WO2022088194A1

WO2022088194A1 - Security processing apparatus, security processing method, and related device

Info

Publication number: WO2022088194A1
Application number: PCT/CN2020/125977
Authority: WO
Inventors: 陈迎国
Original assignee: 华为技术有限公司
Priority date: 2020-11-02
Filing date: 2020-11-02
Publication date: 2022-05-05
Also published as: CN114731272A; CN114731272B

Abstract

Disclosed are a security processing apparatus and a security processing method. The security processing apparatus comprises a processing unit, a security engine, a first storage unit, and a second storage unit. The processing unit is used for respectively acquiring a plurality of subsystem mirrors of an operating system mirror for startup of an operating system. The first storage unit is used for storing first key information of the operating system mirror. The second storage unit is used for storing a target key factor of a target subsystem mirror among the plurality of subsystem mirrors. Different subsystem mirrors have different key factors. The security engine is used for generating a target decryption key according to the first key information and the target key factor, and decrypting the target subsystem mirror using the target decryption key to obtain a target mirror plaintext. The processing unit is further used for running the target mirror plaintext. The use of embodiments of the present application can improve the security of the system mirror in startup of the operating system.

Description

A safety processing device, safety processing method and related equipment

technical field

The present application relates to the technical field of safe booting of operating systems, and in particular, to a security processing device, a security processing method, and related equipment.

Background technique

An operating system (OS) is a computer program that manages computer hardware and software resources. The operating system handles basic tasks such as managing and configuring memory, prioritizing the supply and demand of system resources, controlling input and output devices, operating the network, and managing the file system.

An operating system image is a compressed file containing the above computer program, and an operating system image usually contains multiple subsystem images. If the operating system image has been encrypted, during the operating system startup process, each encrypted subsystem image needs to be decrypted in turn to obtain the plaintext of each subsystem image, and the processor will run the plaintext of each subsystem image to start the operating system. . At this stage, in the process of decrypting multiple subsystem images of the operating system, a unified decryption key is used to decrypt the different subsystem images respectively. Specifically, the following two methods are included: (1) The above-mentioned decryption key is in plaintext. The method is stored in the memory of the chip, the processor drives the decryption module to obtain the decryption key, and decrypts each subsystem image; (2) The above-mentioned decryption key is stored in the memory of the chip in the form of ciphertext, and the processor Drive the decryption module to obtain the decryption key, decrypt the decryption key to obtain the decryption key plaintext, and then use the decryption key plaintext to decrypt each subsystem image.

The above two methods are easy to crack the ciphertext of the entire operating system image due to the leakage of the decryption key, and the security is low.

SUMMARY OF THE INVENTION

The embodiments of the present application disclose a security processing device and a related security processing method, so as to improve the security of system startup during operating system startup.

In a first aspect, an embodiment of the present application provides a security processing device, which may include: a processing unit, a security engine, a first storage unit, and a second storage unit; wherein, the processing unit is configured to separately acquire a Multiple subsystem images of the operating system image; a first storage unit for storing the first key information of the operating system image, the first key information including the root key ciphertext, the life cycle state LCS, the root of trust public key at least one of the key ROTPK hash value, operator information or product information; a second storage unit for storing the target key factor of the target subsystem image in the multiple subsystem images; in the multiple subsystem images, one The subsystem image corresponds to a key factor, and different subsystem images have different key factors; the security engine is used to generate a target decryption key of the target subsystem image according to the first key information and the target key factor; and use the target The decryption key decrypts the target subsystem image to obtain the target image plaintext of the target subsystem image; the processing unit is also used for running the above-mentioned target image plaintext.

It can be seen that, in the embodiment of the present application, by configuring different key factors for different subsystem images, different decryption of each subsystem image can be generated according to the key factor and the first key information of each subsystem image key, that is, each subsystem image has a different decryption key during the decryption process. Therefore, when the decryption keys of some subsystem images in the operating system are leaked, since the decryption keys of each subsystem image are different, other subsystem images whose decryption keys have not been leaked cannot be decrypted, preventing the operating system from being completely attacked. Thereby improving the security of the operating system. Among them, since the first key information includes one or more of the root key ciphertext, the life cycle state LCS, the trusted root public key ROTPK hash value, the operator information and the product information, it can further ensure that different subsystems The decryption keys of each subsystem image generated by the image according to its corresponding key factor and the first key information are different. When the terminal device is in different life cycle states (such as chip manufacturing CM mode, device manufacturing DM mode and secure SM mode), its LCS value is different; the ROTPK of different device manufacturers is different, so the ROTPK hash value is also different; in the same way , the operator information or product information corresponding to terminal devices of different network operators or terminal devices of different models are also different. Therefore, the decryption key in the embodiment of the present application can effectively prevent the decryption key of the operating system image in a certain life cycle state from being leaked and be used to decrypt the operating system image in other life cycle states; at the same time, it can also prevent some devices from being leaked. The manufacturer's ROTPK is leaked and used to decrypt other device manufacturers' terminal device operating system images; and to prevent the same type of terminal device, or the decryption key of the same operator's terminal device operating system image from being leaked and used to decrypt other devices. Operating system images of terminal devices of different models or terminal devices using other operators, thus ensuring the independence of operating system images between terminal devices of different life cycle states, manufactured by different device manufacturers, using different operators, or different models , thereby improving the security of the operating system. In addition, the above-mentioned first storage unit may be a one-time programmable device, that is, the first key information stored in the first storage unit cannot be changed after being written for the first time, thereby ensuring that according to the first key information The security and accuracy of each subsystem image decryption key generated by the information further improves the security of the operating system.

In a feasible implementation manner, the above-mentioned security engine is configured to continue decrypting the next subsystem image to obtain the next subsystem image of the next subsystem image after decrypting the target subsystem image to obtain the plaintext of the target image. The image plaintext, the next subsystem image is the subsequent subsystem image of the target subsystem image in the above-mentioned multiple subsystem images.

It should be understood that in the embodiments of the present application, during the startup process of the operating system, the multiple subsystem images included in the operating system are loaded one by one, and the loading of each subsystem image includes the decryption of each subsystem image and the plaintext of each subsystem image. operation; wherein, the target subsystem image is the subsystem image currently being loaded among the above-mentioned multiple subsystem images.

It can be seen that, in the embodiment of the present application, the security engine decrypts the currently loaded subsystem image, that is, the target subsystem image each time, and then decrypts the next subsystem image after the target subsystem image is decrypted. Therefore, even if the target subsystem image is attacked during the decryption process, resulting in the leakage of the target decryption key, due to the different decryption keys of different subsystem images, other subsystem images still cannot be decrypted, which can prevent the entire operating system from being completely attacked. Thereby improving the security of the operating system.

In a feasible implementation manner, the above-mentioned processing unit is specifically configured to: obtain the target subsystem image in the above-mentioned multiple subsystem images; run the plaintext of the target image; Get the next subsystem image; run the next image plaintext.

It can be seen that, in the embodiments of the present application, multiple subsystem images of the operating system are loaded in series, that is, one subsystem image is loaded at a time. The processing unit acquires one subsystem image, that is, the target subsystem image each time, and after running the plaintext of the target subsystem image, acquires the next subsystem image, and then runs the next image plaintext. In this case, if a subsystem image is attacked during the loading process, even if the subsystem image is cracked, other subsystem images are still safe, which can prevent the entire operating system from being cracked, thereby improving the operating system. Security during startup.

