WO2021103745A1 - Method for protectively desiging boot program - Google Patents

Method for protectively desiging boot program Download PDF

Info

Publication number
WO2021103745A1
WO2021103745A1 PCT/CN2020/114999 CN2020114999W WO2021103745A1 WO 2021103745 A1 WO2021103745 A1 WO 2021103745A1 CN 2020114999 W CN2020114999 W CN 2020114999W WO 2021103745 A1 WO2021103745 A1 WO 2021103745A1
Authority
WO
WIPO (PCT)
Prior art keywords
partition
boot program
bootloader
boot1
boot0
Prior art date
Application number
PCT/CN2020/114999
Other languages
French (fr)
Chinese (zh)
Inventor
徐李超
何晓帆
赵守福
余威
Original Assignee
晶晨半导体(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to CN201911166979.9A priority Critical patent/CN111104173A/en
Priority to CN201911166979.9 priority
Application filed by 晶晨半导体(深圳)有限公司 filed Critical 晶晨半导体(深圳)有限公司
Publication of WO2021103745A1 publication Critical patent/WO2021103745A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/4401Bootstrapping
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1415Saving, restoring, recovering or retrying at system level
    • G06F11/1433Saving, restoring, recovering or retrying at system level during software upgrading
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates

Abstract

A method for protectively designing a boot program, comprising: storing a boot program in a Bootloader partition of a memory device logical partition, storing the same boot program as that in the Bootloader partition in inherent partitions Boot0 and Boot1 of the memory device, and setting the backup start-up sequence of the boot programs in the partitions as: Bootloader being first, Boot0 being second, and Boot1 being last. The method for protectively designing a boot program as proposed by the present method can effectively prevent the problem in which a system cannot start-up due to a smart terminal device experiencing power failure during upgrading, thus leading a boot program to be empty or a boot program in a Bootloader partition being destroyed.

