
  • the startup image of the subordinate startup item contains some information about the subordinate startup items, such as the installation time of the subordinate startup item or the latest update time, etc., or the installation location and size of the subordinate startup item, which is the lower level startup item calculation subordinate startup.
  • the security check value of the item is an indispensable basis. At the same time, when the system is first deployed or the startup item is updated, the standard validity value stored in the security chip must also be obtained according to the startup image.
  • the security verification value of the startup image of the subordinate startup item is obtained by inputting the read startup image as an input according to an algorithm.
  • a commonly used algorithm may be a symmetric encryption algorithm, an asymmetric encryption algorithm, or a hash algorithm.
  • a hash algorithm may be used to calculate a security challenge value.
  • the image information can be read first and the security validation value can be calculated before the standard validation value is obtained. It can be reversed, or both processes can be performed simultaneously.
  • the security chip includes a Trusted Cryptography Module (TCM) and a Trusted Platform Module (TPM). It can be understood that when the TCM is selected as the security chip, the corresponding storage is performed.
  • TCM Trusted Cryptography Module
  • TPM Trusted Platform Module
  • the standard validity value of the boot image on it should be based on the domestic cryptographic algorithm identified by the National Cryptographic Office, that is, the hash algorithm in the commercial password to calculate the hash value. Similarly, the security check value of the boot image of the lower-level boot entry at this time. It should also be calculated based on the hash algorithm in the domestic cryptographic algorithm.
  • the standard validity value stored in the security chip is written into the security chip by means of authorization writing after the system is first deployed or the startup item is updated.
  • the area used to store the standard validity value in the security chip belongs to the non-variable area.
  • the attribute is defined as "read unauthorized, write authorization", that is, no authorization is required for reading, but authorization is required for writing. Since the initial deployment of the startup item is similar to the update, the installation and update process is explained below with the startup process of the startup item. Please refer to Figure 2 - Figure 4:
  • the remaining mirrors of the MBR and the GRUB are separately installed to different locations, but in this embodiment, the MBR of the GRUB and the remaining mirrors are selected to be written in consecutive sectors, and the stage 1.5 of the GRBU is removed. Stage1.5 is used to identify and read the file system, but at some point, it does not need to use another process to read the file system at startup, so in this example, when updating the GRUB startup item, Stage1.5 is not installed.
  • the GRUB image after installation should be read. It is not advisable to directly use the compiled GURB image. Instead, the image should be mirrored after installation using the bare disk. Input of standard validity values.
  • an application is sent to the administrator to obtain the write permission of the security chip.
  • the write permission of the security chip NV storage area is obtained, and the NV storage area refers to the non-change storage area; if the administrator agrees The response data will be given when the response is received.
  • the calculated standard validity value is written into the storage area for use in an unauthorized read mode when the system starts GRUB.
  • the process of calculating the standard verification value in the above S301 and S401 is the same as that in S203.
  • the hash of the startup image is calculated according to the domestic password hash algorithm. value.
  • S104 Align the security verification value and the standard validity value, if the security verification value matches the standard validity value, start the lower level startup item; if the security verification value and the standard validity value If it does not match, it will stop.
  • the two values are compared. If the two values match, the lower startup entry is started.
  • the match referred to here may be that the security check value is the same as the standard test value, and the same indicates that the installation position and size of the startup item are not different from the update/first deployment, which means that the startup item has not been tampered with, and is worthwhile. Trusted, it can also be activated; if the security check value does not match the standard validity value, an alarm is issued and the startup is stopped.
  • the lower level startup item is to be verified.
  • the lower level startup item in the previous startup verification process is the superior startup item in this startup verification process. That is to say, the upper-level startup item and the lower-level startup item shown in this embodiment are only relative concepts, and are not absolute.
  • Embodiment 2 is a diagrammatic representation of Embodiment 1:
  • This embodiment provides a secure boot device, as shown in FIG. 5:
  • the security boot device 50 includes a security chip 501, a higher-level startup item 502, and a lower-level startup item 503. After the lower-level startup item 503 is located in the startup chain, it needs to be activated by the activation of the upper-level startup item 502.
  • the superior startup item 502 includes a mirror reading module 5021, a calculation module 5022, a standard value reading module 5023, and a control module 5024.
  • the mirror reading module 5021 is configured to read a boot image of the lower level boot entry
  • the computing module 5022 is configured to calculate a security challenge value for the boot image
  • the standard value read module 5023 is configured to read the stored in an unauthorized read mode.
  • the standard effect value corresponding to the image is activated in the security chip
  • the control module 5024 is configured to compare the security test value with the standard test value. If the security test value matches the standard test value, the lower level start item is activated; if the safety test value and the standard test are performed If the values do not match, the startup stops.
  • the startup chain here is virtual. It is used to represent a trust relationship.
  • the superior startup item in the startup chain can trust its lower-level startup item.
  • the lower-level startup item can only be started and obtained after the superior startup item passes its validation.
  • Operation rights for example, in a computer system, BIOS (Basic Input Output System) and GRUB (GRand Unified Bootloader) are in a subordinate relationship.
  • BIOS Basic Input Output System
  • GRUB GRand Unified Bootloader
  • the startup of GRUB needs to be verified by the BIOS. After GRUB's validation, GRUB obtains the operation right and continues to work on its subordinate startup items, so that the superior starts the subordinate until all the startup items in the startup chain are started.
  • the upper-level startup item and the lower-level startup item are not necessarily two adjacent startup items in the startup chain.
  • one startup chain given in this implementation is “BIOS-GRUB-kernel-root file system.
  • GRUB kernel it should be verified by GRUB kernel, and then the kernel can verify the root file system.
  • this method is also feasible, but in practical applications, GRUB can first validate the kernel and then validate the root file system.
  • the startup image of the subordinate startup item read by the image reading module 5021 includes information about the subordinate startup item, such as the installation time or the latest update time of the subordinate startup item, or the installation location and size of the subordinate startup item. It is an indispensable basis for the calculation module 5022 to calculate the security verification value of the startup image. At the same time, when the system is first deployed or the startup item is updated, the standard validity value stored in the security chip must also be obtained according to the startup image calculation.
  • the calculation module 5022 takes the startup image of the lower-level startup item as an input and obtains it according to an algorithm.
  • a commonly used algorithm may be a symmetric encryption algorithm, an asymmetric encryption algorithm, or a hash algorithm.
  • a hash algorithm may be used to calculate a security challenge value.
  • the standard value reading module 5023 obtains the standard validity value
  • the mirror reading module 5021 reads the mirror information
  • the calculation module 5022 calculates the security effect value.
  • the image information is first read by the image reading module 5021 and the calculation module 5022, and the security effect value is calculated.
  • the standard value reading module 5023 obtains the standard effect value, or vice versa, or both processes may be performed simultaneously.
  • the security chip includes a Trusted Cryptography Module (TCM) and a Trusted Platform Module (TPM). It can be understood that when the TCM is selected as the security chip, the corresponding storage is performed.
  • TCM Trusted Cryptography Module
  • TPM Trusted Platform Module
  • the standard validity value corresponding to the startup image on the boot image should be based on the domestic cryptographic algorithm identified by the National Cryptographic Bureau, that is, the hash algorithm in the commercial password to calculate the hash value.
  • the security check value of the boot image at this time should also be based on Hash algorithm calculation in domestic cryptographic algorithm.
  • the standard validity value stored in the security chip is written into the security chip by means of authorization writing after the system is first deployed or the startup item is updated.
  • the area used to store the standard validity value in the security chip belongs to the non-variable area.
  • the attribute is defined as "read unauthorized, write authorization", that is, no authorization is required for reading, but authorization is required for writing.
  • the control module 5024 After the superior startup item obtains the standard validation value and the security validation value of the startup image of the lower-level startup item, the control module 5024 compares the two values. If the two values match, the control module 5024 starts the lower-level startup item.
  • the match referred to here may be that the security check value is the same as the standard test value, and the same indicates that the installation position and size of the startup item are not different from the update/first deployment, which means that the startup item has not been tampered with, and is worthwhile. Trusted, it can also be activated; if the security check value does not match the standard validity value, the control module 5024 issues an alarm and stops starting.
  • the safety starting device 50 In addition to the security chip 501, the upper boot entry 502, and the lower boot entry 503, an installation unit 504 is included.
  • the installation unit 504 is configured to install the subordinate startup item 503 to a contiguous sector of the disk before the superordinate startup item 502 reads the startup image of its subordinate startup item 503, where the installation includes the initial deployment and the subsequent update process.
  • the installation unit 504 is configured to install the startup item to be installed to the specified location. It is worth noting that the installation unit 504 is greatly different from the existing installation method when installing the GRUB: the related art is the MBR and the GRUB. The other mirrors are separately installed to different locations, but in this embodiment, the GRBR MBR and the remaining mirrors are selected to be programmed in consecutive sectors, and the GRBU stage 1.5 is removed, since the stage 1.5 is used for identification and reading. The file system is fetched, but at some point it is not necessary to consume additional processes to read the file system at startup, so in this example, the installation unit 504 does not install stage 1.5 when updating the GRUB boot entry.
  • the secure boot device 50 includes a security chip 501, a higher-level boot entry 502, a lower-level boot entry 503, an installation unit 504, and a standard value storage unit 505.
  • the standard value storage unit 505 is When the initial startup item 503 is initially deployed or updated, the standard verification value of the startup image of the lower-level startup item 503 is stored in the security chip in an authorized write manner.
  • the standard value storage unit 505 includes a read module 5051, a standard value calculation module 5052, and a write value module 5053.
  • the reading module 5051 is configured to read the startup image of the startup item after the installation, and the startup image includes all or part of the installation of the startup item or the latest update time, the installation location, the size, and the like, for example, the installation location of the read startup item. And the size information is used by the standard value calculation module 5052 to calculate the standard validity value.
  • the reading module 5051 obtains the GRUB image, the GRUB image after the installation should be read. It is not suitable to directly use the compiled GURB image, but should be used after installation. The way the disk is barely read is mirrored as an input to the calculation of the standard validation value.
  • the write value module 5053 issues an application to the administrator to obtain the write permission of the security chip.
  • the write permission of the security chip NV storage area is obtained, and the NV storage area is Refers to the non-variable storage area; if the administrator agrees, the response data will be given when the response is received.
  • the authorization module 5053 obtains the authorization data, the calculated standard verification value is written into the storage area for the system to start. GRUB is used as an unauthorized read.
  • the lower level startup item is to be verified.
  • the lower level startup item in the previous startup verification process is started in this one.
  • it is a superior startup item. That is to say, the upper-level startup item and the lower-level startup item shown in this embodiment are only relative concepts, and are not absolute.
  • Embodiments of the present disclosure also provide a non-transitory computer readable storage medium storing computer executable instructions arranged to perform the method of any of the above embodiments.
  • the embodiment of the present disclosure further provides a schematic structural diagram of an electronic device.
  • the electronic device includes:
  • At least one processor 90 which is exemplified by a processor 90 in FIG. 9; and a memory 91, may further include a communication interface 92 and a bus 93.
  • the processor 90, the communication interface 92, and the memory 91 can complete communication with each other through the bus 93.
  • Communication interface 92 can be used for information transfer.
  • Processor 90 can invoke logic instructions in memory 91 to perform the methods of the above-described embodiments.
  • logic instructions in the memory 91 described above may be implemented in the form of a software functional unit and sold or used as a stand-alone product, and may be stored in a computer readable storage medium.
  • the memory 91 is a computer readable storage medium and can be used to store a software program, a computer executable program, a program instruction/module corresponding to the method in the embodiment of the present disclosure.
  • the processor 90 executes the function application and the data processing by executing software programs, instructions, and modules stored in the memory 91, that is, implementing the secure boot method in the above method embodiments.
  • the memory 91 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application required for at least one function; the storage data area may store data created according to usage of the terminal device, and the like. Further, the memory 91 may include a high speed random access memory, and may also include a nonvolatile memory.
  • the technical solution of the embodiments of the present disclosure may be embodied in the form of a software product stored in a storage medium, including one or more instructions for causing a computer device (which may be a personal computer, a server, or a network) Apparatus, etc.) performing the method of the embodiment of the present disclosure Part or part of the steps.
  • the foregoing storage medium may be a non-transitory storage medium, including: a USB flash drive, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk or an optical disk, and the like.
  • the secure booting method and apparatus provided by the present disclosure avoids the technical problem of low startup efficiency caused by the use of the de-sealing mechanism by the length of the decrypted data in the related art, and simplifies the system upgrade process.