In a feasible implementation manner, the above-mentioned processing unit is further configured to: obtain the target security certificate chain of the target subsystem image; among the above-mentioned multiple subsystem images, one subsystem image corresponds to one security certificate chain; from the target security certificate chain Or obtain the target key factor from the decrypted image plaintext, and configure the target key factor to the second storage unit. The above-mentioned decrypted image plaintext is decrypted by the security engine in the above-mentioned multiple subsystem images before decrypting the target subsystem image. Other subsystem images are obtained.

In a feasible implementation manner, before the processing unit obtains the target key factor from the target security certificate chain, the security engine may also verify the target security certificate chain, and after the verification is passed, the processing unit obtains the target key factor , where the target security certificate chain contains at least one level of security certificate, and each level of security certificate will be verified.

It can be seen that, in the embodiment of the present application, the manner in which the security engine obtains the target key factor includes: obtaining the target key factor from the target security certificate chain, or obtaining the target key factor from the decrypted image plaintext. When the security engine obtains the target key factor from the decrypted image plaintext, since the decrypted subsystem image is trusted, the target key factor obtained from the decrypted image plaintext is also trusted and secure ; When the security engine obtains the target key factor from the target security certificate chain, before obtaining the target key factor, the security engine can verify the target security certificate chain. Obtain the target key factor, and the verification process can ensure that the target key factor obtained by the security engine is trusted and secure. Through the above two methods, the security and correctness of the target decryption key generated according to the target key factor can be ensured.

In a feasible implementation manner, the above-mentioned security processing apparatus further includes: a third storage unit, configured to store the above-mentioned multiple subsystem images and multiple security certificate chains corresponding to the multiple subsystem images respectively.

It can be seen that, in the embodiment of the present application, the above-mentioned third storage unit may be a readable and writable storage unit, and when the operating system is updated, the processing unit writes a plurality of new subsystems into the third storage unit Mirror to update the original subsystem mirror. Since the security holes in the original subsystem mirror are fixed in the new subsystem mirror, and the new subsystem mirror supports more system functions, it can effectively improve Security during operating system startup.

In a feasible implementation manner, the above-mentioned security engine is specifically used for: decrypting the root key ciphertext to obtain the root key plaintext; according to LCS, ROTPK hash value, target key factor, operator information or product information At least one of the derivation factors is obtained; the target decryption key is generated based on the derivation factors and the root key plaintext.

It can be seen that in the embodiment of the present application, the security engine can obtain the derivation factor of each subsystem image according to at least one of LCS, ROTPK hash value, key factor of each subsystem image, operator information or product information, The decryption key of each subsystem image is generated based on the derivation factor of each subsystem image and the plaintext of the root key. Since the key factor of each subsystem image is different, the decryption key of each subsystem image is different, which improves the performance of each subsystem image. The independence between images improves the security of the operating system image decryption process; at the same time, the root key is stored in the first storage unit in the form of ciphertext, which improves the security of the root key and effectively prevents the root key After being leaked, it is used to generate the decryption key of each subsystem image, thereby improving the security of the operating system.

In a feasible implementation manner, the above-mentioned processing unit is further configured to overwrite the target key factor with the first key factor after running the target image plaintext; the above-mentioned security engine is further configured to clear the target decryption key; or use the first key factor to cover the target key factor; The security decryption key or the first preset value of the target subsystem image covers the target decryption key, and the security decryption key is generated according to the first key factor and the first key information.

It can be seen that in the embodiment of the present application, after the image plaintext of each subsystem image runs, the security engine can overwrite or clear the key factor and decryption key of each subsystem image, because each subsystem image is loaded serially. Therefore, the key factor and decryption key of each subsystem image only exist in the decryption process of the subsystem image, which effectively improves the independence of each subsystem image decryption process and improves the security of the operating system image decryption process. sex.

In a feasible implementation manner, the above-mentioned multiple subsystem images include a first subsystem image and a second subsystem image; during the startup of the operating system, the first subsystem image is decrypted once, and the second subsystem image is decrypted many times. Second-rate.

It should be understood that the first subsystem image is a type of subsystem image that is decrypted once during the operating system startup process, and the second subsystem image is a type of subsystem image that is decrypted multiple times during the operating system startup process. The number of times the subsystem image is decrypted is determined by a specific application scenario, and each second subsystem image uses the same key factor and decryption key during the multiple decryption process.

It can be seen that, in the embodiment of the present application, the subsystem image of the operating system may include the first subsystem image and the second font same image. During the startup process of the operating system, the number of times of decryption of the second subsystem image is determined by the specific application scenario. By configuring different first subsystem images and second subsystem images in the operating system, the operating system can be adapted to different application scenarios, thereby increasing the versatility of the operating system.

In a feasible implementation manner, the above-mentioned security processing apparatus further includes: a fourth storage unit, configured to provide storage space for running the plaintext of the target image.

It can be seen that, in the embodiment of the present application, the above-mentioned fourth storage unit may be a random storage unit, which is used to store the mirror images, data and intermediate results of each subsystem during the loading process of the mirror images of each subsystem, so as to ensure that the mirror images of each subsystem are stored. normal operation and smooth startup of the operating system.

In a second aspect, an embodiment of the present application provides a security processing method, including: obtaining, by a processing unit, multiple subsystem images of an operating system image used for operating system startup respectively; storing, by a first storage unit, a first image of the operating system image Key information, the first key information includes at least one of root key ciphertext, life cycle status LCS, root of trust public key ROTPK hash value, operator information or product information; the second storage unit stores the above The target key factor of the target subsystem image in the multiple subsystem images; in the above multiple subsystem images, one subsystem image corresponds to one key factor, and different subsystem images have different key factors; key information and target key factor to generate the target decryption key of the target subsystem image; and use the target decryption key to decrypt the target subsystem image to obtain the target image plaintext of the target subsystem image; the processing unit runs the target image plaintext .

In a feasible implementation manner, the method further includes: after the security engine decrypts the target subsystem image to obtain the plaintext of the target image, the security engine continues to decrypt the next subsystem image to obtain the next sub-system image. The next image plaintext of the system image, where the next subsystem image is the subsequent subsystem image of the target subsystem image in the above-mentioned multiple subsystem images.

In a feasible implementation manner, the above-mentioned obtaining, by the processing unit, the multiple subsystem images of the operating system image used for starting the operating system respectively includes: obtaining, by the processing unit, the target subsystem image from the above-mentioned multiple subsystem images; After mirroring the plaintext, the processing unit continues to obtain the next subsystem mirror from the multiple subsystem mirrors; after the processing unit runs the target mirroring plaintext, the security processing method further includes: running the next mirroring plaintext.

In a feasible implementation manner, the above method further includes: acquiring, by the processing unit, a target security certificate chain of the target subsystem image; among the above-mentioned multiple subsystem images, one subsystem image corresponds to one security certificate chain; Obtain the target key factor from the target security certificate chain or the decrypted image plaintext, and configure the target key factor to the second storage unit.

In a feasible implementation manner, generating the target decryption key of the target subsystem image by the security engine according to the first key information and the target key factor includes: decrypting the ciphertext of the root key to obtain the root key Plaintext; splicing one or more of the LCS, ROTPK hash value, target key factor, operator information and product information to obtain the derivation factor; based on the derivation factor and the root key plaintext to generate the target decryption of the target subsystem image key.

In a feasible implementation manner, the above-mentioned method further includes: storing, by a third storage unit, the above-mentioned multiple subsystem images and multiple security certificate chains corresponding to the above-mentioned multiple subsystem images respectively.