Description

一种引导程序的保护设计方法A protection design method of boot program 技术领域Technical field
本发明涉及嵌入式系统应用领域,尤其是一种引导程序的保护设计方法。The invention relates to the application field of an embedded system, in particular to a protection design method of a boot program.
背景技术Background technique
当前智能终端设备的软件系统随着使用周期经常有升级的需求,升级软件一方面可以使得生产商家出厂后的智能终端设备的软件出现的各种问题解决得到有效的解决,其中包含引导程序部分的bug,需要运用以太网给终端用户的机器升级;另外一方面生产商家为了提升自己产品的市场竞争力,每隔一段时间会推出新的软件产品,其中就有部分功能可能需要修改引导程序,这个时候也需要进行对应的升级。The software system of the current smart terminal equipment often needs to be upgraded with the use cycle. On the one hand, the upgrading software can effectively solve the various problems of the software of the smart terminal equipment after the manufacturer leaves the factory, including the boot program part. Bugs require the use of Ethernet to upgrade the end-user’s machine; on the other hand, in order to improve the market competitiveness of their products, manufacturers will launch new software products every once in a while, and some of them may need to modify the boot program. Corresponding upgrades are also required at this time.
在智能终端设备升级过程中,为了保证升级的完整性,通常行业内采用这样的做法,即先擦除Bootloader分区(存储引导程序的分区),然后再升级其他分区,比如Boot分区(内核分区)、System分区(文件系统分区)、Data分区(用户数据分区),等其他分区升级完毕之后,再来升级Bootloader分区的引导程序。这样做的好处是可以确保升级的完整性,但如果升级过程掉电,系统便会无法启动。但是,对于终端用户来说,如果升级过程掉电,就会导致Bootloader分区中引导程序为空或者引导程序被破坏,致使智能设备无法响应导致失效,如果要进行Recovery(恢复),操作会十分麻烦。In the process of upgrading smart terminal equipment, in order to ensure the integrity of the upgrade, the industry usually adopts this approach, that is, first erase the Bootloader partition (the partition that stores the boot program), and then upgrade other partitions, such as the Boot partition (kernel partition) , System partition (file system partition), Data partition (user data partition), etc. After the upgrade of other partitions is completed, upgrade the bootloader of the Bootloader partition. The advantage of this is that it can ensure the integrity of the upgrade, but if the upgrade process loses power, the system will not start. However, for the end user, if the power is lost during the upgrade process, the boot program in the Bootloader partition will be empty or the boot program will be destroyed, causing the smart device to fail to respond and cause failure. If you want to perform a Recovery (recovery), the operation will be very troublesome. .
发明内容Summary of the invention
为了解决上述问题,本发明提出一种引导程序的保护设计方法,可以有效防止智能终端设备在升级过程中出现掉电现象导致引导程序为空或者Bootloader分区中的引导程序被破坏导致的系统无法启动的问题。In order to solve the above problems, the present invention proposes a boot program protection design method, which can effectively prevent the intelligent terminal device from powering down during the upgrade process, resulting in the boot program being empty or the boot program in the Bootloader partition being damaged, causing the system to fail to start. The problem.
本发明通过以下技术方案实现的:The present invention is achieved through the following technical solutions:
本发明提出一种引导程序的保护设计方法,包括:The present invention proposes a boot program protection design method, including:
在存储器件逻辑分区的Bootloader分区存储有一份引导程序,在存储器件的固有分区Boot0和Boot1中也分别存储与Bootloader分区中的引导程序一样的引导程序,并且设定引导程序在分区中的备份启动顺序为:首先是Bootloader,其次是Boot0,最后是Boot1;A bootloader is stored in the Bootloader partition of the logical partition of the storage device. In the inherent partition Boot0 and Boot1 of the storage device, the same boot program as the bootloader in the Bootloader partition is also stored, and the bootloader is set to be backed up in the partition. The order is: Bootloader first, Boot0 second, Boot1 last;
在启动Bootloader分区的数据的时候,先检测其完整性,如果完整,则引导程序从Bootloader分区中装载;如果不完整,则迅速启动备份方案中的Boot0分区数据;When starting the data of the Bootloader partition, first check its integrity, if it is complete, the boot program is loaded from the Bootloader partition; if it is incomplete, start the Boot0 partition data in the backup scheme quickly;
在启动Boot0分区的数据的时候,先检测其完整性,如果完整,则引导程序从Boot0分区中装载,如果不完整,则迅速启动备份方案中的Boot1分区数据;When starting the data in the Boot0 partition, first check its integrity. If it is complete, the boot program will be loaded from the Boot0 partition. If it is incomplete, the Boot1 partition data in the backup scheme will be quickly started;
在启动在启动Boot1分区的数据的时候,先检测其完整性,如果完整,则引导程序从Boot1分区中装载。When starting the data in Boot1 partition, first check its integrity, if it is complete, the boot program will be loaded from Boot1 partition.
