CN110287707B - Image forming apparatus and firmware upgrading method of security management module thereof - Google Patents

Image forming apparatus and firmware upgrading method of security management module thereof Download PDF

Info

Publication number
CN110287707B
CN110287707B CN201910579034.3A CN201910579034A CN110287707B CN 110287707 B CN110287707 B CN 110287707B CN 201910579034 A CN201910579034 A CN 201910579034A CN 110287707 B CN110287707 B CN 110287707B
Authority
CN
China
Prior art keywords
management module
security management
imaging control
control module
firmware upgrade
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910579034.3A
Other languages
Chinese (zh)
Other versions
CN110287707A (en
Inventor
覃祖料
张军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhuhai Pantum Electronics Co Ltd
Original Assignee
Zhuhai Pantum Electronics Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhuhai Pantum Electronics Co Ltd filed Critical Zhuhai Pantum Electronics Co Ltd
Priority to CN201910579034.3A priority Critical patent/CN110287707B/en
Publication of CN110287707A publication Critical patent/CN110287707A/en
Application granted granted Critical
Publication of CN110287707B publication Critical patent/CN110287707B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/572Secure firmware programming, e.g. of basic input output system [BIOS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)

Abstract

The invention relates to an image forming device, a firmware upgrading method of a security management module and a storage medium, wherein the image forming device comprises an imaging control module and the security management module; the imaging control module is configured to receive the firmware upgrade package after obtaining the authorization information of the security management module when the first device sends the firmware upgrade package to the imaging control module, and send the received firmware upgrade package to the security management module; the security management module is configured to monitor the imaging control module before the imaging control module receives the firmware upgrade package sent by the first device, send authorization information to the imaging control module when confirming that the imaging control module meets preset security conditions, and receive the firmware upgrade package sent by the imaging control module and store the firmware upgrade package in the memory, wherein the memory is configured to store operating firmware of the security management module. The image forming device can solve the potential safety hazard problem existing in upgrading the firmware of the safety management module.