Abstract

Provided are a secure boot method and device. The method comprises: booting a boot image in a chain in which an upper boot item reads its lower boot item; calculating a secure check value of the boot image; reading a standard check value corresponding to the boot image stored in a secure chip by way of unauthorized reading; and comparing the secure check value with the standard check value, if the secure check value matches the standard check value, booting the lower boot item, and if the secure check value does not match the standard check value, stopping the booting. By means of the boot method, the technical problem in the relevant art of low booting efficiency caused by the limitation on the length of decrypted data due to the use of a decryption mechanism is avoided. At the same time, in the secure boot method provided herein, it only needs to update the standard check value of a boot item, which needs to be updated, into the secure chip when the system is updated, without affecting other boot items which do not need to be updated, thereby simplifying the system upgrade process.

Description

安全启动方法及装置Safe starting method and device 技术领域Technical field
本公开涉及安全技术领域,例如涉及一种安全启动方法及装置。The present disclosure relates to the field of security technology, for example, to a secure boot method and apparatus.
背景技术Background technique
设备从加电到完全运行的过程称为启动,启动一般有两种启动方式,一种为可信启动,另一种为安全启动。可信启动是对当前需要运行的启动项进行度量后,无论其是否安全都继续运行该启动项,然后将对启动项的度量结果通知验证方,由验证方评估所运行设备的安全状态。安全启动指除核度量信任根(Core Root of trusted measurement,CRTM)之外,每次运行一个启动项之前,就对该启动项的安全性进行评估,只有在该启动项安全的情况下,才继续运行该启动项,否则,则拒绝运行并发出告警。The process from power-on to full-running is called booting. There are generally two boot modes for booting, one for trusted boot and the other for secure boot. Trusted startup is to measure the startup items that need to be run, whether it is safe or not, continue to run the startup item, and then notify the verifier of the measurement result of the startup item, and the authenticator evaluates the security status of the running device. Secure boot means that in addition to the Core Root of trusted measurement (CRTM), the security of the boot entry is evaluated before each boot entry is run, only if the boot entry is secure. Continue to run the startup item, otherwise, refuse to run and issue an alarm.
在2011年7月27日公开的公开号为102136044A的中国专利文献中公开了一种安全启动方法,其方案大致为:具有操作控制权的启动组件调用可信平台模块TPM中的解封装函数,所述解封装函数被调用以用于在所述具有操作控制权的启动组件运行时,获取当前所述具有操作控制权的启动组件所对应的平台配置寄存器PCR中的数值,在当前所述具有操作控制权的启动组件所对应的PCR中的数值与封装包中的PCR值匹配且封装包中具有用于解密下一个即将启动的加密组件的解密密钥时,向所述具有操作控制权的启动组件返回所述解密密钥;利用调用返回的解密密钥解密所述下一个即将启动的加密组件,并度量解密得到的启动组件,得到度量值,控制TPM将所述度量值与所述解密得到的启动组件所对应的PCR中的数值进行哈希运算,将哈希运算结果作为当前所述解密得到的启动组件所对应的PCR中的数值,将操作控制权移交给所述解密得到的启动组件,返回执行步骤A,直到设备的启动组件全部启动完成。A safe boot method is disclosed in the Chinese Patent Publication No. 102136044A, which is issued on July 27, 2011. The scheme is roughly as follows: the startup component having the operation control right calls the decapsulation function in the trusted platform module TPM. The decapsulation function is called to obtain a value in a platform configuration register PCR corresponding to the current startup component having operation control right when the startup component having operation control is executed, which has the current value When the value in the PCR corresponding to the startup component of the operation control matches the PCR value in the package and the package has a decryption key for decrypting the next cryptographic component to be started, the operation control is provided. The startup component returns the decryption key; decrypts the next cryptographic component to be started by using the decryption key returned by the call, and measures the decrypted startup component, obtains a metric value, and controls the TPM to decrypt the metric value and the decryption key The value in the PCR corresponding to the obtained startup component is hashed, and the result of the hash operation is obtained as the current decryption. Component value corresponding to a PCR, the assembly operation of handing over control to start the decryption obtained, returning to step A, until all the starting components of the device to complete start.
该方案利用安全芯片以及密封、解密封操作,对启动组件进行解密与镜像度量,并将度量结果扩展到安全芯片的PCR寄存器,这实质上是通过数字签名的方式来保证启动的安全。由于安全芯片的密封和解密封操作使用标准的非对称加密算法,该算法规定解密数据长度不应大于秘钥长度,所以每次能够解密 的数据小于150个字节,因此该方法可以保证启动镜像的正确性,但是有严重的效率问题。同时,如果每个启动镜像的度量值扩展到不同索引的PCR寄存器,就限制了系统启动链中的启动镜像数目不能大于平台中PCR寄存器的个数;如果将启动镜像的度量值扩展到平台的同一个PCR寄存器,虽然系统启动链中的启动镜像的数目不受约束,但是,该方案在系统升级时却面临严重的限制:因为启动链中的某一个镜像的升级将影响到启动链后面的所有镜像,必须对此后的每个启动镜像进行重新度量和扩展的操作验证,这种方案会使系统的升级流程异常繁琐。The solution utilizes a security chip and a sealing and de-sealing operation to decrypt and mirror the boot component and extend the measurement results to the PCR register of the security chip. This essentially guarantees the security of the boot by digital signature. Since the security chip's sealing and unsealing operations use standard asymmetric encryption algorithms, the algorithm specifies that the decrypted data length should not be greater than the secret key length, so each time it can be decrypted The data is less than 150 bytes, so this method can guarantee the correctness of the boot image, but there are serious efficiency problems. At the same time, if the metric value of each boot image is extended to the PCR register of different indexes, the number of boot images in the system boot chain is limited to be less than the number of PCR registers in the platform; if the metric value of the boot image is extended to the platform The same PCR register, although the number of boot images in the system boot chain is not constrained, the scheme faces serious limitations when upgrading the system: because the upgrade of one mirror in the boot chain will affect the back of the boot chain. All mirrors must be re-measured and extended for each subsequent boot image. This approach makes the system upgrade process extremely cumbersome.
发明内容Summary of the invention
本公开要解决的主要技术问题是,提供一种安全启动方法,用以解决相关技术中采用数字签名方式来启动时导致的启动效率低、系统升级流程复杂的技术问题。The main technical problem to be solved by the present disclosure is to provide a security startup method for solving the technical problems of low startup efficiency and complicated system upgrade process caused by the digital signature method in the related art.
为解决上述技术问题,本公开提供一种安全启动方法,其特征在于,包括:In order to solve the above technical problem, the present disclosure provides a secure booting method, which includes:
启动链中上级启动项读取其下级启动项的启动镜像;The startup startup item in the startup chain reads the startup image of its lower-level startup item;
计算所述启动镜像的安全效验值;Calculating a security check value of the boot image;
通过非授权读的方式读取存储在安全芯片中所述启动镜像对应的标准效验值;Reading the standard verification value corresponding to the startup image stored in the security chip by means of unauthorized reading;
比对所述安全效验值和所述标准效验值,若所述安全效验值与所述标准效验值匹配,则启动所述下级启动项;若所述安全效验值与所述标准效验值不匹配,停止启动。Comparing the safety effect value and the standard validity value, if the safety effect value matches the standard validity value, starting the lower level activation item; if the safety effect value does not match the standard validity value , stop starting.
在本公开的一种实施例中,读取所述下级启动项的启动镜像包括:读取所述下级启动项的安装位置及大小。In an embodiment of the present disclosure, reading the startup image of the lower-level startup item includes: reading an installation location and a size of the lower-level startup item.
在本公开的一种实施例中,所述安全芯片包括:可信密码模块或可信平台模块。In an embodiment of the present disclosure, the security chip includes: a trusted password module or a trusted platform module.
在本公开的一种实施例中,当所述安全芯片为可信密码模块时,计算所述启动镜像的安全效验值包括:根据国产密码哈希算法计算所述启动镜像的哈希值。In an embodiment of the present disclosure, when the security chip is a trusted password module, calculating a security verification value of the startup image includes: calculating a hash value of the startup image according to a domestic password hash algorithm.
在本公开的一种实施例中,在所述上级启动项读取其下级启动项的启动镜 像之前还包括:将所述下级启动项安装到磁盘的连续扇区。In an embodiment of the present disclosure, the startup mirror of the lower-level startup item is read at the upper-level startup item As before, it also includes: installing the subordinate boot items to consecutive sectors of the disk.
在本公开的一种实施例中,还包括:在所述下级启动项初次部署或更新时,所述启动镜像的标准效验值被通过以授权写的方式存储在所述安全芯片中。In an embodiment of the present disclosure, the method further includes: when the lower-level startup item is initially deployed or updated, the standard verification value of the startup image is stored in the security chip by means of authorizing writing.
本公开还提供一种安全启动装置,包括安全芯片、启动链中的上级启动项和其下级启动项;The present disclosure also provides a secure boot device, including a security chip, a superior boot entry in a boot chain, and a subordinate boot entry thereof;