In a feasible implementation manner, after obtaining the target image plaintext of the target subsystem image, the method further includes: the processing unit overwrites the target key factor of the target subsystem image with the first key factor; Clearing the target decryption key; or overwriting the target decryption key with the security decryption key of the target subsystem image or the first preset value, where the security decryption key is generated according to the first key factor and the first key information.

In a feasible implementation manner, the above method further includes: providing, by the fourth storage unit, a storage space for running the plaintext of the target image.

In a third aspect, the present application provides a chip system, where the chip system includes the security processing device provided in any one of the implementation manners of the foregoing first aspect, for implementing the security described in any one of the foregoing second aspect The functions involved in the processing method flow. In a possible design, the chip system further includes a memory, and the memory is used for saving necessary or related program instructions and data of the above-mentioned security processing method. The chip system may be composed of chips, or may include chips and other discrete devices.

In a fourth aspect, an embodiment of the present application provides a terminal device, including the security processing device provided by any one of the implementations of the foregoing first aspect, and a discrete device coupled to the security processing device.

In a fifth aspect, the present application provides a computer storage medium, where the computer storage medium stores a computer program, and when the computer program is executed by a security processing device, implements the security processing method flow described in any one of the above-mentioned second aspects.

In a sixth aspect, an embodiment of the present invention provides a computer program, where the computer program includes instructions, when the computer program is executed by the security processing device, the security element can perform the security processing described in any one of the above-mentioned second aspects. method flow.

Description of drawings

1 is a schematic structural diagram of a security processing device provided by an embodiment of the present application;

2 is a schematic structural diagram of another security processing device provided by an embodiment of the present application;

3 is a schematic structural diagram of another security processing device provided by an embodiment of the present application;

4 is a schematic flowchart of a configuration flow of a target key factor of an operating system subsystem image provided by an embodiment of the present application;

5 is a schematic diagram of hierarchical division of a subsystem image of an operating system provided by an embodiment of the present application;

6 is a schematic diagram of hierarchical division of a subsystem image of another operating system provided by an embodiment of the present application;

7 is a schematic diagram of a derivation process of a target decryption key of each subsystem image provided by an embodiment of the present application;

FIG. 8 is a schematic flowchart of a security processing method provided by an embodiment of the present application.

Detailed ways

The embodiments of the present application will be described below with reference to the accompanying drawings in the embodiments of the present application. The term "subsystem image" in the description, claims and drawings of this application should be understood as the ciphertext of each subsystem image; at the same time, the term "first" in the description, claims and drawings of this application , "second", "third", "fourth" and "fifth" etc. are used to distinguish different objects, rather than to describe a specific order. Furthermore, the terms "comprising", "comprising" and "having", and any variations thereof, are intended to cover non-exclusive inclusion. For example, a process, method, system, product or device comprising a series of steps or units is not limited to the listed steps or units, but optionally also includes unlisted steps or units, or optionally also includes For other steps or units inherent to these processes, methods, products or devices. Reference herein to an "embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the present application. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor a separate or alternative embodiment that is mutually exclusive of other embodiments. It is explicitly and implicitly understood by those skilled in the art that the embodiments described herein may be combined with other embodiments.

The terms "component", "module", "system" and the like are used in this specification to refer to a computer-related entity, hardware, firmware, a combination of hardware and software, software, or software in execution. For example, a component may be, but is not limited to, a process running on a processor, a processor, an object, an executable, a thread of execution, a program, and/or a computer. By way of illustration, both an application running on a computing device and the computing device may be components. One or more components may reside within a process and/or thread of execution, and a component may be localized on one computer and/or distributed between 2 or more computers. In addition, these components can execute from various computer readable media having various data structures stored thereon. A component may, for example, be based on a signal having one or more data packets (eg, data from two components interacting with another component between a local system, a distributed system, and/or a network, such as the Internet interacting with other systems via signals) Communicate through local and/or remote processes.

First, some terms in this application will be explained so as to facilitate the understanding of those skilled in the art.

(1) A system on chip (SOC), also known as a system-on-chip, is an integrated circuit that includes a processor, memory, and on-chip logic.

(2) Life cycle status (LCS), which is used to indicate the current life cycle status of the SOC chip. LCS usually includes three modes: chip manufacturing (Chip Manufacture, CM) mode, device manufacturing (Device Manufacture, DM) mode and security (Secure Mode, SM) mode, corresponding to the three stages of chip production, complete machine production and commercial use.

(3) The key derivation function (KDF) is the key derivation function used in the encryption and decryption process. Its function is to derive key data from a shared secret bit serial port. The key derivation function acts on the secret bit string obtained by the key exchange to generate the required session key or key data required for further encryption.

(4) The root of trusted public key (ROTPK) is used to verify the signature generated by the private key in the operating system security certificate during the secure boot process of the operating system. Different equipment manufacturers The ROTPK used by the merchants is different.

(5) Operator information, which is used to provide information on network service providers. For example, in the terminal equipment using China Mobile and China Telecom, the operator information is correspondingly different.

(6) Product information, which is used to distinguish different models of products produced by the same equipment manufacturer.

(7) Operating system image, the operating system is a program that manages hardware and software resources on the terminal device, and the operating system image is a file containing the program; the operating system image includes multiple subsystem images, and the multiple subsystem images refer to each subsystem image ciphertext.

Please refer to FIG. 1. FIG. 1 is a schematic structural diagram of a security processing device provided by an embodiment of the present application. The security processing device 10 may include a processing unit 101, a security engine 102, a first storage unit 103, and a second storage unit 104. And the processing unit 101, the security engine 102, the first storage unit 103 and the second storage unit 104 may be integrated in the SOC chip. The processing unit 101 is configured to obtain a plurality of subsystem images of the operating system image for operating the operating system respectively. Further, the processing unit 101 may include multiple processors, and the multiple processors may be respectively used to drive the security engine 102 to obtain different subsystem images, and the processors may be a central processing unit (CPU) or other processing cores, The multiple processors may be heterogeneous processors, that is, processors of different types, and the specific implementation scheme of the processors is not described in this embodiment. The security engine 102 obtains one subsystem image of the above-mentioned multiple subsystem images at a time. The operating system image is a program in the non-volatile memory of the memory, and the operating system is, for example, an Android, Windows, or iOS system, which is not limited in this embodiment.

The first storage unit 103 is configured to store the first key information of the operating system image, where the first key information may include the root key ciphertext, the life cycle state LCS, and the root-of-trust public key ROTPK hash value , at least one of carrier information or product information. For example, the first key information is programmed into the first storage unit 103 during the production process of the security processing device 10, and cannot be changed thereafter to ensure the security of the first key information. Optionally, the first storage unit 103 may be a one-time programmable (one-time programmable, OTP) device, such as an electronic fuse eFuse or other memory with similar functions that can only be programmed once. For the ROTPK hash value included in the first key information, the hash value can be obtained by using a secure hash algorithm (SHA), such as SHA-256, or other hash algorithms, and different devices Manufacturers use different ROTPKs.

It should be understood that, in addition to the first key information (that is, the above five types) listed in the embodiments of the present application, during the operating system startup process, the first key information stored in the first storage unit 103 may also include the above five types of key information. One or more of these types and/or other than the above five types, which are not specifically limited in this embodiment of the present application.