Description

Image forming apparatus and firmware upgrading method of security management module thereof
Technical Field
The present invention relates to the field of image forming technologies, and in particular, to an image forming apparatus and a firmware upgrading method for a security management module thereof.
Background
With the development of imaging technology, image forming apparatuses are increasingly used in offices and daily life, and common image forming apparatuses include, but are not limited to, printers, copiers, scanners, facsimile machines, or multifunctional printers integrating one or more of printing, copying, scanning, and facsimile functions. In the prior art, in order to make information security more controllable, the image forming device can set up a security management chip to monitor the operation of the image forming device in the whole course, security management firmware is stored in the security storage chip, the security management firmware can be possibly upgraded when needed, and when the firmware of the security management chip is upgraded, data is easy to tamper, so that the security of the data is threatened.
Disclosure of Invention
The embodiment of the invention provides an image forming device, a firmware upgrading method of a security management module and a storage medium, which can solve the problem of potential safety hazards when the firmware of the security management module is upgraded.
In a first aspect, an embodiment of the present invention provides an image forming apparatus, including an imaging control module and a security management module;
The imaging control module is configured to receive the firmware upgrade package after obtaining authorization information of the security management module when the first device sends the firmware upgrade package to the first device, and send the received firmware upgrade package to the security management module, wherein the firmware upgrade package is a firmware upgrade package for the security management module to operate;
the security management module is configured to monitor the imaging control module before the imaging control module receives the firmware upgrade package sent by the first device, send the authorization information to the imaging control module when confirming that the imaging control module meets a preset security condition, receive the firmware upgrade package sent by the imaging control module, and store the firmware upgrade package in a memory, wherein the memory is configured to store operation firmware of the security management module.
Optionally, the imaging control module sends the firmware upgrade package to the security management module through a USB interface thereof.
Optionally, the imaging control module is further configured to control the running state of the security management module to return to a boot state before sending the firmware upgrade package to the security management module, and control the boot state to be maintained at least until the security management module receives the firmware upgrade package successfully.
Optionally, the security management module includes a first interface, and when the security management module is further configured to be in a non-boot state, if the first interface receives a first predetermined level signal, the running state of the security management module returns to the boot state;
the imaging control module returns the running state of the safety management module to the guiding state by sending the first preset level signal to the first interface.
Optionally, the security management module sends a guiding state return instruction to the security management module through a communication interface of the security management module so that the running state of the security management module returns to the guiding state.
Optionally, the security management module is connected to the reset port of the imaging control module, the security management module is further configured to control the reset signal of the imaging control module to remain valid when the security management module is in the guiding state, and the imaging control module is further configured to release the control of the reset signal of the imaging control module by the security management module before the security management module is controlled to return to the guiding state, so that the imaging control module does not reset after the security management module is changed to the guiding state under the control of the imaging control module.
Optionally, the imaging control system further comprises an analog switch circuit, wherein the analog switch circuit is connected between the reset port of the imaging control module and the safety management module, and the imaging control module releases the control of the safety management module on the reset signal of the imaging control module by controlling the analog switch circuit to be disconnected.
Optionally, the analog switch circuit includes a first switch, a first resistor, a second resistor, a third resistor, a first voltage source and a second voltage source, the imaging control module further includes a first port, the safety management module further includes a second port, a first end of the first switch is connected with the first port through the first resistor and sequentially connected with the first voltage source through the first resistor and the second resistor, a second end of the first switch is connected with the second port of the safety management module and connected with the second voltage source through the third resistor, and a third end of the first switch is connected with a reset port of the imaging control module;
when the first port of the imaging control module sends a second preset level signal to the first end of the first switch, the second end and the third end of the first switch are disconnected.
Optionally, the system further comprises an initial state control circuit, wherein the initial state control circuit is connected between the second interface of the safety management module and the analog switch circuit, and the safety management module enables the reset signal of the imaging control module to be valid when the safety management module is in a guiding state through the initial state control circuit.
In a second aspect, an embodiment of the present invention provides a firmware upgrade method of a security management module of an image forming apparatus, the method including:
the method comprises the steps that first equipment sends a firmware upgrade package to an imaging control module, wherein the firmware upgrade package is used for running of a security management module;
the security management module monitors the imaging control module, and when judging that the imaging control module accords with a preset security condition, the security management module sends authorization information to the imaging control module;
the imaging control module receives the firmware upgrade package sent by the first device after acquiring the authorization information and sends the received firmware upgrade package to the security management module;
the security management module stores the received firmware upgrade package in a memory, wherein the memory is configured to store firmware operated by the security management module.
Optionally, the imaging control module sends the firmware upgrade package to the security management module through a USB interface thereof.
Optionally, before the imaging control module sends the firmware upgrade package to the security management module, the method further includes:
the imaging control module controls the running state of the security management module to be changed into a guiding state, and controls the guiding state to be maintained at least until the security management module receives the firmware upgrade package successfully.
Optionally, the security management module includes a first interface, and the imaging control module changes the operation state of the security management module to the boot state by sending a first predetermined level signal to the first interface.
Optionally, the security management module sends a guiding state return instruction to the security management module through a communication interface of the security management module, so that the running state of the security management module returns to the guiding state.
Optionally, before the imaging control module returns the running state of the security management module to the boot state, the method further comprises: the imaging control module releases the control of the safety management module on the reset signal of the imaging control module.