所述上级启动项包括:The superior startup item includes:
镜像读取模块,被配置为读取所述下级启动项的启动镜像;a mirror reading module configured to read a startup image of the subordinate startup item;
计算模块,被配置为计算所述启动镜像的安全效验值;a calculation module configured to calculate a security verification value of the startup image;
标准值读取模块,被配置为通过非授权读的方式读取存储在安全芯片中所述启动镜像对应的标准效验值;a standard value reading module configured to read, by means of an unauthorized read, a standard validity value corresponding to the startup image stored in the security chip;
控制模块,被配置为比对所述安全效验值和所述标准效验值,若所述安全效验值与所述标准效验值匹配,则启动所述下级启动项;若所述安全效验值与所述标准效验值不匹配,停止启动。a control module configured to compare the security challenge value and the standard validation value, if the security validation value matches the standard validation value, initiate the subordinate startup item; if the security validation value and the location The standard validity values do not match and stop starting.
在本公开的一种实施例中,所述镜像读取模块读取的下级启动项的启动镜像包括:读取所述下级启动项的安装位置及大小。In an embodiment of the present disclosure, the startup image of the lower-level startup item read by the image reading module includes: reading the installation location and size of the lower-level startup item.
在本公开的一种实施例中,所述安全芯片包括:可信密码模块或可信平台模块。In an embodiment of the present disclosure, the security chip includes: a trusted password module or a trusted platform module.
在本公开的一种实施例中,当所述安全芯片为可信密码模块时,计算模块被配置为根据国产密码哈希算法计算所述启动镜像的哈希值。In an embodiment of the present disclosure, when the security chip is a trusted cryptographic module, the computing module is configured to calculate a hash value of the boot image according to a domestic password hash algorithm.
在本公开的一种实施例中,还包括安装单元,被配置为在所述上级启动项读取其下级启动项的启动镜像之前,将所述下级启动项安装到磁盘的连续扇区。In an embodiment of the present disclosure, the method further includes an installation unit configured to install the lower-level startup item to a continuous sector of the disk before the upper-level startup item reads the startup image of the lower-level startup item.
在本公开的一种实施例中,还包括标准值存储单元,被配置为在所述下级启动项初次部署或更新时,将所述启动镜像的标准效验值以授权写的方式存储在所述安全芯片中。In an embodiment of the present disclosure, the method further includes a standard value storage unit configured to store, in the initial deployment or update of the subordinate startup item, a standard validity value of the startup image in an authorized write manner. In the security chip.
本公开实施例还提供了一种非暂态计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令设置为执行上述方法。Embodiments of the present disclosure also provide a non-transitory computer readable storage medium storing computer executable instructions arranged to perform the above method.
本公开实施例还提供了一种电子设备,包括: An embodiment of the present disclosure further provides an electronic device, including:
至少一个处理器;以及At least one processor;
与所述至少一个处理器通信连接的存储器;其中,a memory communicatively coupled to the at least one processor; wherein
所述存储器存储有可被所述至少一个处理器执行的指令,所述指令被所述至少一个处理器执行,以使所述至少一个处理器执行上述的方法。The memory stores instructions executable by the at least one processor, the instructions being executed by the at least one processor to cause the at least one processor to perform the method described above.
本公开的有益效果是:The beneficial effects of the present disclosure are:
本公开提供的安全启动方法,建立让启动链中的上级启动项效验其下级启动项的安全的机制,将下级启动项的启动镜像的标准效验值存储在安全芯片中,当上级启动项效验下级启动项时,通过非授权读的方式从安全芯片中获取下级启动项对应的标准效验值,并将标准效验值与计算得到的下级启动项的启动镜像的安全效验值进行比对,通过安全效验值与标准效验值是否匹配来确定下级启动项的安全性。这种启动方式避免了相关技术中因使用解密封机制受到解密数据长度的限制而导致的启动效率低的技术问题。同时,本公开提出的安全启动方法中,在系统更新时只需将需要更新的启动项的标准效验值更新到安全芯片即可,并不会影响到其他不需要更新的启动项,简化了系统升级流程。The security startup method provided by the present disclosure establishes a mechanism for the superior startup item in the startup chain to verify the security of the lower-level startup item, and stores the standard verification value of the startup image of the lower-level startup item in the security chip, and when the superior startup item tests the lower level When the item is started, the standard validity value corresponding to the lower-level startup item is obtained from the security chip by the unauthorized read mode, and the standard validity value is compared with the calculated security verification value of the startup image of the lower-level startup item, and the security test is passed. Whether the value matches the standard validation value to determine the security of the subordinate startup item. This startup method avoids the technical problem of low startup efficiency caused by the use of the de-sealing mechanism by the length of the decrypted data in the related art. At the same time, in the security startup method proposed by the present disclosure, it is only necessary to update the standard verification value of the startup item that needs to be updated to the security chip when the system is updated, and does not affect other startup items that do not need to be updated, thereby simplifying the system. Upgrade process.
附图概述BRIEF abstract
图1为本公开实施例一提供的一种安全启动方法的流程图;FIG. 1 is a flowchart of a secure booting method according to Embodiment 1 of the present disclosure;
图2为本公开实施例一提供的GRUB更新流程图;2 is a flowchart of a GRUB update according to Embodiment 1 of the present disclosure;
图3为本公开实施例一提供的内核更新流程图;FIG. 3 is a flowchart of kernel update according to Embodiment 1 of the present disclosure;
图4为本公开实施例一提供的根文件系统更新流程图;4 is a flowchart of updating a root file system according to Embodiment 1 of the present disclosure;
图5为本公开实施例二提供的一种安全启动装置的装置示意图;5 is a schematic diagram of an apparatus for a safety starting device according to Embodiment 2 of the present disclosure;
图6为本公开实施例二提供的另一种安全启动装置的装置示意图;FIG. 6 is a schematic diagram of another apparatus for a safety starting device according to Embodiment 2 of the present disclosure; FIG.
图7为本公开实施例二提供的另一种安全启动装置的装置示意图;FIG. 7 is a schematic diagram of another apparatus for a safety starting device according to Embodiment 2 of the present disclosure; FIG.
图8为图7中标准值存储单元示意图;以及Figure 8 is a schematic diagram of the standard value storage unit of Figure 7;
图9是本公开实施例提供的电子设备的结构示意图。 FIG. 9 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure.
具体实施方式detailed description
为了是本公开的优点和细节更加清楚,下面通过实施方式结合附图对本公开进行详细说明。In order to make the advantages and details of the present disclosure clearer, the present disclosure will be described in detail below with reference to the accompanying drawings.
实施例一:Embodiment 1:
本实施例重点阐述本公开提供的安全启动方法,请参考图1:This embodiment focuses on the secure booting method provided by the present disclosure. Please refer to FIG. 1:
S101、启动链中上级启动项读取其下级启动项的启动镜像。S101. The upper-level startup item in the startup chain reads the startup image of the lower-level startup item.
这里的启动链是虚拟的,它用来表征一种信任关系,启动链中的上级启动项可以信任其下级启动项,下级启动项也只有在上级启动项对其的效验通过后才能启动并获得操作权,例如在计算机系统中,BIOS(Basic Input Output System,基本输入输出系统)与GRUB(GRand Unified Bootloader,系统引导程序)就属于上下级关系,GRUB的启动需要经过BIOS的效验,当BIOS对GRUB的效验通过后,GRUB获得操作权,继续对它的下级启动项进行效验工作,如此上级启动下级直至启动链中的所有启动项启动完成。The startup chain here is virtual. It is used to represent a trust relationship. The superior startup item in the startup chain can trust its lower-level startup item. The lower-level startup item can only be started and obtained after the superior startup item passes its validation. Operation rights, for example, in a computer system, BIOS (Basic Input Output System) and GRUB (GRand Unified Bootloader) are in a subordinate relationship. The startup of GRUB needs to be verified by the BIOS. After GRUB's validation, GRUB obtains the operation right and continues to work on its subordinate startup items, so that the superior starts the subordinate until all the startup items in the startup chain are started.
但是,值得注意的是,在本实施例提出的安全启动方法中,上级启动项与下级启动项并不一定是启动链中相邻的两个启动项,例如,本实施给出的一条启动链为“BIOS-GRUB-内核-根文件系统”,从理论上来说,应当是由GRUB效验内核,再由内核效验根文件系统,当然,这种方式也是可行的,但在实际应用中,可以由GRUB先效验内核,再效验根文件系统。However, it is worth noting that in the secure boot method proposed in this embodiment, the upper boot entry and the lower startup entry are not necessarily two adjacent startup entries in the startup chain, for example, a startup chain given in this implementation. For the "BIOS-GRUB-kernel-root file system", in theory, it should be verified by GRUB kernel, and then the kernel can verify the root file system. Of course, this method is also feasible, but in practical applications, it can be GRUB first validates the kernel and then validates the root file system.