The second storage unit 104 is configured to store the target key factor of the target subsystem image among the multiple subsystem images. Among the multiple subsystem images, one subsystem image corresponds to one key factor, and the keys of different subsystem images factors are different. Specifically, the second storage unit 104 only stores one key factor at a time, that is, stores the key factor (ie, the target key factor) of the subsystem image (ie, the target subsystem image) currently to be decrypted. The images are loaded in sequence, and the key factor in the second storage unit 104 will also change accordingly. Optionally, the second storage unit 104 may be a writable and readable storage unit, such as a register or random access memory (random access memory, RAM), such as static random access memory (static random access memory, SRAM), dynamic Random access memory (dynamic random access memory, DRAM) or synchronous dynamic random access memory (synchronous DRAM, SDRAM), double rate SDRAM (dual data rate SDRAM, DDR SDRAM), etc. The target subsystem image in this application refers to the subsystem image currently to be decrypted among the above-mentioned multiple subsystem images, and the target key factor refers to the key factor used to generate the target decryption key of the target subsystem image.

The security engine 102 is used to generate a target decryption key of the target subsystem image according to the first key information and the target key factor; and use the target decryption key to decrypt the target subsystem image to obtain the target of the target subsystem image. Mirror plaintext. Further, in a feasible implementation manner, the first key information stored in the first storage unit 103 may include root key ciphertext, LCS, ROTPK hash value, operator information and product information, a total of five , then for the target subsystem image to be decrypted currently, the process of generating the target key factor by the security engine 102 may be as shown in FIG. 7 : the security engine 102 first decrypts the root key ciphertext to obtain the root key plaintext, , ROTPK hash value, operator information, product information and target key factor are concatenated to obtain a derivation factor. Finally, based on KDF, the target decryption key of the target subsystem image is obtained according to the root key plaintext and the derivation factor. When the first key information stored in the first storage unit is different, the first key information obtained by the security engine 102 is also different; in addition, during the decryption process of each subsystem image, the security engine 102 generates a The first key information used in the decryption key of the image is the same. Optionally, the security engine 102 may execute software through hardware to implement any steps implemented by the security engine 102 described in the embodiments of the present application. Since the security engine 102 in the form of hardware is independent of the processing unit 101, it is dedicated to implementing related security. Processing, decryption, or verification functions, which help improve performance when decrypting operating system images.

In a feasible implementation manner, the security engine 102 may obtain the first key information from the first storage unit 103 when decrypting the first subsystem image of the operating system, and then save the first key information in the In the security engine 102; when decrypting the subsequent subsystem image, the first key information is no longer obtained from the first storage unit 103, but the first key information saved in the security engine 102 is used to generate the subsequent The decryption key for the subsystem image. Alternatively, the security engine 102 may also obtain the first key information from the first storage unit 103 before generating the decryption key of each subsystem image.

In a feasible implementation manner, the security engine 102 can obtain the target key factor of the target subsystem image from the second storage unit 104 by means of hard-wired transmission; The first key information is obtained from a storage unit 103 .

It can be seen that in this embodiment of the present application, during the decryption process of each subsystem image, the key factor of each subsystem image stored in the second storage unit 104 can only be read by the security engine 102 in a hard-wired manner, It cannot be read by software or other means, which can effectively prevent the key factor of each subsystem image from being leaked and used to decrypt the corresponding subsystem image, thereby effectively improving the security of the operating system image.

The processing unit 101 is further configured to run the plaintext of the target image. Specifically, after the security engine 102 decrypts the target image plaintext of the target subsystem image, the processing unit 101 obtains the target image plaintext and runs it to complete the loading of the target subsystem image. It should be understood that the loading of each subsystem image of the operating system includes: Decryption of each subsystem image, and operation of the plaintext of each subsystem image.

In a feasible implementation manner, during the startup process of the operating system, the above-mentioned multiple subsystem images are loaded serially, that is, one subsystem image is loaded at a time. Specifically, the processing unit 101 drives the security engine 102 to obtain the target subsystem image, the security engine 102 decrypts the target subsystem image to obtain the target image plaintext, and the processing unit 101 runs the target image plaintext; after the processing unit 101 runs the target image plaintext, The processing unit 101 continues to obtain the next subsystem image from the above-mentioned multiple subsystem images, the security engine 102 continues to decrypt the next subsystem image to obtain the next image plaintext of the next subsystem image, and the processing unit 101 executes the next subsystem image. The plaintext of the next image, where the next subsystem image is the subsequent subsystem image of the target subsystem image in the above-mentioned multiple subsystem images.

It can be seen that, in the embodiment of the present application, by configuring different key factors for different subsystem images, different decryption of each subsystem image can be generated according to the key factor and the first key information of each subsystem image key, that is, each subsystem image has a different decryption key during the decryption process. Therefore, when the decryption keys of some subsystem images in the operating system are leaked, since the decryption keys of each subsystem image are different, other subsystem images whose decryption keys have not been leaked cannot be decrypted, preventing the operating system from being completely attacked. Thereby improving the security of the operating system. Among them, since the first key information includes one or more of the root key ciphertext, the life cycle state LCS, the trusted root public key ROTPK hash value, the operator information and the product information, it can further ensure that different subsystems The decryption keys of each subsystem image generated by the image according to its corresponding key factor and the first key information are different. When the terminal device is in different life cycle states (such as chip manufacturing CM mode, device manufacturing DM mode and secure SM mode), its LCS value is different; the ROTPK of different device manufacturers is different, so the ROTPK hash value is also different; in the same way , the operator information or product information corresponding to terminal devices of different network operators or terminal devices of different models are also different. Therefore, the decryption key in the embodiment of the present application can effectively prevent the decryption key of the operating system image in a certain life cycle state from being leaked and be used to decrypt the operating system image in other life cycle states; at the same time, it can also prevent some devices from being leaked. The manufacturer's ROTPK is leaked and used to decrypt other device manufacturers' terminal device operating system images; and to prevent the same type of terminal device, or the decryption key of the same operator's terminal device operating system image from being leaked and used to decrypt other devices. Operating system images of terminal devices of different models or terminal devices using other operators, thus ensuring the independence of operating system images between terminal devices of different life cycle states, manufactured by different device manufacturers, using different operators, or different models , thereby improving the security of the operating system.

Please refer to FIG. 5 , which is a schematic diagram of hierarchical division of a subsystem image of an operating system according to an embodiment of the present application. It should be understood that the type of the subsystem image of the operating system and the hierarchical division method of the subsystem image of the operating system (including the specific number of layers, and the subsystem images included in each layer) are determined by the actual application scenario, and the embodiments of the present application are for this No specific limitation is made. Fig. 5 can be used as an example of the hierarchical division of the subsystem image of the operating system of the mobile terminal device. As shown in Fig. 5, the subsystem image of the operating system is divided into four layers: the first layer of subsystem image (Layer0: ROM image) , the ROM image is solidified in the read-only storage unit on the SOC or other storage units during the manufacturing process of the security processing device 10, and cannot be changed; the second-layer subsystem image (Layer1: bootloader image); third Layer subsystem images include Layer2-0: rich execution environment (REE) image, Layer2-1: Trusted execution environment (TEE) image, Layer2-2: Sensor hub Sensorhub image and Layer2- 3: Low-power Lowpower image; the fourth-layer subsystem image includes Layer3-0: Modem Modem image, Layer3-1: High-fidelity (HiFi) image and Layer3-2: Image signal processing (image signal processor, ISP) image, the four-layer subsystem images shown in Figure 5 are all sensitive to security and need to be decrypted.

The following will take FIG. 5 as an example to describe the startup process of the operating system in a feasible implementation manner: (1) The processing unit 101 first acquires a ROM image, and runs the ROM image. A subsystem image, stored in plaintext.