进一步的,包括:Further, it includes:
在线升级的过程中,在完成升级Boot分区、System分区、Data分区之前,先不对Bootloader分区进行擦除;During the online upgrade process, do not erase the Bootloader partition before completing the upgrade of the Boot partition, System partition, and Data partition;
待Boot分区、System分区、Data分区升级完毕后,先擦出Bootloader分区然后对Bootloader升级最新的引导程序,接着擦除Boot0分区然后对Boot0升级最新的备份引导程序,最后擦除Boot1分区然后对Boot1升级最新的备份引导程序。After the Boot partition, System partition, and Data partition are upgraded, first wipe out the Bootloader partition and then upgrade the Bootloader to the latest boot program, then erase the Boot0 partition and then upgrade the latest backup boot program to Boot0, and finally erase the Boot1 partition and then boot1 Upgrade the latest backup boot program.
本发明的有益效果:The beneficial effects of the present invention:
通过本发明提出的引导程序的保护设计方法,可以有效防止智能终端设备在升级过程中出现掉电现象导致引导程序为空或者Bootloader分区中的引导程序 被破坏导致的系统无法启动的问题,能够确保Bootloaer分区中的引导程序出错了或者分区为空的时候,系统依然能从Boot0或者Boot1分区中的正常启动;可以确保在升级过程若出现掉电现象,至少有一个分区中有引导程序数据,从而使得系统不会因此而无法响应,解决引导程序无法启动的问题。The boot program protection design method proposed by the present invention can effectively prevent the intelligent terminal device from powering down during the upgrade process, which causes the boot program to be empty or the boot program in the Bootloader partition is destroyed. When the boot program in the Bootloaer partition is wrong or the partition is empty, the system can still boot normally from the Boot0 or Boot1 partition; it can ensure that if there is a power failure during the upgrade process, at least one partition has boot program data, so Make the system not be unable to respond because of this, solve the problem that the boot program cannot start.
附图说明Description of the drawings
图1为本发明的引导程序的保护设计方法的流程示意图。Fig. 1 is a schematic flow diagram of the protection design method of the boot program of the present invention.
具体实施方式Detailed ways
为了更加清楚、完整的说明本发明的技术方案,下面结合附图对本发明作进一步说明。In order to describe the technical solution of the present invention more clearly and completely, the present invention will be further described below with reference to the accompanying drawings.
请参考图1,本发明提出一种引导程序的保护设计方法,包括:Please refer to Figure 1. The present invention proposes a boot program protection design method, including:
在存储器件逻辑分区的Bootloader分区存储有一份引导程序,在存储器件的固有分区Boot0和Boot1中也分别存储与Bootloader分区中的引导程序一样的引导程序,并且设定引导程序在分区中的备份启动顺序为:首先是Bootloader,其次是Boot0,最后是Boot1;A bootloader is stored in the Bootloader partition of the logical partition of the storage device. In the inherent partition Boot0 and Boot1 of the storage device, the same boot program as the bootloader in the Bootloader partition is also stored, and the bootloader is set to be backed up in the partition. The order is: Bootloader first, Boot0 second, Boot1 last;
在启动Bootloader分区的数据的时候,先检测其完整性,如果完整,则引导程序从Bootloader分区中装载;如果不完整,则迅速启动备份方案中的Boot0分区数据;When starting the data of the Bootloader partition, first check its integrity, if it is complete, the boot program is loaded from the Bootloader partition; if it is incomplete, start the Boot0 partition data in the backup scheme quickly;
在启动Boot0分区的数据的时候,先检测其完整性,如果完整,则引导程序从Boot0分区中装载,如果不完整,则迅速启动备份方案中的Boot1分区数据;When starting the data in the Boot0 partition, first check its integrity. If it is complete, the boot program will be loaded from the Boot0 partition. If it is incomplete, the Boot1 partition data in the backup scheme will be quickly started;
在启动在启动Boot1分区的数据的时候,先检测其完整性,如果完整,则引导程序从Boot1分区中装载;如果不完整,则表示启动失败。When starting the data in Boot1 partition, first check its integrity. If it is complete, the boot program is loaded from Boot1 partition; if it is incomplete, it means the startup failed.
在本实施方式中,引导程序一旦遭到破坏,系统便会无法启动,所以本发明 引进如上述的引导程序的存储备份机制。根据eMMC(Embedded Multi Media Card)的物理特性可以将其分为两个分区:逻辑分区和固有分区,其中固有分区有Boot0和Boot1两个,各个分区的大小大约是2M或者4M,用户一般不操作固有分区;逻辑分区的容量比较大,一般情况下我们会把所有的系统数据都存储在逻辑分区:包括引导程序数据、Boot数据、System数据、Data数据等等。考虑到固有分区的安全性,可以在eMMC烧片器烧录程序的时候,在存储器件逻辑分区的Bootloader分区存储有一份引导程序,在存储器件的固有分区Boot0和Boot1中也分别存储与Bootloader分区中的引导程序一样的引导程序,并且设定引导程序在分区中的备份启动顺序为:首先是Bootloader,其次是Boot0,最后是Boot1。