In a third aspect, an embodiment of the present invention provides a storage medium, where the storage medium includes a stored program, where the program, when executed, controls a device in which the storage medium is located to execute the above method.
In a fourth aspect, an embodiment of the present invention provides an image forming apparatus including a memory for storing information including program instructions and a processor for controlling execution of the program instructions, which when loaded and executed by the processor, implement the steps of the above method.
It can be understood that when the running firmware of the security management module needs to be upgraded, the firmware is not upgraded by directly receiving the firmware through the security management module, but is upgraded by receiving the firmware upgrade package through the imaging control module and then sending the firmware upgrade package to the security management module.
Drawings
The invention will be further described with reference to the drawings and examples.
Fig. 1 is a schematic block diagram of an image forming apparatus provided in an embodiment of the present invention;
FIG. 2 is a further schematic block diagram of an image forming apparatus according to an embodiment of the present invention;
fig. 3 is a circuit diagram of an image forming apparatus according to an embodiment of the present invention;
fig. 4 is a circuit diagram of an image forming apparatus according to another embodiment of the present invention;
FIG. 5 is a flowchart of a firmware upgrade method of a security management module of an image forming apparatus according to an embodiment of the present invention;
fig. 6 is a schematic block diagram of an image forming apparatus provided in an embodiment of the present invention.
DETAILED DESCRIPTION OF EMBODIMENT (S) OF INVENTION
For a better understanding of the technical solution of the present invention, the following detailed description of the embodiments of the present invention refers to the accompanying drawings.
It should be understood that the described embodiments are merely some, but not all, embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The terminology used in the embodiments of the invention is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in this application and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should be understood that the term "and/or" as used herein is merely one relationship describing the association of the associated objects, meaning that there may be three relationships, e.g., a and/or B, may represent: a exists alone, A and B exist together, and B exists alone. In addition, the character "/" herein generally indicates that the front and rear associated objects are an "or" relationship.
Referring to fig. 1, an embodiment of the present invention provides an image forming apparatus that represents an apparatus that prints print data generated by, for example, a computer on a recording medium such as a printing paper. Examples of the image forming apparatus include a copier, a printer, a facsimile machine, a scanner, and a multi-functional peripheral that performs the above functions in a single device. The image forming apparatus includes an imaging control module 1 and a security management module 2.
The imaging control module 1 is configured to receive a firmware upgrade package after obtaining authorization information of the security management module 2 when the first device 3 transmits the firmware upgrade package thereto, and transmit the received firmware upgrade package to the security management module 2, wherein the firmware upgrade package is a firmware upgrade package for the security management module 2 to operate.
The security management module 2 is configured to monitor the imaging control module 1 before the imaging control module 1 receives the firmware upgrade package transmitted by the first device 3, transmit authorization information to the imaging control module 1 when confirming that the imaging control module 1 meets a preset security condition, and receive the firmware upgrade package transmitted by the imaging control module 1 and store the firmware upgrade package in a memory, wherein the memory is configured to store the operating firmware of the security management module 2.
It can be understood that when the running firmware of the security management module 2 needs to be upgraded, the firmware is not upgraded by directly receiving the firmware through the security management module 2, but is upgraded by receiving the firmware upgrade package first by the imaging control module 1 and then sending the firmware upgrade package to the security management module 2, and because the imaging control module 1 and the corresponding running activities thereof are monitored by the security management module 2 in each stage, the firmware upgrade package can be effectively prevented from being changed by illegal molecules at will by adopting the mode, and the security of the firmware running on the security chip is ensured.
The image forming apparatus and its constituent parts and operation principle will be described in detail.
An imaging control module 1, for example, a SoC (System on Chip) configured to control an imaging processing operation of the image forming apparatus; the imaging control module 1 is configured to perform processing operations related to data transceiving, command transceiving, and engine control, for example, how to transceiving data, commands, status, etc. by an application calling an interface unit (including but not limited to a USB port, a wired network port, a wireless network port, etc.), and also obtain received print parameters by an application and parse the received print parameters into commands for controlling an engine mechanism to perform specific functions, for example, LSU exposure parameters, pick-up roller rotation parameters, etc.; in addition, for an image forming apparatus having a user authority authentication or encryption/decryption processing function, the imaging control module 1 is further configured to be able to execute the user authority authentication or encryption/decryption processing function; the interface unit in the image forming apparatus is also capable of receiving print job data and print, scan, fax commands from the driving apparatus, or transmitting scan, fax data, print, scan, fax status information, etc., and the security management module 2 exchanges information of predetermined security rules, logs, etc. with the external security monitoring server.
A security management module 2 (also called a trusted computing and supervising module), such as a security chip, for monitoring the operation activities corresponding to the imaging control module 1 in the image forming apparatus; the trusted computing (Trusted Computing) in the security management module 2 is used for security of behavior and is widely used in computer and communication systems to improve the security of the system as a whole. Information security includes four aspects: device security, data security, content security, and behavioral security; in order to further improve the behavior security characteristics of the image forming apparatus, the present embodiment introduces a trusted computing function; the functional modules corresponding to the trusted computing and supervising module mentioned in this embodiment include four functions: program (or module) start/run monitoring functions (e.g., whitelist policies), registration functions, auditing functions, upgrade monitoring functions; the specific implementation mode of the trusted computing supervision module can be hardware (such as a security chip), software (such as program code with the functions in the four modes), or a combination mode of software and hardware (such as a security chip combined with a security code); taking the implementation of program code as an example: the security management module 2 comprises a drive layer supervisor and an application layer supervisor; the drive layer supervisor is responsible for supervising the drive layer module of the image forming device operating system (such as a Linux system), the application layer supervisor is responsible for supervising the application layer program of the image forming device, and the trusted computing supervisor only allows to run the drive and the program within the scope of the white list; drivers and programs that are not within the white list are not allowed to run; the trusted computing supervisor may record or report security event behavior occurring on the image forming device; thus, the trusted computing supervisor comprehensively supervises the driving layer and the application layer of the image forming device, and can effectively prevent unsafe behaviors of the application program and the device driver.