(2) After the processing unit 101 runs the ROM image, the processing unit 101 drives the security engine 102 to obtain the Bootloader image; the security engine 102 obtains the first key information and the Bootloader image from the first storage unit 103 and the second storage unit 104 respectively. key factor, and generate the decryption key of the Bootloader image according to the first key information and the key factor of the Bootloader image; the security engine 102 uses the decryption key of the Bootloader image to decrypt the Bootloader image to obtain the plaintext of the Bootloader image; processing unit 101 Get and run the plaintext of the Bootloader image.

The above is the specific process of loading the ROM image and the Bootloader image. Similarly, for the subsequent subsystem images, the processing unit 101 sequentially obtains the subsequent REE images, TEE images, Sensorhub images, Lowpower images, and Modem images in the sequence shown in FIG. 5 . , HiFi image and ISP image; the security engine 102 decrypts the above subsystem images according to the above sequence, to obtain the plaintext of each subsystem image; the processing unit 101 sequentially runs the decrypted plaintext of each subsystem image according to the above sequence. Among them, the Sensorhub image is the image related to sensor control, Lowpower is the image related to power management, Modem is the image related to communication, HiFi is the image related to audio, ISP is the image related to image and video, it should be noted that, On different products or terminal devices, other naming manners may also be used for the subsystem image that has the same function as the above-mentioned subsystem image, which is not specifically limited in this embodiment of the present application.

It can be seen that, in this embodiment of the present application, the security processing device 10 loads each subsystem image in sequence according to a preset order, so as to realize serial loading of the subsystem images during the operating system startup process, that is, each time a subsystem image is loaded, After the current subsystem image is loaded, the next subsystem image is loaded. In this case, if a subsystem image is attacked during the loading process, even if the subsystem image is cracked, other subsystem images are still safe, which can prevent the entire operating system from being cracked, thereby improving the operating system. Security during startup.

Please refer to FIG. 2. FIG. 2 is a schematic structural diagram of another security processing device 10 provided by an embodiment of the present application. The security processing device 10 includes the processing unit 101, the security engine 102, and the first storage unit 103 in FIG. 1 in addition to and the second storage unit 104, and perform the corresponding functions of the above-mentioned embodiment in FIG. 1, may also include a third storage unit 105, a fourth storage unit 106 and a fifth storage unit 107, and the fifth storage unit 107 The unit 101, the security engine 102, the first storage unit 103, and the second storage unit 104 are jointly integrated in the SOC chip. The third storage unit 105 is configured to store other subsystem images except the first subsystem image among the above-mentioned multiple subsystem images, and store multiple security certificate chains corresponding to each subsystem image respectively. Optionally, the third storage unit may include non-volatile memory (non-volatile memory), such as flash memory (flash memory), programmable read-only memory (programmable read-only memory, PROM), electrically rewritable memory Read-only memory (electrically alterable read only memory, EAROM), erasable programmable read only memory (EPROM), electrically erasable programmable read only memory (electrically erasable programmable read only memory, EEPROM), and Combinations of the types of memories described above may be included. The third storage unit 105 is used to permanently store the above-mentioned other subsystem images, multiple security certificate chains, and other data or programs that need to be maintained.

In a feasible implementation manner, the above-mentioned processing unit 101 acquires the target subsystem image, further comprising: the processing unit 101 acquires the target subsystem image from the third storage unit 105 or the read-only storage unit in the SOC, and converts the target subsystem image to the The system image is stored in the fourth storage unit 106, and this process is also called loading. For example, the processing unit 101 drives the security engine 102 to acquire the target subsystem image from the fourth storage unit 106 .

In a feasible implementation manner, before the security engine 102 generates the target decryption key of the target subsystem image according to the first key information and the target key factor, the security engine 102 obtains the target subsystem image from the security certificate chain or The target key factor is obtained from the decrypted image plaintext, and the target key factor is configured in the second storage unit 104. The above-mentioned decrypted image plaintext is that the security engine 102 decrypts the above-mentioned multiple subsystem images before decrypting the target subsystem image. obtained by mirroring other subsystems in the .

Further, in a feasible implementation manner, when the LCS in the first key information is SM, the processing unit 101 obtains the target security certificate chain from the third storage unit 105 and stores the target security certificate chain in the fourth The storage unit 106; the processing unit 101 drives the security engine 102 to verify the target security certificate chain. After the verification is passed, the processing unit 101 obtains the target password from the target security certificate chain of the fourth storage unit 106 or the decrypted image plaintext. key factor and configure the target key factor into the second storage unit 104; wherein, the target security certificate chain includes at least a first-level security certificate; it should be understood that, except for the target subsystem image, the security certificate chains of other subsystem images All also include at least a Level 1 security certificate. In addition, each level of security certificate in the security certificate chain corresponding to each subsystem mirror is verified level by level. When each level of security certificate in the security certificate chain of each subsystem mirror is verified, the security certificate of each subsystem mirror is verified. The verification of the chain passes accordingly.

Optionally, in a feasible implementation manner, when the LCS in the first key information is CM or DM, the verification of the target security certificate chain is not performed, that is, the processing unit 101 obtains from the third storage unit 105 The target security certificate chain is stored in the fourth storage unit 106; the processing unit 101 obtains the target key factor from the target security certificate chain in the fourth storage unit or the decrypted image plaintext and stores the target key factor configured into the second storage unit 104 .

In a feasible implementation, after the processing unit 101 runs the target image plaintext, the processing unit 101 overwrites the target key factor with the first key factor; the security engine 102 can clear the generated target decryption key, or use the target key factor The security decryption key of the subsystem image or the first preset value covers the target decryption key, and the security decryption key is generated according to the first key factor and the first key information. It should be noted that each subsystem image corresponds to a different first key factor, the first key factor of the target subsystem image can be any value except the target key factor, and the first preset value can be any different from the target key factor. The numerical value of the decryption key.

It can be seen that, in the embodiment of the present application, by using the first key factor to cover the target key factor, the target key factor can be prevented from being left in the process of loading the next subsystem image, ensuring that each subsystem image key factor is This ensures the security of the operating system image; at the same time, after decrypting the target subsystem image with the target decryption key, clearing or overwriting the target decryption key can prevent the target decryption key from leaking. It is then used to decrypt the system image, thereby further ensuring the security of the operating system image.

In a feasible implementation manner, the above-mentioned multiple subsystem images include a first subsystem image and a second subsystem image; during the startup process of the operating system, the first subsystem image is decrypted once, and the second subsystem image is decrypted once. Decrypt multiple times. Referring to FIG. 5 , FIG. 5 is a schematic diagram of hierarchical division of a subsystem image of an operating system of a mobile terminal device according to an embodiment of the present application. As shown in Figure 5, the subsystem images of the first layer, the second layer and the third layer are loaded once during the operating system startup process, which is the first subsystem image, and the subsystem image of the fourth layer is loaded during the operating system startup process. Loaded multiple times to mirror the second subsystem. The specific loading times of the second subsystem image is determined by the actual application scenario. For example, when the terminal device shown in Figure 5 is a mobile phone, after the Lowpower image is loaded, its Modem image starts to be loaded. After the loading is completed, the mobile phone has Communication function, when the user turns on the mobile phone in airplane mode, the communication function is unavailable. When the user turns off the airplane mode, the Modem image is loaded again, and the communication function of the mobile phone is restored. In this scenario, the Modem image is loaded twice; the same For ISP mirroring, when the user enables the camera on the mobile phone, the ISP mirroring starts to load. At this time, the terminal device has the function of video recording or photographing. When the user closes the camera program, the video recording or photographing function is unavailable. When the camera is turned on again, the ISP mirroring will be loaded again. It should be understood that for the second subsystem image, the key factor used in each loading process is the same.