In this embodiment, once the boot program is damaged, the system cannot be started. Therefore, the present invention introduces the storage backup mechanism of the boot program as described above. According to the physical characteristics of eMMC (Embedded Multi Media Card), it can be divided into two partitions: logical partition and inherent partition. There are two inherent partitions, Boot0 and Boot1. The size of each partition is about 2M or 4M, and users generally do not operate it. Inherent partition; the capacity of logical partition is relatively large, under normal circumstances we will store all system data in the logical partition: including boot program data, Boot data, System data, Data data, etc. Taking into account the security of the inherent partition, when the eMMC burner is burning the program, a bootloader can be stored in the Bootloader partition of the logical partition of the storage device, and the inherent partition Boot0 and Boot1 of the storage device can also be stored separately with the Bootloader partition. The boot program in the boot program is the same as the boot program, and the backup startup sequence of the boot program in the partition is set as: first is Bootloader, second is Boot0, and finally is Boot1.
进一步的,包括:在线升级的过程中,在完成升级Boot分区、System分区、Data分区之前,先不对Bootloader分区进行擦除;Further, it includes: during the online upgrade process, before completing the upgrade of the Boot partition, System partition, and Data partition, the Bootloader partition is not erased;
待Boot分区、System分区、Data分区升级完毕后,先擦出Bootloader分区然后对Bootloader升级最新的引导程序,接着擦除Boot0分区然后对Boot0升级最新的备份引导程序,最后擦除Boot1分区然后对Boot1升级最新的备份引导程序。After the Boot partition, System partition, and Data partition are upgraded, first wipe out the Bootloader partition and then upgrade the Bootloader to the latest boot program, then erase the Boot0 partition and then upgrade the latest backup boot program to Boot0, and finally erase the Boot1 partition and then boot1 Upgrade the latest backup boot program.
在本实施方式中,相比于行业内采用现有的做法,即先擦除Bootloader分区(存储引导程序的分区),然后再升级其他分区,比如Boot分区(内核分区)、System分区(文件系统分区)、Data分区(用户数据分区),等其他分区升级完毕之后,再来升级Bootloader分区的引导程序,该做法如果在升级Bootloader,Boot0,Boot1之前掉电,三个分区中存在为空的情况,此时系统无引导程序无法启动。因此为了避免上述问题,在完成升级Boot分区、System分区、Data分区之前,先不对Bootloader分区进行擦除;而是待Boot分区、System分区、 Data分区升级完毕后,先擦出Bootloader分区然后对Bootloader升级最新的引导程序,接着擦除Boot0分区然后对Boot0升级最新的备份引导程序,最后擦除Boot1分区然后对Boot1升级最新的备份引导程序。In this embodiment, compared to the existing practice in the industry, the Bootloader partition (the partition storing the boot program) is erased first, and then other partitions, such as the Boot partition (kernel partition), System partition (file system), are erased. Partition), Data partition (user data partition), after the other partitions are upgraded, then upgrade the bootloader of the Bootloader partition. If the power is lost before upgrading Bootloader, Boot0, Boot1, the three partitions will be empty. At this time, the system cannot be started without a boot program. Therefore, in order to avoid the above problems, do not erase the Bootloader partition before completing the upgrade of the Boot, System, and Data partitions; instead, after the Boot, System, and Data partitions are upgraded, first erase the Bootloader partition and then perform the bootloader. Upgrade the latest boot program, then erase Boot0 partition and then upgrade Boot0 to the latest backup boot program, finally erase Boot1 partition and then upgrade Boot1 to the latest backup boot program.
通过本发明提出的引导程序的保护设计方法,可以有效防止智能终端设备在升级过程中出现掉电现象导致引导程序为空或者Bootloader分区中的引导程序被破坏导致的系统无法启动的问题,能够确保Bootloaer分区中的引导程序出错了或者分区为空的时候,系统依然能从Boot0或者Boot1分区中的正常启动;可以确保在升级过程若出现掉电现象,至少有一个分区中有引导程序数据,从而使得系统不会因此而无法响应,解决引导程序无法启动的问题。The boot program protection design method proposed by the present invention can effectively prevent the intelligent terminal device from powering down during the upgrade process, which causes the boot program to be empty or the boot program in the Bootloader partition is destroyed. When the boot program in the Bootloaer partition is wrong or the partition is empty, the system can still boot normally from the Boot0 or Boot1 partition; it can ensure that if there is a power failure during the upgrade process, at least one partition has boot program data, so Make the system not be unable to respond because of this, solve the problem that the boot program cannot start.
当然,本发明还可有其它多种实施方式,基于本实施方式,本领域的普通技术人员在没有做出任何创造性劳动的前提下所获得其他实施方式,都属于本发明所保护的范围。Of course, the present invention can also have many other embodiments. Based on this embodiment, other embodiments obtained by a person of ordinary skill in the art without any creative work are within the protection scope of the present invention.