下级启动项的启动镜像包含一些关于下级启动项的信息,例如下级启动项的安装时间或是最新更新时间等,也可以是下级启动项的安装位置和大小,这些信息是上级启动项计算下级启动项的安全效验值时必不可少的依据,同时当系统初次部署或是启动项更新时,存储到安全芯片中的标准效验值也必须根据启动镜像计算获得。The startup image of the subordinate startup item contains some information about the subordinate startup items, such as the installation time of the subordinate startup item or the latest update time, etc., or the installation location and size of the subordinate startup item, which is the lower level startup item calculation subordinate startup. The security check value of the item is an indispensable basis. At the same time, when the system is first deployed or the startup item is updated, the standard validity value stored in the security chip must also be obtained according to the startup image.
S102、计算所述启动镜像的安全效验值。S102. Calculate a security verification value of the startup image.
下级启动项的启动镜像的安全效验值是将读取到的启动镜像作为输入,根据某种算法得到的。常用的算法可以是对称加密算法、非对称加密算法、哈希算法,在本实施例中,可以采用哈希算法来计算安全效验值。The security verification value of the startup image of the subordinate startup item is obtained by inputting the read startup image as an input according to an algorithm. A commonly used algorithm may be a symmetric encryption algorithm, an asymmetric encryption algorithm, or a hash algorithm. In this embodiment, a hash algorithm may be used to calculate a security challenge value.
S103、通过非授权读的方式读取存储在安全芯片中所述启动镜像对应的标准效验值。 S103. Read, by means of unauthorized reading, a standard verification value corresponding to the startup image stored in the security chip.
毫无疑义的是,获取标准效验值与读取镜像信息并计算安全效验值这两个过程之间并不存在时序关系,可以先读取镜像信息并计算安全效验值再获取标准效验值,也可以反过来,或者这两个过程同时进行也是可以的。There is no doubt that there is no timing relationship between the two methods of obtaining the standard validation value and reading the mirror information and calculating the security validation value. The image information can be read first and the security validation value can be calculated before the standard validation value is obtained. It can be reversed, or both processes can be performed simultaneously.
在本实施例中,安全芯片是包括可信密码模块(TCM:Trusted Cryptography Module)和可信平台模块(TPM:Trusted Platform Module),可以理解的是,选用TCM作为安全芯片时,对应的存储在其上的启动镜像的标准效验值应当是依据国家密码局认定的国产密码算法,即商用密码中的哈希算法来计算哈希值,同样地,此时下级启动项的启动镜像的安全效验值也应当依据国产密码算法中的哈希算法计算。In this embodiment, the security chip includes a Trusted Cryptography Module (TCM) and a Trusted Platform Module (TPM). It can be understood that when the TCM is selected as the security chip, the corresponding storage is performed. The standard validity value of the boot image on it should be based on the domestic cryptographic algorithm identified by the National Cryptographic Office, that is, the hash algorithm in the commercial password to calculate the hash value. Similarly, the security check value of the boot image of the lower-level boot entry at this time. It should also be calculated based on the hash algorithm in the domestic cryptographic algorithm.
存储在安全芯片中的标准效验值是在系统初次部署或是启动项更新之后,通过授权写的方式写入安全芯片中的,安全芯片中用来存储标准效验值的区域属于非变区域,其属性被定义为“读非授权,写授权”,即读取时不需要授权,但写入的时候需要得到授权。由于启动项的初次部署与更新类似,下面以启动项的更新流程对安装和更新的过程进行解释,请结合图2-图4:The standard validity value stored in the security chip is written into the security chip by means of authorization writing after the system is first deployed or the startup item is updated. The area used to store the standard validity value in the security chip belongs to the non-variable area. The attribute is defined as "read unauthorized, write authorization", that is, no authorization is required for reading, but authorization is required for writing. Since the initial deployment of the startup item is similar to the update, the installation and update process is explained below with the startup process of the startup item. Please refer to Figure 2 - Figure 4:
若待更新的启动项为GRUB,请参考图2:If the startup item to be updated is GRUB, please refer to Figure 2:
S201、将GRUB烧写到磁盘特定连续扇区。S201. Program GRUB to a specific continuous sector of the disk.
相关技术中是将MBR和GRUB的其余镜像分开安装到不同位置的方法,但在本实施例中,选择将GRUB的MBR和其余镜像烧写在连续扇区,同时去除GRBU的stage1.5,由于stage1.5是用于识别、读取文件系统的,为了但是在某些时候,并不需要在启动时耗费另外的流程去读取文件系统,故在本示例中,更新GRUB启动项的时候并不安装stage1.5。In the related art, the remaining mirrors of the MBR and the GRUB are separately installed to different locations, but in this embodiment, the MBR of the GRUB and the remaining mirrors are selected to be written in consecutive sectors, and the stage 1.5 of the GRBU is removed. Stage1.5 is used to identify and read the file system, but at some point, it does not need to use another process to read the file system at startup, so in this example, when updating the GRUB startup item, Stage1.5 is not installed.
S202、从磁盘读取安装后的GRUB镜像。S202. Read the installed GRUB image from the disk.
应当理解的是,获取用于计算标准效验值的GRUB镜像时,应当读取安装后的GRUB镜像,不宜直接用编译得到的GURB镜像,而应该在安装后使用裸读磁盘的方式得到镜像作为计算标准效验值的输入。It should be understood that when obtaining the GRUB image used to calculate the standard validation value, the GRUB image after installation should be read. It is not advisable to directly use the compiled GURB image. Instead, the image should be mirrored after installation using the bare disk. Input of standard validity values.
S203、计算GRUB的标准效验值。S203. Calculate a standard validity value of the GRUB.
更新过程中计算标准效验值的方式与上述启动过程中的计算方式一致,这里就不再赘述。The way to calculate the standard validity value during the update process is consistent with the calculation method in the above startup process, and will not be described here.
S204、申请安全芯片的写权限,并将GRUB镜像的标准效验值更新到安全 芯片中。S204. Apply for write permission of the security chip, and update the standard validation value of the GRUB image to security. In the chip.
计算得到标准效验值后,向管理员发出申请,请求获取安全芯片的写权限,这里一般指的是获取安全芯片NV存储区的写权限,NV存储区是指非变存储区;若管理员同意,将会在响应的时候会给出响应的授权数据,获得授权数据后将计算得到的标准效验值写入该存储区域,以供系统启动GRUB时以非授权读的方式使用。After calculating the standard validity value, an application is sent to the administrator to obtain the write permission of the security chip. Here, generally, the write permission of the security chip NV storage area is obtained, and the NV storage area refers to the non-change storage area; if the administrator agrees The response data will be given when the response is received. After the authorization data is obtained, the calculated standard validity value is written into the storage area for use in an unauthorized read mode when the system starts GRUB.
若待更新的启动项为内核,请参考图3:If the startup item to be updated is the kernel, please refer to Figure 3:
S301、安装内核;S301, installing a kernel;
S302、读取内核镜像;S302. Read a kernel image.
S303、计算内核的标准效验值;S303. Calculate a standard validity value of the kernel;
S304、申请安全芯片的写权限,并将内核镜像的标准效验值更新到安全芯片中。S304. Apply for write permission of the security chip, and update the standard verification value of the kernel image to the security chip.
若待更新的启动项为根文件系统,请参考图4:If the startup item to be updated is the root file system, please refer to Figure 4:
S401、安装根文件系统;S401. Install a root file system.
S402、读取根文件系统镜像;S402. Read a root file system image.
S403、计算根文件系统的标准效验值;S403. Calculate a standard validity value of the root file system.
S404、申请安全芯片的写权限,并将根文件系统的标准效验值更新到安全芯片中。S404. Apply for write permission of the security chip, and update the standard validity value of the root file system to the security chip.
上述S301、S401中计算标准效验值的过程同S203中一致,依据使用安全芯片类型而定,当使用TCM作为安全芯片存储标准效验值时,根据国产密码哈希算法计算所述启动镜像的哈希值。The process of calculating the standard verification value in the above S301 and S401 is the same as that in S203. According to the type of the security chip used, when the TCM is used as the security chip storage standard verification value, the hash of the startup image is calculated according to the domestic password hash algorithm. value.
S104、比对所述安全效验值和所述标准效验值,若所述安全效验值与所述标准效验值匹配,则启动所述下级启动项;若所述安全效验值与所述标准效验值不匹配,则停止启动。S104: Align the security verification value and the standard validity value, if the security verification value matches the standard validity value, start the lower level startup item; if the security verification value and the standard validity value If it does not match, it will stop.
在启动过程中,当上级启动项获取到启动镜像的标准效验值与安全效验值之后,将两个值进行比对,若两个值匹配,就启动该下级启动项。这里所指的匹配可以是安全效验值与标准效验值相同,二者相同说明启动项的安装位置与大小与更新/初次部署之后没有差别,也就说明该启动项并未被篡改过,是值得 信任的,也是可以启动的;若安全效验值与标准效验值不匹配,则发出告警,并停止启动。During the startup process, after the superior startup item obtains the standard validation value and the security validation value of the startup image, the two values are compared. If the two values match, the lower startup entry is started. The match referred to here may be that the security check value is the same as the standard test value, and the same indicates that the installation position and size of the startup item are not different from the update/first deployment, which means that the startup item has not been tampered with, and is worthwhile. Trusted, it can also be activated; if the security check value does not match the standard validity value, an alarm is issued and the startup is stopped.