It should be understood that the hierarchical division of the subsystem images shown in FIG. 5 is only a specific example given by the embodiment of the present application, and the loading order of the first subsystem image and the second subsystem image is determined according to specific scenarios or terminal devices.

In a feasible implementation manner, the security processing apparatus 10 may further include a fourth storage unit 106 for providing storage space for running the plaintext of the target image. Optionally, the fourth storage unit 106 may be a random access memory RAM or a power-down volatile storage device, such as static random access memory SRAM, dynamic random access memory DRAM or synchronous dynamic random access memory SDRAM, double rate SDRAM Wait. The fourth storage unit 106 is used to provide the space required for the execution of data or instructions.

In a feasible implementation manner, the security processing apparatus 10 may further include a fifth storage unit 107 , when the target subsystem image is the first subsystem image, the fifth storage unit 107 is used to back up the data in the second storage unit 104 data. Further, when the target subsystem mirror is the first subsystem mirror, the data in the second storage unit 104 can be changed in a monotonically increasing or monotonically decreasing manner, that is, the data written in the second storage unit 104 can only be The currently stored data is large or small. At this time, the fifth storage unit 107 can be used to back up the data in the second storage unit 104; when the target subsystem image is the second subsystem image, the second storage unit 104 writes The entered data can be any specified value, and is not affected by the current stored data. In this case, the data in the fifth storage unit 107 remains unchanged. Optionally, the fifth storage unit 107 may be the same memory as the second storage unit 104 .

Referring to FIG. 6 , FIG. 6 is a schematic diagram of hierarchical division of another subsystem image of an operating system provided by an embodiment of the present application. FIG. 6 may be a schematic diagram of the subsystem image level division of the operating system image of the monitor. The monitor starts the video recording function when it is powered on, so its ISP image has a higher priority, and its ISP image is deployed to the image in FIG. 6 . The second layer shown is loaded so that the video recording function can be turned on as soon as possible. As shown in Figure 6, the operating system includes N-layer subsystem images: the first-layer subsystem image (Layer0: ROM image); the second-layer subsystem image includes Layer1-0: Bootloader image and Layer1-1: Image signal processing ISP mirror; Layer 3 subsystem mirrors include Layer2-0: Rich Execution Environment REE mirror, Layer2-1: Trusted Execution Environment TEE mirror and Layer2-2: Lowpower mirror; Layer 4 subsystem mirror (Layer3: Modem mirror) ; F layer subsystem image (contained specific subsystem images are not shown); N-1 layer image includes M+1 subsystem images, wherein, from the fifth layer to the subsystems included in the N-1 layer Mirrors are not shown, and N and M are positive integers.

The following will take FIG. 6 as an example to describe in detail the startup process of the operating system in a feasible implementation manner: (1) The processing unit 101 first obtains a ROM image, and runs the ROM image, which is solidified inside the SOC. The first subsystem image is stored in plaintext; the fourth storage unit 106 provides storage space for the operation of the ROM image.

(2) After the processing unit 101 runs the plaintext of the ROM image, the processing unit 101 acquires the Bootloader image from the third storage unit 105, stores the Bootloader image in the fourth storage unit 106, and the processing unit 101 drives the security engine 102 from the fourth storage unit 106. Obtain the Bootloader image from the storage unit 106; the security engine 102 obtains the first key information from the first storage unit 103, if the first key information at this time includes the life cycle state LCS, and the LCS is SM, the security engine 102 needs Verify the safety certificate chain corresponding to the Bootloader image; the safety engine 102 obtains the safety certificate chain of the Bootloader image from the third storage unit 105 and stores it in the fourth storage unit 106, and the safety engine 102 starts to verify the Bootloader image. The safety certificate chain is verified; after the verification of the safety certificate chain of the Bootloader image is passed, the processing unit 101 obtains the key factor of the Bootloader image from the safety certificate chain of the Bootloader image or the ROM image, and configures it into the second storage In unit 104; the security engine 102 obtains the key factor of the Bootloader image from the second storage unit 104 by hard-wired, and generates the decryption key of the Bootloader image according to the key factor of the Bootloader image and the first key information; the security engine 102 decrypts the bootloader image by using the decryption key of the bootloader image to obtain the plaintext of the bootloader image; the processing unit 101 runs the plaintext of the bootloader image, and the fourth storage unit 106 provides storage space for the operation of the bootloader image.

The above takes the ROM image and the Bootloader image as examples to describe the specific loading process in detail. For each subsystem mirror that needs to be decrypted later, it is loaded one by one according to the sequence shown in FIG. 6 , which will not be repeated here.

Please refer to FIG. 4 . FIG. 4 is a schematic diagram of the configuration flow of the key factor of the operating system subsystem image. The process of changing data in the second storage unit 104 and the fifth storage unit 107 during the operating system startup process will be described below with reference to FIG. 4 . In a feasible implementation manner, the second storage unit 104 and the fifth storage unit 107 may be registers, and when the target subsystem mirror is the first subsystem mirror, the data in the second storage unit 104 is monotonically increasing When the processing unit 101 configures the second storage unit 104 to monotonically increase each time, the data in the second storage unit 104 is increased by a preset value K based on the current data, where the preset value K can be arbitrarily larger than A positive integer of 0. As shown in FIG. 4 , FIG. 4 includes three subsystem images, the A subsystem image and the C subsystem image are the first subsystem image, and the B subsystem image is the second subsystem image. The following will describe in detail the process of changing data in the second storage unit 104 and the fifth storage unit 107 during the sequential loading process of the above three subsystem images:

(1) When the A subsystem image is the currently loaded subsystem image, the A subsystem image at this time may also be called the target subsystem image. When the processing unit 101 starts to load the A subsystem image, the data stored in the second storage unit 104 and the fifth storage unit 107 is the first key factor saved in the previous subsystem image loading process. The processing unit 101 first takes out the first key factor in the fifth storage unit 107 of the previous subsystem image, adds nK to obtain the second key factor corresponding to the A subsystem image, and the first key factor of the A subsystem image. The second key factor is written into the second storage unit 104 and the fifth storage unit 107, and n is a positive integer greater than 0; wherein, when the previous subsystem mirror of the A subsystem mirror is the first subsystem mirror, the previous The first key factor in the second storage unit 104 and the fifth storage unit 107 of the subsystem mirror is the same; when the previous subsystem mirror of the A subsystem mirror is the second subsystem mirror, the The first key factors in the second storage unit 104 and the fifth storage unit 107 are different.

After the processing unit 101 writes the second key factor of the A subsystem image into the second storage unit 104 and the fifth storage unit 107, the processing unit 101 writes the second key factor of the A subsystem image and the A subsystem image according to the second key factor of the A subsystem image and the A subsystem image. The difference between the target key factors of the second storage unit 104 is configured to monotonically increase, and the above-mentioned preset value K is incremented each time, until the value in the second storage unit 104 is incremented to the target key factor of the A subsystem image, At this time, the processing unit 101 may also write the target key factor of the A subsystem image into the fifth storage unit 107 . For example, if the second key factor of the A subsystem image is 6, the target key factor is 12, and K is 2, the processing unit 101 can drive the second storage unit 104 to monotonically increase three times, each time increasing by 2, until The value in the second storage unit 104 becomes the target key factor 12 of the A subsystem mirror. After the processing unit 101 runs the image plaintext of the A subsystem image, the processing unit 101 uses the first key factor of the A subsystem image to overwrite the target key factor of the A subsystem image in the second storage unit 104 and the fifth storage unit 107 , specifically, the processing unit 101 configures the second storage unit 104 to monotonically increase according to the difference between the first key factor of the A subsystem image and the target key factor of the A subsystem image, until the second storage unit 104 The value of is incremented to the first key factor of the A subsystem image, and the processing unit 101 simultaneously writes the first key factor of the A subsystem image into the fifth storage unit 107 .