The first device 3 may be a device having a function of transmitting and receiving information, such as a PC (personal computer ), a tablet computer, or a mobile phone, and in this embodiment, the first device 3 is a computer.
The memory is a memory built in the security management module 2, and is a nonvolatile memory such as NOR flash (flash memory), NAND flash (flash memory), EEPROM (erasable programmable read only memory), FRAM (ferroelectric memory), MRAM (magnetic RAM), NVSRAM (nonvolatile static memory), and the like.
Referring to fig. 2, the imaging control module 1 is connected to the first Device 3 and the security management module 2, in this embodiment, the imaging control module 1 is connected to a USB interface (such as the USB interface shown in fig. 2) of the security management module 2 through a USB (Universal Serial Bus ) interface (such as the Host interface shown in fig. 2) for sending a firmware upgrade package to the security management module 2, and the imaging control module 1 is further connected to the first Device 3 (such as a computer) through another USB interface (such as the USB Device interface shown in fig. 2) for receiving the firmware upgrade package sent by the first Device 3. It can be understood that the imaging control module 1 realizes the receiving and transmitting of firmware through the USB interface, without occupying the resources of the SPI (Serial Peripheral Interface ) or I2C (Inter-Integrated Circuit) type interfaces of the imaging control module 1, and maximally utilizing the interface resources.
Optionally, to improve reliability of firmware upgrade, the security management module 2 is configured to perform firmware upgrade only in the boot state, and the imaging control module 1 is further configured to control the running state of the security management module 2 to return to the boot state before sending the firmware upgrade package to the security management module 2, and to control the boot state to be maintained at least until the security management module 2 receives the firmware upgrade package successfully.
The security management module 2 comprises a first interface, and when the security management module 2 is further configured to return the running state of the security management module 2 to the booted state if the first interface receives a first predetermined level signal when it is in the non-booted state.
Based on the above description, alternatively, the control of the imaging control module 1 to return the operation state of the security management module 2 to the guidance state may be achieved by:
mode one: the imaging control module 1 returns the operation state of the security management module 2 to the guidance state by sending a first predetermined level signal to the first interface.
Specifically, referring to fig. 3, in this embodiment, the first predetermined level signal is a low level signal, the imaging control module 1 and the security management module 2 further include GPIO2 interfaces, the GPIO2 interface of the imaging control module 1 is connected with the GPIO2 interface of the security management module 2, after the imaging control module 1 obtains the authorization information of the security management module 2, before the imaging control module 1 sends the received firmware upgrade package to the security management module 2, the GPIO2 interface of the imaging control module 1 sends the low level signal to the GPIO2 interface of the security management module 2, so that the security management module 2 returns to the boot state (boot state), and then the imaging control module 1 sends the firmware upgrade package to the security management module 2, and the security management module 2 stores the received firmware upgrade package in a memory therein to complete the firmware upgrade.
Mode two: the security management module 2 sends a guidance state return instruction to the security management module 2 through the communication interface thereof so that the running state of the security management module 2 returns to the guidance state.
Specifically, referring to fig. 4, in this embodiment, the communication interface is specifically an SPI interface, as shown in fig. 4, where the imaging control module 1 is connected to the security management module 2 through 1 SPI bus, and the SPI bus is used to implement the dynamic measurement of the imaging control module 1 by the security management module 2 and the transmission of control commands (such as a guidance state return command) between the security management module 2 and the imaging control module 1.
Further, the security management module 2 is connected to a reset port of the imaging control module 1, and the security management module 2 is further configured to control the reset signal of the imaging control module 1 to remain active when it is in the booted state. It should be understood that, the security management module 2 is further configured to control the reset signal of the imaging control module 1 to remain active when the security management module is in the boot state, so that the imaging control module 1 is always in the reset state before the security chip enters the program running state, thereby implementing the monitoring of the whole process of the imaging control module 1 by the security management module 2. After the imaging control module 1 controls the security management module 2 to enter the guiding state, the security management module 2 controls the imaging control module 1 to reset, at this time, the imaging control module 1 cannot upgrade the firmware of the security management module 2, and as such, the imaging control module 1 is further configured to release the control of the security management module 2 on the reset signal of the imaging control module 1 before the imaging control module 1 controls the security management module 2 to return to the guiding state, so that the imaging control module 1 does not reset after the security management module 2 changes to the guiding state under the control of the imaging control module 1, so that the imaging control module 1 can perform the operation of sending the firmware upgrade package to the security management module 2, thereby realizing the upgrade of the firmware of the security management module 2.
Further, referring to fig. 2 to fig. 4 again, the image forming apparatus further includes an analog switch circuit 4, the analog switch circuit 4 is connected between the RESET end (e.g. reset# in fig. 3) of the imaging control module 1 and the security management module 2, and the imaging control module 1 releases the control of the security management module 2 on the RESET signal of the imaging control module 1 by controlling the analog switch circuit 4 to be turned off, and it should be noted that, in a default case, the analog switch circuit 4 is in a conductive state.
Specifically, the analog switch circuit 4 includes a first switch Q1, a first resistor R1, a second resistor R2, a third resistor R3, a first voltage source (+3.3v) and a second voltage source (+3.3v), the imaging control module 1 further includes a first port (GPIO 49 port), the security management module 2 further includes a second port (GPIO 4 port), the first end of the first switch Q1 is connected to the first port through the first resistor R1 and sequentially connected to the first voltage source through the first resistor R1 and the second resistor R2, the second end of the first switch Q1 is connected to the second interface of the security management module 2 and connected to the second voltage source through the third resistor R3, and the third end of the first switch Q1 is connected to the reset port of the imaging control module 1; when the first port of the imaging control module 1 transmits the second predetermined level signal to the first terminal of the first switch Q1, the second terminal and the third terminal of the first switch Q1 are disconnected.
More specifically, the first switch Q1 includes a metal-oxide-semiconductor (MOS) transistor, and a gate, a source and a drain of the MOS transistor respectively correspond to a first terminal, a second terminal and a third terminal of the first switch Q1. In this embodiment, the first switch Q1 may be an N-type MOS transistor, and it is easy to understand that when the first switch Q1 is an N-type MOS transistor, the gate of the first switch Q1 is controlled by the first voltage source (+3.3v) and is in a conductive state, and if the GPIO49 port of the imaging control module 1 sends a low level signal to the gate of the analog switch circuit 4 according to the characteristics of the N-type MOS transistor, the source and the drain of the analog switch circuit 4 are disconnected. It should be noted that the analog switch circuit 4 is not limited to a MOS transistor, but may be other semiconductor devices, which are not listed here.