可以理解的是,下级启动项在启动并获取到操作权之后,要对其下级启动项进行效验,这时候,上一个启动效验流程中的下级启动项在这一个启动效验流程中就是上级启动项了,也就是说,本实施例中所示的上级启动项和下级启动项只是相对的概念,并不是绝对的。It can be understood that after the startup item is started and acquired the operation right, the lower level startup item is to be verified. At this time, the lower level startup item in the previous startup verification process is the superior startup item in this startup verification process. That is to say, the upper-level startup item and the lower-level startup item shown in this embodiment are only relative concepts, and are not absolute.
实施例二:Embodiment 2:
本实施例提供一种安全启动装置,如图5所示:This embodiment provides a secure boot device, as shown in FIG. 5:
安全启动装置50包括安全芯片501、上级启动项502和下级启动项503,下级启动项503在启动链中位于上级启动项502之后,需要通过上级启动项502的效验才能启动。The security boot device 50 includes a security chip 501, a higher-level startup item 502, and a lower-level startup item 503. After the lower-level startup item 503 is located in the startup chain, it needs to be activated by the activation of the upper-level startup item 502.
上级启动项502包括镜像读取模块5021、计算模块5022、标准值读取模块5023以及控制模块5024。镜像读取模块5021被配置为读取下级启动项的启动镜像,计算模块5022被配置为计算启动镜像的安全效验值,标准值读取模块5023被配置为通过非授权读的方式读取存储在安全芯片中启动镜像对应的标准效验值,控制模块5024被配置为比对安全效验值和标准效验值,若安全效验值与标准效验值匹配,则启动下级启动项;若安全效验值与标准效验值不匹配,则停止启动。The superior startup item 502 includes a mirror reading module 5021, a calculation module 5022, a standard value reading module 5023, and a control module 5024. The mirror reading module 5021 is configured to read a boot image of the lower level boot entry, the computing module 5022 is configured to calculate a security challenge value for the boot image, and the standard value read module 5023 is configured to read the stored in an unauthorized read mode. The standard effect value corresponding to the image is activated in the security chip, and the control module 5024 is configured to compare the security test value with the standard test value. If the security test value matches the standard test value, the lower level start item is activated; if the safety test value and the standard test are performed If the values do not match, the startup stops.
这里的启动链是虚拟的,它用来表征一种信任关系,启动链中的上级启动项可以信任其下级启动项,下级启动项也只有在上级启动项对其的效验通过后才能启动并获得操作权,例如在计算机系统中,BIOS(Basic Input Output System,基本输入输出系统)与GRUB(GRand Unified Bootloader,系统引导程序)就属于上下级关系,GRUB的启动需要经过BIOS的效验,当BIOS对GRUB的效验通过后,GRUB获得操作权,继续对它的下级启动项进行效验工作,如此上级启动下级直至启动链中的所有启动项启动完成。The startup chain here is virtual. It is used to represent a trust relationship. The superior startup item in the startup chain can trust its lower-level startup item. The lower-level startup item can only be started and obtained after the superior startup item passes its validation. Operation rights, for example, in a computer system, BIOS (Basic Input Output System) and GRUB (GRand Unified Bootloader) are in a subordinate relationship. The startup of GRUB needs to be verified by the BIOS. After GRUB's validation, GRUB obtains the operation right and continues to work on its subordinate startup items, so that the superior starts the subordinate until all the startup items in the startup chain are started.
但是,值得注意的是,上级启动项与下级启动项并不一定是启动链中相邻的两个启动项,例如,本实施给出的一条启动链为“BIOS-GRUB-内核-根文件系统”,从理论上来说,应当是由GRUB效验内核,再由内核效验根文件系统,当然,这种方式也是可行的,但在实际应用中,可以由GRUB先效验内核,再效验根文件系统。 However, it is worth noting that the upper-level startup item and the lower-level startup item are not necessarily two adjacent startup items in the startup chain. For example, one startup chain given in this implementation is “BIOS-GRUB-kernel-root file system. In theory, it should be verified by GRUB kernel, and then the kernel can verify the root file system. Of course, this method is also feasible, but in practical applications, GRUB can first validate the kernel and then validate the root file system.
镜像读取模块5021读取的下级启动项的启动镜像包含关于下级启动项的信息,例如下级启动项的安装时间或是最新更新时间等,也可以是下级启动项的安装位置和大小,这些信息是计算模块5022计算启动镜像的安全效验值时必不可少的依据,同时当系统初次部署或是启动项更新时,存储到安全芯片中的标准效验值也必须根据启动镜像计算获得。The startup image of the subordinate startup item read by the image reading module 5021 includes information about the subordinate startup item, such as the installation time or the latest update time of the subordinate startup item, or the installation location and size of the subordinate startup item. It is an indispensable basis for the calculation module 5022 to calculate the security verification value of the startup image. At the same time, when the system is first deployed or the startup item is updated, the standard validity value stored in the security chip must also be obtained according to the startup image calculation.
计算模块5022在计算启动镜像的安全效验值时,是将该下级启动项的启动镜像作为输入,根据某种算法得到的。常用的算法可以是对称加密算法、非对称加密算法、哈希算法,在本实施例中,可以采用哈希算法来计算安全效验值。When calculating the security verification value of the startup image, the calculation module 5022 takes the startup image of the lower-level startup item as an input and obtains it according to an algorithm. A commonly used algorithm may be a symmetric encryption algorithm, an asymmetric encryption algorithm, or a hash algorithm. In this embodiment, a hash algorithm may be used to calculate a security challenge value.
毫无疑义的是,标准值读取模块5023获取标准效验值,与镜像读取模块5021读取镜像信息,并由计算模块5022计算安全效验值这两个过程之间并不存在时序关系,可以先分别由镜像读取模块5021和计算模块5022读取镜像信息并计算安全效验值再由标准值读取模块5023获取标准效验值,也可以反过来,或者这两个过程同时进行也是可以的。It goes without saying that the standard value reading module 5023 obtains the standard validity value, and the mirror reading module 5021 reads the mirror information, and the calculation module 5022 calculates the security effect value. There is no timing relationship between the two processes. The image information is first read by the image reading module 5021 and the calculation module 5022, and the security effect value is calculated. The standard value reading module 5023 obtains the standard effect value, or vice versa, or both processes may be performed simultaneously.
在本实施例中,安全芯片是包括可信密码模块(TCM:Trusted Cryptography Module)和可信平台模块(TPM:Trusted Platform Module),可以理解的是,选用TCM作为安全芯片时,对应的存储在其上的启动镜像对应的标准效验值应当是依据国家密码局认定的国产密码算法,即商用密码中的哈希算法来计算哈希值,同样地,此时启动镜像的安全效验值也应当依据国产密码算法中的哈希算法计算。In this embodiment, the security chip includes a Trusted Cryptography Module (TCM) and a Trusted Platform Module (TPM). It can be understood that when the TCM is selected as the security chip, the corresponding storage is performed. The standard validity value corresponding to the startup image on the boot image should be based on the domestic cryptographic algorithm identified by the National Cryptographic Bureau, that is, the hash algorithm in the commercial password to calculate the hash value. Similarly, the security check value of the boot image at this time should also be based on Hash algorithm calculation in domestic cryptographic algorithm.
存储在安全芯片中的标准效验值是在系统初次部署或是启动项更新之后,通过授权写的方式写入安全芯片中的,安全芯片中用来存储标准效验值的区域属于非变区域,其属性被定义为“读非授权,写授权”,即读取时不需要授权,但写入的时候需要得到授权。The standard validity value stored in the security chip is written into the security chip by means of authorization writing after the system is first deployed or the startup item is updated. The area used to store the standard validity value in the security chip belongs to the non-variable area. The attribute is defined as "read unauthorized, write authorization", that is, no authorization is required for reading, but authorization is required for writing.
当上级启动项获取到下级启动项的启动镜像的标准效验值与安全效验值之后,由控制模块5024对两个值进行比对,若两个值匹配,控制模块5024就启动该下级启动项。这里所指的匹配可以是安全效验值与标准效验值相同,二者相同说明启动项的安装位置与大小与更新/初次部署之后没有差别,也就说明该启动项并未被篡改过,是值得信任的,也是可以启动的;若安全效验值与标准效验值不匹配,控制模块5024发出告警,并停止启动。After the superior startup item obtains the standard validation value and the security validation value of the startup image of the lower-level startup item, the control module 5024 compares the two values. If the two values match, the control module 5024 starts the lower-level startup item. The match referred to here may be that the security check value is the same as the standard test value, and the same indicates that the installation position and size of the startup item are not different from the update/first deployment, which means that the startup item has not been tampered with, and is worthwhile. Trusted, it can also be activated; if the security check value does not match the standard validity value, the control module 5024 issues an alarm and stops starting.
在本实施例提供的另一种安全启动装置中,如图6所示,安全启动装置50 除了包括安全芯片501、上级启动项502和下级启动项503以外,还包括安装单元504。安装单元504被配置为在上级启动项502读取其下级启动项503的启动镜像之前,将下级启动项503安装到磁盘的连续扇区,这里的安装包括初次部署以及后续更新过程。In another safety starting device provided in this embodiment, as shown in FIG. 6, the safety starting device 50 In addition to the security chip 501, the upper boot entry 502, and the lower boot entry 503, an installation unit 504 is included. The installation unit 504 is configured to install the subordinate startup item 503 to a contiguous sector of the disk before the superordinate startup item 502 reads the startup image of its subordinate startup item 503, where the installation includes the initial deployment and the subsequent update process.