(2) When the processing unit 101 starts to load the B subsystem image, the B subsystem image may also be called the target subsystem image at this time. Since the B subsystem image is the second subsystem image, the processing unit 101 directly writes the target key factor of the B subsystem image into the second storage unit 104, and the data in the fifth storage unit 107 remains unchanged. is the first key factor of the A subsystem image. For example, if the first key factor corresponding to the A subsystem image is 16, and the target key factor of the B subsystem image is 10, at this time, the processing unit 101 writes the target key factor 10 of the B subsystem image into the second key factor In the storage unit 104, the data in the fifth storage unit 107 remains unchanged, and is still the first key factor 16 of the A subsystem image. After the processing unit 101 runs the image plaintext of the B subsystem image, the processing unit 101 writes the first key factor of the B subsystem image into the second storage unit 104 to cover the target key factor of the B subsystem image. The data in the fifth storage unit 107 remains unchanged, and is the first key factor of the mirror image of the A subsystem; wherein, the first key factor of the mirror image of the B subsystem can be other than the target key factor of the mirror image of the B subsystem any value.

(3) When the processing unit 101 starts to load the C subsystem image, the C subsystem image at this time may also be called the target subsystem image. Since the C subsystem image is the first subsystem image, it can be known from the above loading process of the B subsystem image that the second storage unit 104 stores the first key factor of the B subsystem image, and the fifth storage unit 107 stores the first key factor of the B subsystem image. Stored in is the first key factor of the A subsystem image. The steps for the subsequent processing unit 101 to configure the target key factor of the C subsystem image are the same as the corresponding steps in the A subsystem image loading process, which will not be repeated here.

It should be noted that during the loading process of the B subsystem image, the data in the fifth storage unit 107 remains unchanged, which is the first key factor of the A subsystem image. When the C subsystem image starts to be loaded, the processing unit 101 stores the first key factor. The first key factor of the mirror image of the A subsystem in the fifth storage unit 107 is taken out, and mK is added to obtain the second key factor of the mirror image of the C subsystem, and the second key factor of the mirror image of the C subsystem is written into the In the second storage unit 104 and the fifth storage unit 107, m is a positive integer greater than 0; then on the basis of the second key factor of the C subsystem image, the processing unit 101 begins to configure the second storage unit 104 to monotonically increase data changes locally.

It can be seen that in this embodiment of the present application, the data in the second storage unit 104 is backed up by the fifth storage unit 107, and during the loading process of multiple non-consecutive first subsystem images, the keys of each subsystem image The factor can be continuously monotonically increased, and the key factor of the loaded first subsystem image will not appear again in the subsequent loading process of the first subsystem image, which can effectively prevent the leakage of the key factor and improve the system during the startup of the operating system. Mirror security.

It should be understood that the above-mentioned second storage unit 104 stores the key factors of each subsystem image in a monotonically increasing manner, in order to ensure that the key factors of each subsystem image are different, thereby ensuring that different subsystem images correspond to different decryption encryption keys. key, and different subsystem images use different decryption keys for decryption. Meanwhile, the above-mentioned monotonically increasing manner is only an example listed in the embodiment of the present application, and those skilled in the art may also adopt other manners, such as monotonically decreasing manner, to ensure that different subsystem images correspond to different key factors, Therefore, different subsystem images are decrypted using different decryption keys, which is not specifically limited in this embodiment of the present application.

In a possible implementation manner, please refer to FIG. 3 . FIG. 3 is a schematic structural diagram of yet another security processing device 10 provided by an embodiment of the present invention, as a partial function of the security processing device 10 in FIG. 1 or FIG. 2 . Refinement of modules. As shown in FIG. 3 , the security engine 102 may include a first engine 1021 , a key management module 1022 and a second engine 1023 . The first engine 1021 is configured to verify the target security certificate chain of the target subsystem image. The key management module 1022 is used to decrypt the root key ciphertext in the first key information to obtain the root key plaintext; then at least one of LCS, ROTPK hash value, operator information, product information and the target The key factors are spliced to obtain a derivation factor; finally, based on the KDF, the target decryption key of the target subsystem image is obtained according to the root key plaintext and the derivation factor. The second engine 1023 is configured to obtain the target subsystem image and the target decryption key, and use the target decryption key to decrypt the target subsystem image to obtain the target image plaintext.

Please refer to FIG. 8. FIG. 8 is a schematic flowchart of a security processing method provided by an embodiment of the present invention. The security processing method is applicable to any security processing device in the above-mentioned FIG. 1 to FIG. 3 and including the above-mentioned security processing device. device of. The method may include the following steps S801-S803, wherein, in step S801, a processing unit is used to separately acquire a plurality of subsystem images of an operating system image used for operating the operating system. Step S802: the first storage unit stores the first key information of the operating system image, where the first key information includes the root key ciphertext, the life cycle state LCS, the root-of-trust public key ROTPK hash value, and the operator information or at least one of Product Information. Step S803: the second storage unit stores the target key factor of the target subsystem image in the multiple subsystem images; in the multiple subsystem images, one subsystem image corresponds to one key factor, and the keys of different subsystem images factors are different. Step S804: the security engine generates the target decryption key of the target subsystem image according to the first key information and the target key factor; and uses the target decryption key to decrypt the target subsystem image to obtain the target of the target subsystem image. Mirror plaintext. Step S805: Run the target image plaintext by the processing unit.

It should be noted that, for the specific flow of the security processing method described in the embodiments of the present application, reference may be made to the relevant descriptions in the application embodiments described in the foregoing FIG. 1 to FIG. 3 , and details are not repeated here.

The embodiment of the present application further provides a computer storage medium, wherein the computer storage medium can store a computer program, when part of the program in the computer program is executed by the processing unit 101, the processing unit 101 can execute the above method embodiments Part or all of any one of the steps implemented by the processing unit 101 described in; when part of the program in the computer program is executed by the processing unit 101, the processing unit 101 can also be caused to drive the security engine 102 to execute the above method embodiments Some or all of any of the steps described in and implemented by the security engine 102. The above-mentioned computer storage medium may be the third storage unit 105 in the embodiment of the present application, or a read-only storage unit for storing a ROM image.

Embodiments of the present application also provide a computer program, where the computer program includes instructions. When part of the program in the computer program is executed by the processing unit 101, the processing unit 101 may execute any part or all of the steps implemented by the processing unit 101 as described in the above method embodiments; When part of the program is executed by the processing unit 101, the processing unit 101 may also be caused to drive the security engine 102 to execute any part or all of the steps implemented by the security engine 102 as described in the above method embodiments.

In the above-mentioned embodiments, the description of each embodiment has its own emphasis. For parts that are not described in detail in a certain embodiment, reference may be made to the relevant descriptions of other embodiments. It should be noted that, for the sake of simple description, the foregoing method embodiments are all expressed as a series of action combinations, but those skilled in the art should know that the present application is not limited by the described action sequence. Because in accordance with the present application, certain steps may be performed in other orders or concurrently. Secondly, those skilled in the art should also know that the embodiments described in the specification are all preferred embodiments, and the actions and modules involved are not necessarily required by the present application.