Claims (2)

  1. 一种引导程序的保护设计方法,其特征在于,包括:A boot program protection design method, which is characterized in that it includes:
    在存储器件逻辑分区的Bootloader分区存储有一份引导程序,在存储器件的固有分区Boot0和Boot1中也分别存储与Bootloader分区中的引导程序一样的引导程序,并且设定引导程序在分区中的备份启动顺序为:首先是Bootloader,其次是Boot0,最后是Boot1;A bootloader is stored in the Bootloader partition of the logical partition of the storage device. In the inherent partition Boot0 and Boot1 of the storage device, the same boot program as the bootloader in the Bootloader partition is also stored, and the bootloader is set to be backed up in the partition. The order is: Bootloader first, Boot0 second, Boot1 last;
    在启动Bootloader分区的数据的时候,先检测其完整性,如果完整,则引导程序从Bootloader分区中装载;如果不完整,则迅速启动备份方案中的Boot0分区数据;When starting the data of the Bootloader partition, first check its integrity, if it is complete, the boot program is loaded from the Bootloader partition; if it is incomplete, start the Boot0 partition data in the backup scheme quickly;
    在启动Boot0分区的数据的时候,先检测其完整性,如果完整,则引导程序从Boot0分区中装载,如果不完整,则迅速启动备份方案中的Boot1分区数据;When starting the data in the Boot0 partition, first check its integrity. If it is complete, the boot program is loaded from the Boot0 partition. If it is incomplete, the Boot1 partition data in the backup scheme will be quickly started;
    在启动在启动Boot1分区的数据的时候,先检测其完整性,如果完整,则引导程序从Boot1分区中装载。When starting the data in Boot1 partition, first check its integrity, if it is complete, the boot program will be loaded from Boot1 partition.
  2. 根据权利要求1所述的引导程序的保护设计方法,其特征在于,包括:The boot program protection design method according to claim 1, characterized in that it comprises:
    在线升级的过程中,在完成升级Boot分区、System分区、Data分区之前,先不对Bootloader分区进行擦除;During the online upgrade process, do not erase the Bootloader partition before completing the upgrade of the Boot partition, System partition, and Data partition;
    待Boot分区、System分区、Data分区升级完毕后,先擦出Bootloader分区然后对Bootloader升级最新的引导程序,接着擦除Boot0分区然后对Boot0升级最新的备份引导程序,最后擦除Boot1分区然后对Boot1升级最新的备份引导程序。After the Boot partition, System partition, and Data partition are upgraded, first wipe out the Bootloader partition and then upgrade the Bootloader to the latest boot program, then erase the Boot0 partition and then upgrade the latest backup boot program to Boot0, and finally erase the Boot1 partition and then boot1 Upgrade the latest backup boot program.
PCT/CN2020/114999 2019-11-25 2020-09-14 Method for protectively desiging boot program WO2021103745A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201911166979.9A CN111104173A (en) 2019-11-25 2019-11-25 Protection design method of bootstrap program
CN201911166979.9 2019-11-25