安装单元504被配置为将待安装的启动项安装到指定位置,值得注意的是,安装单元504在安装GRUB时,与现有安装方式存在很大的不同:相关技术中是将MBR和GRUB的其余镜像分开安装到不同位置的方法,但在本实施例中,选择将GRUB的MBR和其余镜像烧写在连续扇区,同时去除GRBU的stage1.5,由于stage1.5是用于识别、读取文件系统的,但是在某些时候,并不需要在启动时耗费另外的流程去读取文件系统,故在本示例中,安装单元504更新GRUB启动项的时候并不安装stage1.5。The installation unit 504 is configured to install the startup item to be installed to the specified location. It is worth noting that the installation unit 504 is greatly different from the existing installation method when installing the GRUB: the related art is the MBR and the GRUB. The other mirrors are separately installed to different locations, but in this embodiment, the GRBR MBR and the remaining mirrors are selected to be programmed in consecutive sectors, and the GRBU stage 1.5 is removed, since the stage 1.5 is used for identification and reading. The file system is fetched, but at some point it is not necessary to consume additional processes to read the file system at startup, so in this example, the installation unit 504 does not install stage 1.5 when updating the GRUB boot entry.
本实施例还提供一种示例,如图7所示,安全启动装置50包括安全芯片501、上级启动项502、下级启动项503、安装单元504以及标准值存储单元505,标准值存储单元505被配置为在下级启动项503初次部署或更新时,将下级启动项503的启动镜像的标准效验值以授权写的方式存储在所述安全芯片中。This embodiment further provides an example. As shown in FIG. 7, the secure boot device 50 includes a security chip 501, a higher-level boot entry 502, a lower-level boot entry 503, an installation unit 504, and a standard value storage unit 505. The standard value storage unit 505 is When the initial startup item 503 is initially deployed or updated, the standard verification value of the startup image of the lower-level startup item 503 is stored in the security chip in an authorized write manner.
请参考图8,标准值存储单元505包括读取模块5051、标准值计算模块5052和写值模块5053。Referring to FIG. 8, the standard value storage unit 505 includes a read module 5051, a standard value calculation module 5052, and a write value module 5053.
读取模块5051被配置为读取安装后的启动项的启动镜像,启动镜像包括启动项的安装或最新更新时间、安装位置、大小等信息中的全部或部分,例如读取启动项的安装位置与大小信息,用于标准值计算模块5052计算出标准效验值,读取模块5051获取GRUB镜像时,应当读取安装后的GRUB镜像,不宜直接用编译得到的GURB镜像,而应该在安装后使用裸读磁盘的方式得到镜像作为计算标准效验值的输入。The reading module 5051 is configured to read the startup image of the startup item after the installation, and the startup image includes all or part of the installation of the startup item or the latest update time, the installation location, the size, and the like, for example, the installation location of the read startup item. And the size information is used by the standard value calculation module 5052 to calculate the standard validity value. When the reading module 5051 obtains the GRUB image, the GRUB image after the installation should be read. It is not suitable to directly use the compiled GURB image, but should be used after installation. The way the disk is barely read is mirrored as an input to the calculation of the standard validation value.
标准值计算模块5052在计算出标准效验值之后,写值模块5053向管理员发出申请,请求获取安全芯片的写权限,这里一般指的是获取安全芯片NV存储区的写权限,NV存储区是指非变存储区;若管理员同意,将会在响应的时候会给出响应的授权数据,写值模块5053获得授权数据后将计算得到的标准效验值写入该存储区域,以供系统启动GRUB时以非授权读的方式使用。After the standard value calculation module 5052 calculates the standard validity value, the write value module 5053 issues an application to the administrator to obtain the write permission of the security chip. Here, generally, the write permission of the security chip NV storage area is obtained, and the NV storage area is Refers to the non-variable storage area; if the administrator agrees, the response data will be given when the response is received. After the authorization module 5053 obtains the authorization data, the calculated standard verification value is written into the storage area for the system to start. GRUB is used as an unauthorized read.
可以理解的是,下级启动项在启动并获取到操作权之后,要对其下级启动项进行效验,这时候,上一个启动效验流程中的下级启动项在这一个启动效验 流程中就是上级启动项了,也就是说,本实施例中所示的上级启动项和下级启动项只是相对的概念,并不是绝对的。It can be understood that after the startup item is started and acquired the operation right, the lower level startup item is to be verified. At this time, the lower level startup item in the previous startup verification process is started in this one. In the process, it is a superior startup item. That is to say, the upper-level startup item and the lower-level startup item shown in this embodiment are only relative concepts, and are not absolute.
本公开实施例还提供了一种非暂态计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令设置为执行上述任一实施例中的方法。Embodiments of the present disclosure also provide a non-transitory computer readable storage medium storing computer executable instructions arranged to perform the method of any of the above embodiments.
本公开实施例还提供了一种电子设备的结构示意图。参见图9,该电子设备包括:The embodiment of the present disclosure further provides a schematic structural diagram of an electronic device. Referring to FIG. 9, the electronic device includes:
至少一个处理器(processor)90,图9中以一个处理器90为例;和存储器(memory)91,还可以包括通信接口(Communications Interface)92和总线93。其中,处理器90、通信接口92、存储器91可以通过总线93完成相互间的通信。通信接口92可以用于信息传输。处理器90可以调用存储器91中的逻辑指令,以执行上述实施例的方法。At least one processor 90, which is exemplified by a processor 90 in FIG. 9; and a memory 91, may further include a communication interface 92 and a bus 93. The processor 90, the communication interface 92, and the memory 91 can complete communication with each other through the bus 93. Communication interface 92 can be used for information transfer. Processor 90 can invoke logic instructions in memory 91 to perform the methods of the above-described embodiments.
此外,上述的存储器91中的逻辑指令可以通过软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。In addition, the logic instructions in the memory 91 described above may be implemented in the form of a software functional unit and sold or used as a stand-alone product, and may be stored in a computer readable storage medium.
存储器91作为一种计算机可读存储介质,可用于存储软件程序、计算机可执行程序,如本公开实施例中的方法对应的程序指令/模块。处理器90通过运行存储在存储器91中的软件程序、指令以及模块,从而执行功能应用以及数据处理,即实现上述方法实施例中的安全启动方法。The memory 91 is a computer readable storage medium and can be used to store a software program, a computer executable program, a program instruction/module corresponding to the method in the embodiment of the present disclosure. The processor 90 executes the function application and the data processing by executing software programs, instructions, and modules stored in the memory 91, that is, implementing the secure boot method in the above method embodiments.
存储器91可包括存储程序区和存储数据区,其中,存储程序区可存储操作系统、至少一个功能所需的应用程序;存储数据区可存储根据终端设备的使用所创建的数据等。此外,存储器91可以包括高速随机存取存储器,还可以包括非易失性存储器。The memory 91 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application required for at least one function; the storage data area may store data created according to usage of the terminal device, and the like. Further, the memory 91 may include a high speed random access memory, and may also include a nonvolatile memory.
本公开实施例的技术方案可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括一个或多个指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本公开实施例所述方法的全 部或部分步骤。而前述的存储介质可以是非暂态存储介质,包括:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等多种可以存储程序代码的介质,也可以是暂态存储介质。The technical solution of the embodiments of the present disclosure may be embodied in the form of a software product stored in a storage medium, including one or more instructions for causing a computer device (which may be a personal computer, a server, or a network) Apparatus, etc.) performing the method of the embodiment of the present disclosure Part or part of the steps. The foregoing storage medium may be a non-transitory storage medium, including: a USB flash drive, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk or an optical disk, and the like. A medium that can store program code, or a transitory storage medium.
以上内容是结合实施方式对本公开所作的详细说明,不能认定本公开的实施只局限于这些说明。对于本公开所属技术领域的普通技术人员来说,在不脱离本公开实施例范围的前提下,还可以做出若干简单推演或替换,都应当视为属于本公开的保护范围。The above is a detailed description of the present disclosure in connection with the embodiments, and the implementation of the present disclosure is not limited to the description. It is to be understood by those skilled in the art that the present invention may be construed as a part of the scope of the present disclosure without departing from the scope of the embodiments of the present disclosure.
工业实用性Industrial applicability
本公开提供的安全启动方法及装置避免了相关技术中因使用解密封机制受到解密数据长度的限制而导致的启动效率低的技术问题,并且简化了系统升级流程。 The secure booting method and apparatus provided by the present disclosure avoids the technical problem of low startup efficiency caused by the use of the de-sealing mechanism by the length of the decrypted data in the related art, and simplifies the system upgrade process.