Further, referring to fig. 3 again, the image forming apparatus further includes an initial state control circuit 5, wherein the initial state control circuit 5 is connected between the second interface (GPIO 4 interface) of the security management module 2 and the analog switch circuit 4, and the security management module 2 enables the reset signal of the imaging control module 1 to be valid when the security management module 2 is in the guiding state through the initial state control circuit 5.
Specifically, the initial state control circuit 5 includes a first triode Q2, a fourth resistor R4, a fifth resistor R5, and a third voltage source (+3.3v), where a base of the first triode Q2 is connected to the third voltage source through the fourth resistor R4 and the fifth resistor R5, and a base of the first triode Q2 is further connected to a second interface (GPIO 4 interface) of the safety management module 2 through the fourth resistor R4, and a collector of the first triode Q2 is connected to a second end of the analog switch circuit 4, and an emitter of the first triode Q2 is grounded.
Further, referring to fig. 3 again, the image forming apparatus further includes an RC reset circuit 6, where the RC reset circuit 6 is connected between the analog switch circuit 4 and the reset terminal of the imaging control module 1, and is configured to provide a time delay required for resetting the imaging control module 1, and the RC reset circuit 6 includes a fourth voltage source (+3.3v), a sixth resistor R6, and a first capacitor C1, where the fourth voltage source is connected between the drain of the analog switch circuit 4 and the reset terminal of the imaging control module 1 through the sixth resistor R6, and the first terminal of the first capacitor C1 is connected to the sixth resistor R6, and the other terminal is grounded. The RC reset circuit 6 is common knowledge of a person skilled in the art, and the working principle thereof is not described in detail here.
Referring to fig. 5, an embodiment of the present invention provides a firmware upgrading method for a security management module of an image forming apparatus, the method including:
step S01: the first device sends a firmware upgrade package to the imaging control module, wherein the firmware upgrade package is a firmware upgrade package for the security management module to operate.
Step S02: the security management module monitors the imaging control module, and when the imaging control module is judged to accord with the preset security conditions, the security management module sends authorization information to the imaging control module.
Step S03: the imaging control module receives the firmware upgrade package sent by the first device after obtaining the authorization information and sends the received firmware upgrade package to the security management module.
Step S04: the security management module stores the received firmware upgrade package in a memory, wherein the memory is configured to store firmware run by the security management module.
It can be understood that when the running firmware of the security management module needs to be upgraded, the firmware is not upgraded by directly receiving the firmware through the security management module, but is upgraded by receiving the firmware upgrade package through the imaging control module and then sending the firmware upgrade package to the security management module.
The specific technical scheme of the firmware upgrading method of the security management module of the image forming apparatus provided in this embodiment is described in detail below.
Referring to fig. 2, first, step S01 is performed: the first device 3 sends a firmware upgrade package to the imaging control module 1, where the firmware upgrade package is a firmware upgrade package for the security management module 2 to operate.
Alternatively, the first device 3 may be a first device 3 having a function of receiving and transmitting information, such as a PC (personal computer ), a tablet computer, a mobile phone, or the like, and in this embodiment, the first device 3 is a computer, and the computer may send a firmware upgrade package to the imaging control module 1 through a USB interface.
An imaging control module 1, for example, a SoC (System on Chip) configured to control an imaging processing operation of the image forming apparatus; the imaging control module 1 is configured to perform processing operations related to data transceiving, command transceiving, and engine control, for example, how to transceiving data, commands, status, etc. by an application calling an interface unit (including but not limited to a USB port, a wired network port, a wireless network port, etc.), and also obtain received print parameters by an application and parse the received print parameters into commands for controlling an engine mechanism to perform specific functions, for example, LSU exposure parameters, pick-up roller rotation parameters, etc.; in addition, for an image forming apparatus having a user authority authentication or encryption/decryption processing function, the imaging control module 1 is further configured to be able to execute the user authority authentication or encryption/decryption processing function; the interface unit in the image forming apparatus is also capable of receiving print job data and print, scan, fax commands from the driving apparatus, or transmitting scan, fax data, print, scan, fax status information, etc., and the security management module 2 exchanges information of predetermined security rules, logs, etc. with the external security monitoring server.
A security management module 2 (also called a trusted computing and supervising module), such as a security chip, for monitoring the operation activities corresponding to the imaging control module 1 in the image forming apparatus; the trusted computing (Trusted Computing) in the security management module 2 is used for security of behavior and is widely used in computer and communication systems to improve the security of the system as a whole. Information security includes four aspects: device security, data security, content security, and behavioral security; in order to further improve the behavior security characteristics of the image forming apparatus, the present embodiment introduces a trusted computing function; the functional modules corresponding to the trusted computing and supervising module mentioned in this embodiment include four functions: program (or module) start/run monitoring functions (e.g., whitelist policies), registration functions, auditing functions, upgrade monitoring functions; the specific implementation mode of the trusted computing supervision module can be hardware (such as a security chip), software (such as program code with the functions in the four modes), or a combination mode of software and hardware (such as a security chip combined with a security code); taking the implementation of program code as an example: the security management module 2 comprises a drive layer supervisor and an application layer supervisor; the drive layer supervisor is responsible for supervising the drive layer module of the image forming device operating system (such as a Linux system), the application layer supervisor is responsible for supervising the application layer program of the image forming device, and the trusted computing supervisor only allows to run the drive and the program within the scope of the white list; drivers and programs that are not within the white list are not allowed to run; the trusted computing supervisor may record or report security event behavior occurring on the image forming device; thus, the trusted computing supervisor comprehensively supervises the driving layer and the application layer of the image forming device, and can effectively prevent unsafe behaviors of the application program and the device driver.
Next, step S02 is executed: the security management module 2 monitors the imaging control module 1, and when judging that the imaging control module 1 meets the preset security conditions, sends authorization information to the imaging control module 1.
It should be noted that, the security management module 2 checks and monitors the imaging control module 1 and the corresponding operation activities thereof, and the security management module 2 allows the imaging control module 1 to execute only when the imaging control module 1 and the corresponding operation thereof meet the preset security conditions, and each activity of the imaging control module 1 needs to be authorized by the security management module 2 to execute, so that the security of the imaging control module 1 can be ensured.