In the several embodiments provided in this application, it should be understood that the disclosed apparatus may be implemented in other manners. For example, the device embodiments described above are only illustrative. For example, the division of the above-mentioned units is only a logical function division. In actual implementation, there may be other division methods. For example, multiple units or components may be combined or integrated. to another system, or some features can be ignored, or not implemented. On the other hand, the shown or discussed mutual coupling or direct coupling or communication connection may be through some interfaces, indirect coupling or communication connection of devices or units, and may be in electrical or other forms.

The units described above as separate components may or may not be physically separated, and components shown as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution in this embodiment.

As mentioned above, the above embodiments are only used to illustrate the technical solutions of the present application, but not to limit them; although the present application has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand: The technical solutions described in the embodiments are modified, or some technical features thereof are equivalently replaced; and these modifications or replacements do not make the essence of the corresponding technical solutions deviate from the spirit and scope of the technical solutions in the embodiments of the present application.

Claims

A security processing device is characterized by comprising a processing unit, a security engine, a first storage unit and a second storage unit; wherein,

The processing unit is configured to obtain a plurality of subsystem images of the operating system image used for operating system startup respectively;

The first storage unit is used to store the first key information of the operating system image, where the first key information includes the root key ciphertext, the life cycle state LCS, and the root-of-trust public key ROTPK hash value , at least one of carrier information or product information;

The second storage unit is used to store the target key factor of the target subsystem image in the multiple subsystem images; among the multiple subsystem images, one subsystem image corresponds to one key factor, and different subsystem images correspond to one key factor. different key factors;

The security engine is configured to generate a target decryption key of the target subsystem image according to the first key information and the target key factor; and use the target decryption key to decipher the target subsystem image. Decrypting to obtain the target image plaintext of the target subsystem image;

The processing unit is further configured to run the plaintext of the target image.
The security processing device according to claim 1, wherein the security engine is configured to continue to decrypt the next subsystem image after decrypting the target subsystem image to obtain the target image plaintext to obtain the next image plaintext of the next subsystem image, where the next subsystem image is a subsequent subsystem image of the target subsystem image in the plurality of subsystem images.
The security processing device according to claim 2, wherein the processing unit is specifically configured to:

obtaining the target subsystem image from the plurality of subsystem images;

run the target image plaintext;

After running the target image plaintext, continue to acquire the next subsystem image from the multiple subsystem images;

Run the next image plaintext.
The security processing device according to any one of claims 1-3, wherein the processing unit is further configured to:

obtaining the target security certificate chain of the target subsystem image; among the multiple subsystem images, one subsystem image corresponds to one security certificate chain;

Obtain the target key factor from the target security certificate chain or the decrypted image plaintext, and configure the target key factor to the second storage unit, and the decrypted image plaintext is in the decryption process. The target subsystem image is obtained by decrypting other subsystem images in the plurality of subsystem images by the security engine.
The security processing device according to claim 4, wherein the security processing device further comprises:

The third storage unit is configured to store the multiple subsystem images and multiple security certificate chains corresponding to the multiple subsystem images respectively.
The security processing device according to any one of claims 1-5, wherein the security engine is specifically used for:

Decrypt the root key ciphertext to obtain the root key plaintext;

Obtain a derivation factor according to at least one of the LCS, the ROTPK hash value, the target key factor, the operator information or the product information;

The target decryption key is generated based on the derivation factor and the root key plaintext.
The security processing device according to claims 1-6, characterized in that:

The processing unit is further configured to overwrite the target key factor with the first key factor after running the target image plaintext;

The security engine is further configured to clear the target decryption key; or use the security decryption key of the target subsystem image or the first preset value to overwrite the target decryption key, the security decryption key according to The first key factor and the first key information are generated.
The security processing apparatus according to any one of claims 1-7, wherein the plurality of subsystem images include a first subsystem image and a second subsystem image;

During the startup of the operating system, the first subsystem image is decrypted once, and the second subsystem image is decrypted multiple times.
The security processing device according to any one of claims 1-8, wherein the security processing device further comprises:

The fourth storage unit is configured to provide storage space for running the plaintext of the target image.
A security processing method, characterized in that the method comprises:

Acquiring, through the processing unit, respectively, multiple subsystem images of the operating system image used for operating the operating system;

The first key information of the operating system image is stored by the first storage unit, and the first key information includes the root key ciphertext, the life cycle state LCS, the trusted root public key ROTPK hash value, and operator information or at least one of the product information;

The second storage unit stores the target key factor of the target subsystem image in the multiple subsystem images; among the multiple subsystem images, one subsystem image corresponds to one key factor, and the key factors of different subsystem images different;

A target decryption key of the target subsystem image is generated by the security engine according to the first key information and the target key factor; and the target subsystem image is decrypted by using the target decryption key, to obtaining the target image plaintext of the target subsystem image;

The target image plaintext is executed by the processing unit.
The security processing method according to claim 10, wherein the method further comprises:

After the security engine decrypts the target subsystem image to obtain the target image plaintext, the security engine continues to decrypt the next subsystem image to obtain the next image of the next subsystem image plaintext, the next subsystem image is a subsequent subsystem image of the target subsystem image among the plurality of subsystem images.
The security processing method according to claim 11, wherein the obtaining, by the processing unit, respectively, the multiple subsystem images of the operating system image used for operating the operating system comprises: the processing unit mirrors images from the multiple subsystems Obtain the target subsystem image from the system; after running the target image plaintext, the processing unit continues to obtain the next subsystem image from the multiple subsystem images;

After the processing unit runs the target image plaintext, the method further includes: running the next image plaintext.
The security processing method according to any one of claims 10-12, wherein the method further comprises:

obtaining the target security certificate chain of the target subsystem image by the processing unit; among the multiple subsystem images, one subsystem image corresponds to one security certificate chain;

The processing unit obtains the target key factor from the target security certificate chain or the decrypted image plaintext, and configures the target key factor into the second storage unit.
The security processing method according to any one of claims 10-13, wherein the security engine generates the target subsystem image according to the first key information and the target key factor target decryption key, including:

Decrypt the root key ciphertext to obtain the root key plaintext; according to the LCS, the ROTPK hash value, one of the target key factor, the operator information and the product information or A derivation factor is obtained by splicing a plurality of them, and a target decryption key of the target subsystem image is generated based on the derivation factor and the plaintext of the root key.
The security processing method according to claim 14, wherein the method further comprises:

The plurality of subsystem images and the plurality of security certificate chains respectively corresponding to the plurality of subsystem images are stored by the third storage unit.
The security processing method according to any one of claims 10-15, wherein after obtaining the target image plaintext of the target subsystem image, the method further comprises:

overwriting the target key factor of the target subsystem image with the first key factor by the processing unit;

The target decryption key is cleared by the security engine; or the target decryption key is overwritten with the security decryption key of the target subsystem image or the first preset value, and the security decryption key is based on the first preset value. A key factor and the first key information are generated.
The security processing method according to any one of claims 10-16, wherein the multiple subsystem images include a first subsystem image and a second subsystem image;

During the startup of the operating system, the first subsystem image is decrypted once, and the second subsystem image is decrypted multiple times.
The security processing method according to any one of claims 10-17, wherein the method further comprises:

The fourth storage unit provides storage space for running the plaintext of the target image.