Claims (13)

  1. 一种安全启动方法,包括:A secure boot method that includes:
    启动链中上级启动项读取其下级启动项的启动镜像;The startup startup item in the startup chain reads the startup image of its lower-level startup item;
    计算所述启动镜像的安全效验值;Calculating a security check value of the boot image;
    通过非授权读的方式读取存储在安全芯片中所述启动镜像对应的标准效验值;Reading the standard verification value corresponding to the startup image stored in the security chip by means of unauthorized reading;
    比对所述安全效验值和所述标准效验值,若所述安全效验值与所述标准效验值匹配,则启动所述下级启动项;若所述安全效验值与所述标准效验值不匹配,停止启动。Comparing the safety effect value and the standard validity value, if the safety effect value matches the standard validity value, starting the lower level activation item; if the safety effect value does not match the standard validity value , stop starting.
  2. 如权利要求1所述的方法,其中,读取所述下级启动项的启动镜像包括:读取所述下级启动项的安装位置及大小。The method of claim 1, wherein reading the boot image of the subordinate boot entry comprises: reading an installation location and size of the subordinate boot entry.
  3. 如权利要求1所述的方法,其中,所述安全芯片包括:可信密码模块或可信平台模块。The method of claim 1 wherein said security chip comprises: a trusted cryptographic module or a trusted platform module.
  4. 如权利要求3所述的方法,其中,当所述安全芯片为可信密码模块时,计算所述启动镜像的安全效验值包括:根据国产密码哈希算法计算所述启动镜像的哈希值。The method of claim 3, wherein when the security chip is a trusted cryptographic module, calculating a security verification value of the startup image comprises: calculating a hash value of the startup image according to a domestic password hash algorithm.
  5. 如权利要求1所述的方法,其中,在所述上级启动项读取其下级启动项的启动镜像之前还包括:将所述下级启动项安装到磁盘的连续扇区。The method of claim 1, wherein before the superordinate boot entry reads the boot image of the subordinate boot entry, the method further comprises: installing the subordinate boot entry to a contiguous sector of the disk.
  6. 如权利要求1-5任一项所述的方法,还包括:在所述下级启动项初次部署或更新时,所述启动镜像的标准效验值被通过以授权写的方式存储在所述安全芯片中。A method according to any one of claims 1 to 5, further comprising: when the lower level startup item is initially deployed or updated, the standard validity value of the startup image is stored in the security chip by authorizing writing in.
  7. 一种安全启动装置,包括安全芯片、启动链中的上级启动项和其下级启动项; A security boot device includes a security chip, a superior boot entry in a boot chain, and a subordinate boot entry thereof;
    所述上级启动项包括:The superior startup item includes:
    镜像读取模块,被配置为读取所述下级启动项的启动镜像;a mirror reading module configured to read a startup image of the subordinate startup item;
    计算模块,被配置为计算所述启动镜像的安全效验值;a calculation module configured to calculate a security verification value of the startup image;
    标准值读取模块,被配置为通过非授权读的方式读取存储在安全芯片中所述启动镜像对应的标准效验值;a standard value reading module configured to read, by means of an unauthorized read, a standard validity value corresponding to the startup image stored in the security chip;
    控制模块,被配置为比对所述安全效验值和所述标准效验值,若所述安全效验值与所述标准效验值匹配,则启动所述下级启动项;若所述安全效验值与所述标准效验值不匹配,停止启动。a control module configured to compare the security challenge value and the standard validation value, if the security validation value matches the standard validation value, initiate the subordinate startup item; if the security validation value and the location The standard validity values do not match and stop starting.
  8. 如权利要求7所述的装置,其中,所述镜像读取模块读取的下级启动项的启动镜像包括:读取所述下级启动项的安装位置及大小。The apparatus according to claim 7, wherein the startup image of the lower-level startup item read by the mirror reading module comprises: reading an installation location and a size of the lower-level startup item.
  9. 如权利要求7所述的装置,其中,所述安全芯片包括:可信密码模块或可信平台模块。The apparatus of claim 7, wherein the security chip comprises: a trusted cryptographic module or a trusted platform module.
  10. 如权利要求9所述的装置,其中,当所述安全芯片为可信密码模块时,计算模块被配置为根据国产密码哈希算法计算所述启动镜像的哈希值。The apparatus of claim 9, wherein when the security chip is a trusted cryptographic module, the computing module is configured to calculate a hash value of the boot image according to a domestic password hash algorithm.
  11. 如权利要求7所述的装置,还包括安装单元,被配置为在所述上级启动项读取其下级启动项的启动镜像之前,将所述下级启动项安装到磁盘的连续扇区。The apparatus of claim 7, further comprising an installation unit configured to install the lower-level boot items to consecutive sectors of the disk before the upper-level boot entry reads the boot image of the lower-level boot entry.
  12. 如权利要求7-11任一项所述的装置,还包括标准值存储单元,被配置为在所述下级启动项初次部署或更新时,将所述启动镜像的标准效验值以授权写的方式存储在所述安全芯片中。The apparatus according to any one of claims 7 to 11, further comprising a standard value storage unit configured to authorize the standard verification value of the startup image when the lower-level startup item is first deployed or updated Stored in the security chip.
  13. 一种非暂态计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令设置为执行权利要求1-6中任一项的方法。 A non-transitory computer readable storage medium storing computer executable instructions arranged to perform the method of any of claims 1-6.
PCT/CN2017/072296 2016-02-05 2017-01-23 Secure boot method and device WO2017133559A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610081934.1A CN107045611B (en) 2016-02-05 2016-02-05 Safe starting method and device
CN201610081934.1 2016-02-05