Next, step S03 is performed: the imaging control module 1 receives the firmware upgrade package sent by the first device 3 after obtaining the authorization information, and sends the received firmware upgrade package to the security management module 2.
Specifically, the imaging control module 1 is connected with the USB interface of the security management module 2 through the USB interface, it can be understood that the imaging control module 1 realizes the receiving and transmitting of firmware through the USB interface, and does not need to occupy the resources of the SPI (Serial Peripheral Interface ) or I2C (Inter-Integrated Circuit) type interfaces of the imaging control module 1, so that the interface resources are utilized to the greatest extent.
Next, step S04 is executed: the security management module 2 stores the received firmware upgrade package in a memory, wherein the memory is configured to store firmware that the security management module 2 operates.
The memory is a memory built in the security management module 2, and is a nonvolatile memory such as NOR flash (flash memory), NAND flash (flash memory), EEPROM (erasable programmable read only memory), FRAM (ferroelectric memory), MRAM (magnetic RAM), NVSRAM (nonvolatile static memory), and the like.
Alternatively, in order to improve the reliability of the firmware upgrade, the security management module 2 is configured to enable the firmware upgrade only in the boot state, and therefore, in step S04: before the imaging control module 1 sends the firmware upgrade package to the security management module 2, the method further includes: the imaging control module 1 controls the running state of the security management module 2 to be changed into a boot state, and controls the boot state to be maintained at least until the security management module 2 receives the firmware upgrade package successfully.
It should be noted that, when the security management module 2 includes the first interface, the security management module 2 is further configured to return to the boot state when the first interface receives the first predetermined level signal when the security management module 2 is in the non-boot state.
Based on the above description, alternatively, the control of the imaging control module 1 to return the operation state of the security management module 2 to the guidance state may be achieved by:
mode one: the imaging control module 1 returns the operation state of the security management module 2 to the guidance state by sending a first predetermined level signal to the first interface.
Specifically, after the imaging control module 1 obtains the authorization information of the security management module 2, before the imaging control module 1 sends the received firmware upgrade package to the security management module 2, the imaging control module 1 sends the low-level signal to the security management module 2, so that the security management module 2 returns to the boot state, then the imaging control module 1 sends the firmware upgrade package to the security management module 2, and the security management module 2 stores the received firmware upgrade package in a memory therein to complete firmware upgrade.
Mode two: the security management module 2 sends a guidance state return instruction to the security management module 2 through the communication interface thereof so that the running state of the security management module 2 returns to the guidance state.
Specifically, the communication interface is an SPI interface, and the imaging control module 1 is connected to the security management module 2 through 1 SPI bus, where the SPI bus is used to implement dynamic measurement of the imaging control module 1 by the security management module 2 and transmission of control commands (e.g., guidance status return commands) between the security management module 2 and the imaging control module 1.
Further, before the imaging control module 1 sends the firmware upgrade package to the security management module 2, the method may further include: the imaging control module 1 releases the control of the reset signal of the imaging control module 1 by the security management module 2.
It should be understood that, the security management module 2 is further configured to control the reset signal of the imaging control module 1 to remain active when the security management module is in the boot state, so that the imaging control module 1 is always in the reset state before the security chip enters the program running state, thereby implementing the monitoring of the whole process of the imaging control module 1 by the security management module 2. After the imaging control module 1 controls the security management module 2 to enter the guiding state, the security management module 2 controls the imaging control module 1 to reset, at this time, the imaging control module 1 cannot upgrade the firmware of the security management module 2, and as such, the imaging control module 1 is further configured to release the control of the security management module 2 on the reset signal of the imaging control module 1 before the imaging control module 1 controls the security management module 2 to return to the guiding state, so that the imaging control module 1 does not reset after the security management module 2 is changed into the guiding state under the control of the imaging control module 1, and further the imaging control module 1 can execute the operation of sending the firmware upgrade package to the security management module 2, thereby realizing the upgrade of the firmware of the security management module 2.
The present embodiment provides a computer readable storage medium, on which a computer program is stored, which when executed by a processor, implements a firmware upgrade method for a security management module of an image forming apparatus in the embodiment, and is not described herein in detail to avoid repetition. Alternatively, the computer program may implement the functions of each module/unit in the image forming apparatus in the embodiment when executed by the processor, and in order to avoid repetition, details are not described herein.
Referring to fig. 6, an image forming apparatus 50 according to an embodiment of the present invention includes: the processor 51, the memory 52, and the program 53 stored in the memory 52 and capable of running on the processor 51, wherein the program 53 when executed by the processor 51 implements the firmware upgrade method of the security management module 2 of the image forming apparatus in the embodiment, and is not described herein in detail to avoid repetition.
Image forming device 50 may include, but is not limited to, a processor 51, a memory 52. It will be appreciated by those skilled in the art that fig. 6 is merely an example of image forming apparatus 50 and is not intended to limit image forming apparatus 50, and may include more or fewer components than shown, or may combine certain components, or may include different components, such as an electronic device may also include an input-output device, a network access device, a bus, etc.
The processor 51 may be a central processing unit (Central Processing Unit, CPU), but may also be other general purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), field-Programmable gate arrays (FPGA) or other Programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, which are not repeated herein.
In the several embodiments provided in the present invention, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of elements is merely a logical function division, and there may be additional divisions of actual implementation, e.g., multiple elements or components may be combined or integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in hardware plus software functional units.
The integrated units implemented in the form of software functional units described above may be stored in a computer readable storage medium. The software functional unit is stored in a storage medium, and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) or a Processor (Processor) to perform part of the steps of the methods according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-only memory (ROM), a random access memory (RandomAccess Memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The foregoing description of the preferred embodiments of the invention is not intended to be limiting, but rather is intended to cover all modifications, equivalents, alternatives, and improvements that fall within the spirit and scope of the invention.