Publications (1)

Publication Number Publication Date
WO2021103745A1 true WO2021103745A1 (en) 2021-06-03

Family

ID=70421255

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/114999 WO2021103745A1 (en) 2019-11-25 2020-09-14 Method for protectively desiging boot program

Country Status (2)

Country Link
CN (1) CN111104173A (en)
WO (1) WO2021103745A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111104173A (en) * 2019-11-25 2020-05-05 晶晨半导体(深圳)有限公司 Protection design method of bootstrap program

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102169442A (en) * 2011-03-24 2011-08-31 杭州华三通信技术有限公司 Method, equipment, device and system for performing system boot by using USB (universal serial bus) device
CN102945176A (en) * 2012-11-09 2013-02-27 青岛海信移动通信技术股份有限公司 Terminal equipment booting and updating method and equipment
CN103699421A (en) * 2014-01-08 2014-04-02 金三立视频科技(深圳)有限公司 Method and device for upgrading embedded device system
CN107967141A (en) * 2017-11-27 2018-04-27 北京小米移动软件有限公司 Operating system update method, apparatus and terminal
CN111104173A (en) * 2019-11-25 2020-05-05 晶晨半导体(深圳)有限公司 Protection design method of bootstrap program

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102169442A (en) * 2011-03-24 2011-08-31 杭州华三通信技术有限公司 Method, equipment, device and system for performing system boot by using USB (universal serial bus) device
CN102945176A (en) * 2012-11-09 2013-02-27 青岛海信移动通信技术股份有限公司 Terminal equipment booting and updating method and equipment
CN103699421A (en) * 2014-01-08 2014-04-02 金三立视频科技(深圳)有限公司 Method and device for upgrading embedded device system
CN107967141A (en) * 2017-11-27 2018-04-27 北京小米移动软件有限公司 Operating system update method, apparatus and terminal
CN111104173A (en) * 2019-11-25 2020-05-05 晶晨半导体(深圳)有限公司 Protection design method of bootstrap program

Also Published As

Publication number Publication date
CN111104173A (en) 2020-05-05

Similar Documents

Publication Publication Date Title
JP5909264B2 (en) Secure recovery apparatus and method
US8601255B2 (en) Approaches for updating bios
EP2638466B1 (en) Software updating process for an embedded device
TWI664574B (en) Method of patching boot code of read-only memory and system-on-chip
US8041988B2 (en) Firmware update for consumer electronic device
TWI515660B (en) Firmware variable update method
US20170039075A1 (en) Rapid start up method for electronic equipment
CN104572206A (en) Application program self updating and backup recovery method
JP5575338B2 (en) Information processing apparatus, information processing method, and computer program
CN105917306B (en) System and method for configuring system firmware configuration data
CN102508686A (en) Method and system for realizing safe upgrading of system
WO2021103745A1 (en) Method for protectively desiging boot program
CN108874582A (en) A kind of system recovery method, device and terminal
KR101601751B1 (en) Ecu of vehicle and boot software re-programming method thereof
CN106775674B (en) Equipment based on universal boot loader and starting method thereof
WO2016155524A1 (en) Method and apparatus for realizing safe upgrade of system
CN108345464A (en) A kind of the startup method and Android vehicle device of Android system
WO2020062887A1 (en) Firmware upgrading method and system based on flash micro-controller, and flash micro-controller
JP2004192329A (en) Program rewriting method and terminal device
US9529581B2 (en) Circuit and method for writing program codes of basic input/output system
CN111552592A (en) Double-backup starting method and system
CN111078452A (en) BMC firmware image recovery method and device
WO2021010941A1 (en) Data updates for controllers
CN113190256A (en) Upgrading method, device and equipment
CN108958769A (en) A kind of embedded device software systems restorative procedure and system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20893399

Country of ref document: EP

Kind code of ref document: A1