Publications (1)

Publication Number Publication Date
WO2017133559A1 true WO2017133559A1 (en) 2017-08-10

Family

ID=59500318

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/072296 WO2017133559A1 (en) 2016-02-05 2017-01-23 Secure boot method and device

Country Status (2)

Country Link
CN (1) CN107045611B (en)
WO (1) WO2017133559A1 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111506897A (en) * 2019-01-30 2020-08-07 阿里巴巴集团控股有限公司 Data processing method and device
CN111651769A (en) * 2019-03-04 2020-09-11 阿里巴巴集团控股有限公司 Method and device for obtaining measurement of secure boot
CN112069502A (en) * 2020-07-22 2020-12-11 延锋伟世通电子科技(上海)有限公司 Safe starting method and device for vehicle-mounted MCU
CN113176965A (en) * 2021-04-25 2021-07-27 山东英信计算机技术有限公司 Board burning prevention method, system and medium based on VR configuration CRC check
CN113605053A (en) * 2021-07-30 2021-11-05 海信(山东)冰箱有限公司 Washing machine processing method, main control board and washing machine
CN113849239A (en) * 2021-09-29 2021-12-28 超越科技股份有限公司 Method and medium for remotely modifying BIOS starting item by server
CN114416432A (en) * 2022-03-29 2022-04-29 山东云海国创云计算装备产业创新中心有限公司 Chip safe start detection method, device, equipment and medium

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108491229A (en) * 2018-02-01 2018-09-04 烽火通信科技股份有限公司 A kind of method that Femtocell equipment safeties start
CN109815706A (en) * 2018-12-29 2019-05-28 百度在线网络技术(北京)有限公司 Data processing method, device, equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101042720A (en) * 2006-03-22 2007-09-26 富士通株式会社 Information processing device having activation verification function
CN102332070A (en) * 2011-09-30 2012-01-25 中国人民解放军海军计算技术研究所 Trust chain transfer method for trusted computing platform
CN102819705A (en) * 2012-07-26 2012-12-12 郑州信大捷安信息技术股份有限公司 System and method for realizing system file integrity verification in master boot sector
CN103729597A (en) * 2014-01-16 2014-04-16 宇龙计算机通信科技(深圳)有限公司 System starting verifying method and device and terminal
CN103927490A (en) * 2014-04-25 2014-07-16 华为技术有限公司 OS secure startup method and device

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101576944B (en) * 2008-11-20 2011-09-07 武汉大学 Computer secure startup system based on trusted platform module and method thereof
CN101877040B (en) * 2009-12-07 2011-10-05 中国航天科工集团第二研究院七○六所 High-reliability computing platform
CN102136044B (en) * 2010-07-14 2013-08-28 华为技术有限公司 Safe starting method, device and computer system
US8560845B2 (en) * 2011-01-14 2013-10-15 Apple Inc. System and method for tamper-resistant booting
CN102622249B (en) * 2012-03-05 2015-12-02 山东华芯半导体有限公司 A kind of safe starting method preventing CPU self-locking
CN102902556B (en) * 2012-09-06 2016-06-01 深圳市共进电子股份有限公司 The multistage boot load method of a kind of embedded equipment

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101042720A (en) * 2006-03-22 2007-09-26 富士通株式会社 Information processing device having activation verification function
CN102332070A (en) * 2011-09-30 2012-01-25 中国人民解放军海军计算技术研究所 Trust chain transfer method for trusted computing platform
CN102819705A (en) * 2012-07-26 2012-12-12 郑州信大捷安信息技术股份有限公司 System and method for realizing system file integrity verification in master boot sector
CN103729597A (en) * 2014-01-16 2014-04-16 宇龙计算机通信科技(深圳)有限公司 System starting verifying method and device and terminal
CN103927490A (en) * 2014-04-25 2014-07-16 华为技术有限公司 OS secure startup method and device

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111506897A (en) * 2019-01-30 2020-08-07 阿里巴巴集团控股有限公司 Data processing method and device
CN111506897B (en) * 2019-01-30 2023-05-02 阿里巴巴集团控股有限公司 Data processing method and device
CN111651769A (en) * 2019-03-04 2020-09-11 阿里巴巴集团控股有限公司 Method and device for obtaining measurement of secure boot
CN111651769B (en) * 2019-03-04 2023-05-09 阿里巴巴集团控股有限公司 Method and device for acquiring measurement of security initiation
CN112069502A (en) * 2020-07-22 2020-12-11 延锋伟世通电子科技(上海)有限公司 Safe starting method and device for vehicle-mounted MCU
CN112069502B (en) * 2020-07-22 2024-02-09 延锋伟世通电子科技(上海)有限公司 Safe starting method and device for vehicle-mounted MCU
CN113176965A (en) * 2021-04-25 2021-07-27 山东英信计算机技术有限公司 Board burning prevention method, system and medium based on VR configuration CRC check
CN113605053A (en) * 2021-07-30 2021-11-05 海信(山东)冰箱有限公司 Washing machine processing method, main control board and washing machine
CN113849239A (en) * 2021-09-29 2021-12-28 超越科技股份有限公司 Method and medium for remotely modifying BIOS starting item by server
CN114416432A (en) * 2022-03-29 2022-04-29 山东云海国创云计算装备产业创新中心有限公司 Chip safe start detection method, device, equipment and medium
CN114416432B (en) * 2022-03-29 2022-07-08 山东云海国创云计算装备产业创新中心有限公司 Chip safe start detection method, device, equipment and medium

Also Published As

Publication number Publication date
CN107045611B (en) 2022-01-25
CN107045611A (en) 2017-08-15

Similar Documents

Publication Publication Date Title
WO2017133559A1 (en) Secure boot method and device
EP3458999B1 (en) Self-contained cryptographic boot policy validation
KR101662618B1 (en) Measuring platform components with a single trusted platform module
CN109710315B (en) BIOS (basic input output System) flash writing method and BIOS mirror image file processing method
US10685122B2 (en) Portable executable and non-portable executable boot file security
US20200272739A1 (en) Performing an action based on a pre-boot measurement of a firmware image
CN106452783B (en) Computer system and method for secure execution
JP5703391B2 (en) System and method for tamper resistant boot processing
US10878096B2 (en) BIOS startup method and data processing method
US8806221B2 (en) Securely recovering a computing device
US9660807B2 (en) System and method for verifying changes to UEFI authenticated variables
US8209542B2 (en) Methods and apparatus for authenticating components of processing systems
KR100792287B1 (en) Method for security and the security apparatus thereof
US8826405B2 (en) Trusting an unverified code image in a computing device
KR101867789B1 (en) Secure battery authentication
US9749141B2 (en) Secure boot devices, systems, and methods
EP2727040B1 (en) A secure hosted execution architecture
US11228421B1 (en) Secure secrets to mitigate against attacks on cryptographic systems
TWI745629B (en) Computer system and method for initializing computer system
JP2016099837A (en) Information processing apparatus, server device, information processing system, control method and computer program
CN109814934B (en) Data processing method, device, readable medium and system
US20170286665A1 (en) Devices and methods for facilitating software signing by more than one signing authority
CN111045743A (en) Safe starting method, management method, device and equipment of operating system
TW201721496A (en) Computer system and operating method therefor
CN108228219B (en) Method and device for verifying BIOS validity during in-band refreshing of BIOS

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17746879

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17746879

Country of ref document: EP

Kind code of ref document: A1