Claims (17)

1. An image forming apparatus includes an imaging control module and a security management module;
the imaging control module is configured to receive the firmware upgrade package after obtaining authorization information of the security management module when the first device sends the firmware upgrade package to the first device, and send the received firmware upgrade package to the security management module, wherein the firmware upgrade package is a firmware upgrade package for the security management module to operate;
the security management module is configured to monitor the imaging control module before the imaging control module receives the firmware upgrade package sent by the first device, send the authorization information to the imaging control module when confirming that the imaging control module meets a preset security condition, receive the firmware upgrade package sent by the imaging control module, and store the firmware upgrade package in a memory, wherein the memory is configured to store operation firmware of the security management module;
The imaging control module is further configured to control an operational state of the security management module to return to a booted state before sending the firmware upgrade package to the security management module.
2. The image forming apparatus according to claim 1, wherein the imaging control module transmits the firmware upgrade package to the security management module through a USB interface thereof.
3. The image forming apparatus according to claim 1, wherein the imaging control module is further configured to control the boot state to be maintained at least until the security management module has successfully received the firmware upgrade package.
4. The image forming apparatus according to claim 3, wherein the security management module includes a first interface, and when the security management module is further configured to return to a booted state if the first interface receives a first predetermined level signal when it is in a non-booted state;
the imaging control module returns the running state of the safety management module to the guiding state by sending the first preset level signal to the first interface.
5. The image forming apparatus according to claim 3, wherein the security management module transmits a guidance state return instruction to the security management module through its communication interface so that the operation state of the security management module is returned to the guidance state.
6. The image forming apparatus according to claim 3, 4 or 5, wherein the security management module is connected to a reset port of the imaging control module, the security management module is further configured to control the reset signal of the imaging control module to remain active when it is in a guide state, the imaging control module is further configured to release the control of the reset signal of the imaging control module by the security management module before it controls the security management module to return to the guide state, so that the imaging control module does not perform a reset after the security management module is changed to the guide state under the control of the imaging control module.
7. The image forming apparatus according to claim 6, further comprising an analog switch circuit connected between a reset port of the imaging control module and the security management module, the imaging control module releasing the control of the imaging control module reset signal by controlling the analog switch circuit to be turned off.
8. The image forming apparatus according to claim 7, wherein the analog switch circuit includes a first switch, a first resistor, a second resistor, a third resistor, a first voltage source, and a second voltage source, the image forming control module further includes a first port, the security management module further includes a second interface, the first end of the first switch is connected to the first port through the first resistor and is connected to the first voltage source sequentially through the first resistor and the second resistor, the second end of the first switch is connected to the second interface of the security management module and is connected to the second voltage source through the third resistor, and the third end of the first switch is connected to the reset port of the image forming control module;
When the first port of the imaging control module sends a second preset level signal to the first end of the first switch, the second end and the third end of the first switch are disconnected.
9. The image forming apparatus according to claim 8, further comprising an initial state control circuit, wherein the initial state control circuit is connected between the second interface of the security management module and the analog switch circuit, and wherein the security management module maintains a reset signal of the imaging control module active when the security management module is in a boot state through the initial state control circuit.
10. A firmware upgrade method of a security management module of an image forming apparatus, the method comprising:
the method comprises the steps that first equipment sends a firmware upgrade package to an imaging control module, wherein the firmware upgrade package is used for running of a security management module;
the security management module monitors the imaging control module, and when judging that the imaging control module accords with a preset security condition, the security management module sends authorization information to the imaging control module;
the imaging control module receives the firmware upgrade package sent by the first device after acquiring the authorization information and sends the received firmware upgrade package to the security management module;
The security management module stores the received firmware upgrade package into a memory, wherein the memory is configured to store firmware operated by the security management module;
before the imaging control module sends the firmware upgrade package to the security management module, the method further includes:
the imaging control module controls the running state of the safety management module to be changed into a guiding state.
11. The firmware upgrade method of claim 10, wherein the imaging control module sends the firmware upgrade package to the security management module through its USB interface.
12. The firmware upgrade method of claim 10, wherein before the imaging control module sends the firmware upgrade package to the security management module, the method further comprises:
the imaging control module controls the guiding state to be maintained at least until the security management module receives the firmware upgrade package successfully.
13. The firmware upgrade method of claim 12, wherein the security management module comprises a first interface, and the imaging control module changes the operational state of the security management module to a booted state by sending a first predetermined level signal to the first interface.
14. The firmware upgrade method of claim 12, wherein the security management module sends a boot state return instruction to the security management module through its communication interface, such that the running state of the security management module returns to the boot state.
15. The firmware upgrade method of claim 12, wherein before the imaging control module returns the operational state of the security management module to a boot state, the method further comprises: the imaging control module releases the control of the safety management module on the reset signal of the imaging control module.
16. A storage medium comprising a stored program, wherein the program, when run, controls a device in which the storage medium resides to perform the method of any one of claims 10 to 15.
17. An image forming apparatus comprising a memory for storing information including program instructions and a processor for controlling execution of the program instructions, characterized in that: which when loaded and executed by a processor carries out the steps of the method according to any of claims 10 to 15.
CN201910579034.3A 2019-06-28 2019-06-28 Image forming apparatus and firmware upgrading method of security management module thereof Active CN110287707B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910579034.3A CN110287707B (en) 2019-06-28 2019-06-28 Image forming apparatus and firmware upgrading method of security management module thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910579034.3A CN110287707B (en) 2019-06-28 2019-06-28 Image forming apparatus and firmware upgrading method of security management module thereof

Publications (2)

Publication Number Publication Date
CN110287707A CN110287707A (en) 2019-09-27
CN110287707B true CN110287707B (en) 2023-08-22

Family

ID=68019749

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910579034.3A Active CN110287707B (en) 2019-06-28 2019-06-28 Image forming apparatus and firmware upgrading method of security management module thereof

Country Status (1)

Country Link
CN (1) CN110287707B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112000351B (en) * 2020-08-07 2023-04-07 北京浪潮数据技术有限公司 Updating method, updating device, updating equipment and storage medium of BMC (baseboard management controller) firmware

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101963910A (en) * 2010-09-21 2011-02-02 深圳市元征软件开发有限公司 General USB (Universal Serial Bus) based equipment firmware updating method
CN108762774A (en) * 2018-05-22 2018-11-06 深圳市先河***技术有限公司 A kind of method of firmware burning and the equipment of firmware burning

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101963910A (en) * 2010-09-21 2011-02-02 深圳市元征软件开发有限公司 General USB (Universal Serial Bus) based equipment firmware updating method
CN108762774A (en) * 2018-05-22 2018-11-06 深圳市先河***技术有限公司 A kind of method of firmware burning and the equipment of firmware burning

Also Published As

Publication number Publication date
CN110287707A (en) 2019-09-27

Similar Documents

Publication Publication Date Title
US7610246B2 (en) Information processing apparatus, control method therefor and computer readable information recording medium
CN210007764U (en) kinds of image forming apparatus, start control system for image forming apparatus
CN110536042B (en) Image forming apparatus, control method thereof, and storage medium
JP4676724B2 (en) Information processing apparatus, information processing method, information processing program, and recording medium
CN111614859B (en) Image forming apparatus, security control method thereof, and storage medium
CN101799792B (en) Information processing apparatus, program control method, and computer program product
EP3299981B1 (en) Image forming apparatus, method for controlling image forming apparatus, and storage medium
CN111343352A (en) Image forming apparatus, start control method thereof, and storage medium
CN110287707B (en) Image forming apparatus and firmware upgrading method of security management module thereof
US8495364B2 (en) Image processing apparatus and method using electronic signature information
CN210804374U (en) Image forming apparatus and security control system for image forming apparatus
CN112445444A (en) Image forming apparatus and security control system
US11553100B2 (en) Image processing apparatus and method of communicating with an external apparatus
EP4300335A1 (en) Removable trusted platform module
JP5776741B2 (en) Information processing apparatus, information processing system, information processing method, and information processing program
CN112040083B (en) Network control method, image forming apparatus, and image forming system
US20100118326A1 (en) Information processing apparatus, method of controlling same, recording medium and printer
JP2004303209A (en) Image forming apparatus, program updating method, and storage medium for update
US20210234983A1 (en) Image forming system, image forming apparatus, and storing medium storing application control program
CN112055127B (en) Image formation control method, terminal device, and readable storage medium
US7546296B2 (en) Information processing apparatus started from a program recorded on a recording medium with well-maintained security, and a recording medium storing such a program and a producing method of such a recording medium
WO2020259285A1 (en) Image forming apparatus and securty control system for image forming apparatus
CN212727133U (en) Image forming apparatus and security control system
US10691383B2 (en) Image forming apparatus and control method
JP5401425B2 (en) Electronic device and application management program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant