CN110363010A - A kind of safety startup of system method based on MPSoC chip - Google Patents

A kind of safety startup of system method based on MPSoC chip Download PDF

Info

Publication number
CN110363010A
CN110363010A CN201910646023.2A CN201910646023A CN110363010A CN 110363010 A CN110363010 A CN 110363010A CN 201910646023 A CN201910646023 A CN 201910646023A CN 110363010 A CN110363010 A CN 110363010A
Authority
CN
China
Prior art keywords
level
bootstrap
program
chip
stand
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910646023.2A
Other languages
Chinese (zh)
Other versions
CN110363010B (en
Inventor
郭勇军
宋伟铭
周中亚
刘敏
杨煦
于军亮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BEIJING DAHENG IMAGE VISION Co Ltd
China Daheng (group) Co Ltd Beijing Image Visual Technology Branch
Original Assignee
BEIJING DAHENG IMAGE VISION Co Ltd
China Daheng (group) Co Ltd Beijing Image Visual Technology Branch
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BEIJING DAHENG IMAGE VISION Co Ltd, China Daheng (group) Co Ltd Beijing Image Visual Technology Branch filed Critical BEIJING DAHENG IMAGE VISION Co Ltd
Priority to CN201910646023.2A priority Critical patent/CN110363010B/en
Publication of CN110363010A publication Critical patent/CN110363010A/en
Application granted granted Critical
Publication of CN110363010B publication Critical patent/CN110363010B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Stored Programmes (AREA)
  • Storage Device Security (AREA)

Abstract

This application discloses a kind of safety startup of system methods based on MPSoC chip, include: step 1, according to the globally unique identifier of System on Chip/SoC, two groups of public keys are generated using Encryption Algorithm, two groups of public key programmings are entered into System on Chip/SoC, and the electrically programmable fuse for the System on Chip/SoC that fuses;Step 2, according to two groups of public keys, primary bootstrap is encrypted and is packaged, be denoted as level-one bootstrap, and according to level-one bootstrap, generated and programming multistage directs the algorithm in system starting storage medium, wherein multistage bootstrap at least includes two-stage;Step 3, after embedded system powers on, according to globally unique identifier, using fault-tolerance processing method, multistage bootstrap is decrypted and is verified step by step, and pass through multistage one of bootstrap activation system image file and system image backup file.By the technical solution in the application, the safety of embedded system is improved, a possibility that system is copied by shovelling plate is greatly reduced.

Description

A kind of safety startup of system method based on MPSoC chip
Technical field
This application involves the technical fields of embedded system, pacify in particular to a kind of system based on MPSoC chip Full starting method.
Background technique
In existing embedded system, the bootstrap and system image file of system are stored in single Flash storage more In unit, the data in Flash are maliciously read when opponent manufacturer, and realize shovelling plate, be just very easy to copy same specification and class The product of type.
At the same time, the process of existing system start-up loading, there is no bootstrap and the system image texts to storage Part carries out correctness verification, directly from the fixed address Flash bootload program and system image file when system starts, And start operation.Can system correctly start, and depend entirely on and be stored in the complete of bootstrap and system image file in Flash Whole property and correctness, if file content malfunctions in Flash, system starting process can not be jumped, and can directly result in starting failure.
When Flash accidentally erasing or storage medium occurs because (such as mechanical collision, pin loosening, power supply are excessively high for factor itself Deng) failure, it will lead to storage content missing or value change that (data in Flash are stored in storage unit in a manner of bit, non-zero to be 1), cause the bootstrap loaded in system starting process or system image file incorrect, ultimately causing equipment cannot be normal Starting.
In the industrial circle higher for system running environment stability requirement, commercial embedded system, equipment Safety and stability is the key index of entire embedded system, and the prior art and can not to these key indexes provide can The guarantee leaned on can both guarantee that system started therefore, it is necessary to combine back mechanism, take anti-plagiarism measure to system program The stability and integrality of journey, and can guarantee the safety of system.
Summary of the invention
The purpose of the application is: the safety startup of system method based on MPSoC chip of complete set is designed, using more The method of grade guidance verifying, while guaranteeing that programming file and system hardware (such as CPU, GPU, MCU) are bound, raising system is opened Stability and integrality during dynamic.
The technical solution of the application first aspect is: a kind of safety startup of system method based on MPSoC chip is provided, This method is suitable for the starting of embedded system, and embedded system includes System on Chip/SoC and system starting storage medium, and system opens It is stored with system image file and system image backup file in dynamic storage medium, this method comprises:
Step 1, according to the globally unique identifier of System on Chip/SoC, two groups of public keys are generated using Encryption Algorithm, by two groups of public affairs Key programming enters System on Chip/SoC, and the electrically programmable fuse for the System on Chip/SoC that fuses;
Step 2, according to two groups of public keys, primary bootstrap is encrypted and is packaged, be denoted as level-one bootstrap, and root According to level-one bootstrap, generates and programming multistage directs the algorithm in system starting storage medium, wherein multistage directs the algorithm to It less include two-stage;
Step 3, after embedded system powers on, multistage is guided using fault-tolerance processing method according to globally unique identifier Program is decrypted and verifies step by step, and by multistage bootstrap activation system image file and system image backup file One kind.
In any of the above-described technical solution, further, step 2 is specifically included: step 21, according to primary bootstrap and Two groups of public keys generate and store first key and the second key using secure hash algorithm;Step 22, it is encrypted and is calculated using dark text Method encrypts primary bootstrap according to two groups of public keys;Step 23, by first key, the second key and it is encrypted just Grade bootstrap is packaged, and level-one bootstrap is denoted as.
In any of the above-described technical solution, further, dark text Encryption Algorithm include with operation or operation, add operation, Inverse and or at least one of operation, shift operation.
In any of the above-described technical solution, further, multistage bootstrap includes two-stage bootstrap and corresponding draws Lead stand-by program, wherein bootstrap includes level-one bootstrap and second level bootloader, and guidance stand-by program includes that level-one is drawn Lead stand-by program and second level guidance stand-by program.
In any of the above-described technical solution, further, step 3 is specifically included: step 31, after embedded system powers on, It reads starting information header file and hash calculating is carried out to level-one bootstrap according to globally unique identifier and first key;Step Rapid 32, according to hash calculating as a result, using fault-tolerance processing method, level-one bootstrap is decrypted and first verifies, when When determining that the first verification passes through, step 33 is executed, when the verification of judgement first does not pass through, 31 is re-execute the steps, level-one is drawn It leads stand-by program and carries out hash calculating;Step 33, according to the second key, the second verification is carried out to level-one bootstrap, works as judgement When second verification passes through, step 34 is executed, when the verification of judgement second does not pass through, 31 is re-execute the steps, level-one is guided standby Part program carries out hash calculating;Step 34, third verification is carried out to second level bootloader, when determining second level bootloader by the When three verifications, activation system image file obtains second level guidance backup when determining that second level bootloader is not verified by third Program generates and sends system starting exception information, guides when getting second level when second level guidance stand-by program has not been obtained When stand-by program, third verification is carried out to second level guidance stand-by program, is verified when judgement second level guidance stand-by program passes through third When, activation system mirror backup file obtains next second level when determining that second level guidance stand-by program is not verified by third Guide stand-by program.
In any of the above-described technical solution, further, it is 3 that level-one, which guides the backup quantity of stand-by program, second level guidance The backup quantity of stand-by program is 2.
The technical solution of the application second aspect is: providing a kind of embedded system, includes system in embedded system Chip and system start storage medium, are stored with startup program on system starting storage medium, when startup program is run, execute such as The safety startup of system method based on MPSoC chip of any one of the application first aspect technical solution.
In any of the above-described technical solution, further, globally unique identifier, and system core are stored on System on Chip/SoC On piece is provided with electrically programmable fuse.
The beneficial effect of the application is:
By the safe starting method of the application, using multistage guidance verifying, and the globally unique identifier of chip is combined, Cryptographic check (certification) is carried out to level-one bootstrap itself, the risk of stored in clear is reduced, improves embedded system Safety greatly reduces a possibility that system is copied by shovelling plate.
In conjunction with the multistage guidance in the application, increase system backup startup file, sets reasonable system starting path, While improving security of system, the stability of embedded system is also improved, starts test, this Shen by million power down Please in starting method can guarantee that embedded system is normal, stablizes starting.
Detailed description of the invention
The advantages of above-mentioned and/or additional aspect of the application, will become bright in combining description of the following accompanying drawings to embodiment It shows and is readily appreciated that, in which:
Fig. 1 is the signal stream according to the safety startup of system method based on MPSoC chip of one embodiment of the application Cheng Tu;
Fig. 2 is that verifying schematic flow diagram is guided according to the level-one of one embodiment of the application;
Fig. 3 is that verifying schematic flow diagram is guided according to the second level of one embodiment of the application;
Fig. 4 is to start path schematic diagram according to the embedded system of one embodiment of the application;
Fig. 5 is the schematic diagram according to the storage content of one embodiment of the application.
Specific embodiment
It is with reference to the accompanying drawing and specific real in order to be more clearly understood that the above objects, features, and advantages of the application Mode is applied the application is further described in detail.It should be noted that in the absence of conflict, the implementation of the application Feature in example and embodiment can be combined with each other.
In the following description, many details are elaborated in order to fully understand the application, still, the application may be used also To be implemented using other than the one described here other modes, therefore, the protection scope of the application is not by described below Specific embodiment limitation.
Embodiment one:
As shown in Figure 1, present embodiments providing a kind of safety startup of system method based on MPSoC chip, this method is suitable For the starting of embedded system, embedded system includes System on Chip/SoC and system starting storage medium, and system starting storage is situated between It is stored with system image file and system image backup file in matter, is stored with globally unique identifier, the party on System on Chip/SoC Method includes:
Step 1, according to the globally unique identifier of System on Chip/SoC, two groups of public keys are generated using Encryption Algorithm, by two groups of public affairs Key programming enters System on Chip/SoC, and the electrically programmable fuse for the System on Chip/SoC that fuses;
Specifically, in the present embodiment, using MPSoC chip as System on Chip/SoC, by the globally unique mark in System on Chip/SoC Symbol GUID is known as default public key, which is 64 bytes, is calculated according to default public key (GUID) and Encryption Algorithm, such as Hash Two groups of Hash data can be generated in method, are denoted as two groups of public keys, the two group key (Public stored as CPU in MPSoC chip Key1 and Public Key2), this two groups of public keys are by the protection of electrically programmable fuse, the electrically programmable for the MPSoC chip that then fuses Fuse, so that Public Key1 and the Public Key2 in deposit CPU can not be modified again.
Step 2, according to the two groups of public keys stored in System on Chip/SoC, primary bootstrap is encrypted and is packaged, is denoted as Level-one bootstrap, and according to level-one bootstrap, it generates and programming multistage directs the algorithm in system starting storage medium, In, multistage bootstrap at least includes two-stage;
Preferably, multistage bootstrap includes two-stage bootstrap and corresponding guidance stand-by program, wherein bootstrap Including level-one bootstrap (FSBL) and second level bootloader (Uboot), guiding stand-by program includes level-one guidance stand-by program Stand-by program is guided with second level.
Further, step 2 specifically includes:
Step 21, it according to primary bootstrap and two groups of public keys, using secure hash algorithm, generates and stores first key With the second key, wherein primary bootstrap is for guiding MPSoC chip to start;
Specifically, using existing secure hash (SHA3) algorithm, according to the two of generation groups of public keys and primary bootstrap, Two kinds of keys of SPK (Secondary Public Key) and PPK (Primary Public Key), both keys can be generated It is 48 bytes.In the present embodiment, using PPK as first key, using SPK as the second key.
Step 22, primary bootstrap is encrypted according to two groups of public keys using dark text Encryption Algorithm;
Preferably, dark text Encryption Algorithm includes and operation or operation, add operation, inverse and or operation, displacement fortune At least one of calculate.
Specifically, in order to improve the difficulty that program is plagiarized in the present embodiment, the primary bootstrap of plaintext version carries out Encryption, that is, convert plaintext into dark text.Therefore, using dark text Encryption Algorithm, such as with operation or operation, add operation, non-fortune Calculate, with or one of operation, shift operation or a variety of, using two groups of public keys of storage, primary bootstrap is encrypted, Be converted to dark text.
The present embodiment provides a kind of dark text encryption method:
Firstly, two groups of public keys are carried out add operations, using obtained calculated result as encrypted code, wherein encrypted code is 64 bytes;
Then, using cycle calculations method, using the data of each in encrypted code, primary bootstrap is carried out by turn Step-by-step and operation, are converted to dark text for primary bootstrap.
Step 23, first key PPK, the second key SPK and encrypted primary bootstrap are packaged, are denoted as one Grade bootstrap.
Specifically, through the above technical solutions, using a part of GUID as storage to two groups of public keys of MPSoC chip, Guarantee that the SPK value of each embedded device is different, FSBL (level-one bootstrap) file by encryption can be different, verify SPK PPK key with FSBL (level-one bootstrap) file header also can be different, to realize complicated anti-shovelling plate function.
Above-mentioned technical proposal in through this embodiment, two groups of public keys and program (primary bootstrap) are packaged into level-one and draw Program burn writing file is led, that is, completes the binding of level-one bootstrap, hardware chip GUID and default public key, three has arbitrary value not Matching, system all can not normally start success.
Step 3, after embedded system powers on, multistage is guided using fault-tolerance processing method according to globally unique identifier Program is decrypted and verifies (certification) step by step, and passes through multistage bootstrap activation system image file and system image backup One of file.
Specifically, embedded system mainly includes two steps to verification (certification) process of level-one bootstrap:
1) PPK key value is used, to the starting information header file (Bootheader) and SPK of level-one bootstrap (FSBL) Key itself verifies (certification);
2) SPK key value is used, the file content abstract decryption (inverse process of dark text encryption) to FSBL, reduction FSBL text Part content just can enter the operation of level-one bootstrap after correct.
As shown in Figures 2 and 3, the present embodiment shows a kind of bootstrap method of calibration, and step 3 specifically includes:
Step 31, after embedded system powers on, starting information header file is read, it is close according to globally unique identifier and first Key PPK carries out hash calculating to level-one bootstrap;
Step 32, according to hash calculate as a result, using fault-tolerance processing method, level-one bootstrap is decrypted and the One verification (certification) executes step 33 when judgement first, which verifies (certification), to be passed through, and does not pass through when judgement first verifies (certification) When, 31 are re-execute the steps, hash calculating is carried out to level-one guidance stand-by program;
Step 33, according to the second key SPK, the second verification (certification) is carried out to level-one bootstrap, when determining the second school Test (certification) by when, execute step 34, when judgement second verify (certification) do not pass through when, 31 are re-execute the steps, to level-one Guidance stand-by program carries out hash calculating;
Specifically, after system electrification, the cured ROM program of chip first loads GUID to memory, while inquiring FSBL (one Grade bootstrap) starting information header file (protection head), judge whether the file of programming needs to authenticate, if it is desired, with regard to root Two groups of public keys (key 1 and key 2) are generated using Encryption Algorithm, such as hash algorithm according to GUID, then carry out the hash meter of PPK It calculates, carries out the first verification (certification), if passing through, show to start information header file and SPK is correct, then carry out the second verification and (recognize Card), if passing through, show that level-one bootstrap itself is correct, and decrypt FSBL (level-one bootstrap) running paper, into two Grade bootstrap, wherein first is verified as PPK verification, and second is verified as SPK verification.
During the verification of level-one bootstrap, if PPK verification, SPK verification do not pass through, new starting text is searched Part, i.e. level-one guide stand-by program, re-start verification (PPK verification and SPK are verified) according to new level-one guidance stand-by program, If not finding new level-one guidance stand-by program, prove that the embedded system cannot normally start.
The present embodiment starts in storage medium system and stores when being verified by the PPK verification of level-one bootstrap, SPK The correctness of second level bootloader verified, by the MD5 code check of second level bootloader, to the system stored in chip The correctness of image file and system image backup file is verified.
Step 34, third verification is carried out to second level bootloader, when determining that second level bootloader is verified by third, opened Dynamic system image file obtains second level and guides stand-by program when determining that second level bootloader is not verified by third,
When second level guidance stand-by program has not been obtained, system starting exception information is generated and sent,
When getting second level guidance stand-by program, third verification is carried out to second level guidance stand-by program, when judgement second level When stand-by program being guided to verify by third, activation system mirror backup file, when judgement second level guidance stand-by program does not pass through When third verifies, next second level guidance stand-by program is obtained.
Specifically, in the present embodiment, backup journey is guided to second level bootloader (Uboot) or second level using MD5 code Sequence is verified, and the correctness of system image file (Image.ub) is verified.Therefore, through this embodiment in fault-tolerant processing side Method realizes the calling to system image file and system image backup file using the verifying of two-stage bootstrap, embedding to guarantee Embedded system can stablize starting.
The present embodiment, using the signature key method of calibration of safety and (the system starting storage of multiple flash storages Medium) in more parts of bootstrap of programming (level-one bootstrap, second level bootloader and corresponding backup), system image file, Wherein, storing in a Flash is system default startup file, is stored as standby system in another flash storage;This Embodiment loads level-one bootstrap by the ROM program of MPSoC chip, then verifies second level by level-one boot program loads Bootstrap, after second level bootloader starting, load verification default system image file, and starting operation in memory;Load It is added to abnormal fault-tolerant processing in the process: if the verification of level-one bootstrap is abnormal, starting from next level-one bootstrap; If second level bootloader verification failure, loads the next second level bootloader of verification;If default system image file school Error checking misses, then loads first backup image file of verification, unsuccessfully reloads second backup image file of verification.
Preferably, the backup quantity of level-one guidance stand-by program is 3, and it is 2 that second level, which guides the backup quantity of stand-by program,.
Embodiment two:
As shown in figure 4, a kind of implementation in embedded system starting path is present embodiments provided, in the embedded system In the system starting storage medium of system default, stores a level-one bootstrap and corresponding 3 parts of level-ones guide stand-by program, one Part second level bootloader and corresponding 2 parts of second levels guide stand-by program, while preserving (including 3 parts of four parts of system image files System image backup file).
At the same time, the correctness verification function of load document is added in level-one bootstrap and second level bootloader It can, it is ensured that the correctness of every level-one loading procedure file, to improve the stability of embedded system starting.
Under normal circumstances, the Booting sequence of system image file are as follows:
MPSoC chip powers on the Bootheader (starting information header file) of rear ROM program looks default starting medium, and Start FSBL (level-one bootstrap), verification Uboot (second level bootloader) file is loaded by FSBL, (second level guides journey to Uboot Sequence) start-up loading, verification default image file (system image file).That is path in Fig. 4 1. → 2. → 3.;
In abnormal cases, a kind of Booting sequence of system image backup file are as follows:
In above-mentioned path, when some file appearance exception (such as MD5 verification failure, incorrect or imperfect), can it touch Send out the starting path of system image backup file.If system default image file damages, then corresponding starting path are as follows: 1. → 2. →④;Such as first level-one bootstrap malfunctions, then corresponding starting path are as follows: 1. → 6. → and 7. → 8..
Embodiment three:
As shown in figure 5, including System on Chip/SoC (MPSoC core in embedded system the present embodiment provides a kind of embedded system Piece) and system starting storage medium (Flash), system, which starts, is stored with startup program on storage medium, when startup program is run, Execute the safety startup of system method based on MPSoC chip as disclosed in above-described embodiment one or embodiment two.
Further, globally unique identifier is stored on System on Chip/SoC, and it is molten that electrically programmable is provided on System on Chip/SoC Silk.
After system electrification, the level-one bootstrap of the ROM program frisking guidance medium of MPSoC chip, and signature key school The public key (two groups of public keys that Hash generates) and bootstrap computation key (PPK, SPK) of CPU storage are tested, after verification passes through, Load operating, then verifies second level bootloader by level-one boot program loads, and second level bootloader reloads verification Flash In default system image file, just allow to run after verification is correct and start.
The method realizes standby system text when safety startup of system and default system file normally start and are abnormal Part starting reduces non-legal programming, the damage of part Flash file or modification, the risk for causing system not start normally and improves The stability and safety of commercial embedded system.
Even if reading the public key value of the data and CPU in Flash, into imitated plate, system is also normally to open for programming It is dynamic, it plays a very good protection for the safety of commercial embedded system, can effectively prevent the row of malice shovelling plate For.
The technical solution for having been described in detail above with reference to the accompanying drawings the application, present applicant proposes one kind to be based on MPSoC chip Safety startup of system method, comprising: step 1, according to the globally unique identifier of System on Chip/SoC, generate two using Encryption Algorithm Two groups of public key programmings are entered System on Chip/SoC, and the electrically programmable fuse for the System on Chip/SoC that fuses by group public key;Step 2, according to two groups of public affairs Key is encrypted and is packaged to primary bootstrap, and level-one bootstrap is denoted as, and according to level-one bootstrap, is generated and burnt It writes multistage to direct the algorithm in system starting storage medium, wherein multistage bootstrap at least includes two-stage;Step 3, embedded After system electrification, multistage bootstrap is decrypted and school step by step using fault-tolerance processing method according to globally unique identifier It tests, and passes through multistage one of bootstrap activation system image file and system image backup file.By in the application Technical solution, improve the safety of embedded system, greatly reduce a possibility that system is copied by shovelling plate.
Step in the application can be sequentially adjusted, combined, and deleted according to actual needs.
Unit in the application device can be combined, divided and deleted according to actual needs.
Although disclosing the application in detail with reference to attached drawing, it will be appreciated that, these descriptions are only exemplary, not For limiting the application of the application.The protection scope of the application may include not departing from this Shen by appended claims It please be in the case where protection scope and spirit for various modifications, remodeling and equivalent scheme made by inventing.

Claims (8)

1. a kind of safety startup of system method based on MPSoC chip, which is characterized in that this method is suitable for embedded system Starting, the embedded system include System on Chip/SoC and system starting storage medium, are stored in the system starting storage medium There are system image file and system image backup file, this method comprises:
Step 1, according to the globally unique identifier of the System on Chip/SoC, two groups of public keys are generated using Encryption Algorithm, by two groups of institutes It states public key programming and enters the System on Chip/SoC, and the electrically programmable fuse for the System on Chip/SoC that fuses;
Step 2, the public key according to two groups is encrypted and is packaged to primary bootstrap, and level-one bootstrap, and root are denoted as According to the level-one bootstrap, generates and programming multistage directs the algorithm in the system starting storage medium, wherein is described more Grade bootstrap at least includes two-stage;
Step 3, after the embedded system powers on, according to the globally unique identifier, using fault-tolerance processing method, to described Multistage bootstrap is decrypted and verifies step by step, and starts the system image file and institute by the multistage bootstrap State one of system image backup file.
2. as described in claim 1 based on the safety startup of system method of MPSoC chip, which is characterized in that step 2 tool Body includes:
Step 21, the public key according to the primary bootstrap and two groups is generated using secure hash algorithm and is stored first Key and the second key;
Step 22, using dark text Encryption Algorithm, the public key according to two groups encrypts the primary bootstrap;
Step 23, the first key, second key and encrypted primary bootstrap are packaged, are denoted as described Level-one bootstrap.
3. as claimed in claim 2 based on the safety startup of system method of MPSoC chip, which is characterized in that the dark text adds Close algorithm include and operation or operation, add operation, inverse, with or at least one of operation, shift operation.
4. such as the described in any item safety startup of system methods based on MPSoC chip of Claims 2 or 3, which is characterized in that institute Stating multistage bootstrap includes two-stage bootstrap and corresponding guidance stand-by program, wherein the bootstrap includes described Level-one bootstrap and second level bootloader, the guidance stand-by program include level-one guidance stand-by program and second level guidance backup Program.
5. as claimed in claim 4 based on the safety startup of system method of MPSoC chip, which is characterized in that step 3 tool Body includes:
Step 31, after the embedded system powers on, starting information header file is read, according to the globally unique identifier and institute First key is stated, hash calculating is carried out to the level-one bootstrap;
Step 32, according to the hash calculating as a result, the level-one bootstrap is decrypted using fault-tolerance processing method Step 33 is executed when the verification of judgement first passes through with the first verification, when the verification of judgement first does not pass through, re-executes step Rapid 31, hash calculating is carried out to level-one guidance stand-by program;
Step 33, according to second key, the second verification is carried out to the level-one bootstrap, when the verification of judgement second passes through When, execute step 34, when judgement second verification not by when, re-execute the steps 31, to the level-one guide stand-by program into Row hash calculates;
Step 34, third verification is carried out to the second level bootloader, is verified when the judgement second level bootloader passes through third When, start the system image file, when determining that the second level bootloader is not verified by third, obtains the second level and draw Stand-by program is led,
When the second level guidance stand-by program has not been obtained, system starting exception information is generated and sent,
When getting the second level guidance stand-by program, third verification is carried out to second level guidance stand-by program, works as judgement When the second level guidance stand-by program is verified by third, start the system image backup file, when the judgement second level is drawn When leading stand-by program not by third verification, next second level guidance stand-by program is obtained.
6. as claimed in claim 4 based on the safety startup of system method of MPSoC chip, which is characterized in that the level-one is drawn The backup quantity for leading stand-by program is 3, and the backup quantity of the second level guidance stand-by program is 2.
7. a kind of embedded system, which is characterized in that be situated between in the embedded system comprising System on Chip/SoC and system starting storage Matter is stored with startup program on system starting storage medium, when the startup program is run, execute as claim 1 to Based on the safety startup of system method of MPSoC chip described in any one of claim 6.
8. embedded system as claimed in claim 7, which is characterized in that be stored with globally unique identifier on the System on Chip/SoC Symbol, and electrically programmable fuse is provided on the System on Chip/SoC.
CN201910646023.2A 2019-07-17 2019-07-17 System safety starting method based on MPSoC chip Active CN110363010B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910646023.2A CN110363010B (en) 2019-07-17 2019-07-17 System safety starting method based on MPSoC chip

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910646023.2A CN110363010B (en) 2019-07-17 2019-07-17 System safety starting method based on MPSoC chip

Publications (2)

Publication Number Publication Date
CN110363010A true CN110363010A (en) 2019-10-22
CN110363010B CN110363010B (en) 2021-11-16

Family

ID=68220916

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910646023.2A Active CN110363010B (en) 2019-07-17 2019-07-17 System safety starting method based on MPSoC chip

Country Status (1)

Country Link
CN (1) CN110363010B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110909316A (en) * 2019-11-14 2020-03-24 武汉正维电子技术有限公司 Encryption protection method of single chip microcomputer software and storage medium
CN111143854A (en) * 2019-12-25 2020-05-12 眸芯科技(上海)有限公司 Device, system and method for starting chip secure download
CN112231709A (en) * 2020-10-15 2021-01-15 中国电子科技集团公司第三十八研究所 System safety design method with remote upgrading function
CN113642006A (en) * 2021-08-30 2021-11-12 南方电网数字电网研究院有限公司 Safe starting method of dual-core relay protection system
WO2021232982A1 (en) * 2020-05-22 2021-11-25 华为技术有限公司 Redundant cryptographic algorithm-based secure boot method and device
CN115934631A (en) * 2022-12-30 2023-04-07 武汉麓谷科技有限公司 Intelligent storage platform based on MPSoC

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102369535A (en) * 2009-02-03 2012-03-07 费森尼斯医疗德国公司 Device and method for preventing unauthorized use and/or manipulation of software
EP2506488A2 (en) * 2011-03-28 2012-10-03 Nxp B.V. Secure dynamic on-chip key programming
CN104573528A (en) * 2014-12-31 2015-04-29 湖南国科微电子有限公司 Copy-prevented Soc starting method and chip thereof
US9230112B1 (en) * 2013-02-23 2016-01-05 Xilinx, Inc. Secured booting of a field programmable system-on-chip including authentication of a first stage boot loader to mitigate against differential power analysis
CN107220547A (en) * 2016-03-21 2017-09-29 展讯通信(上海)有限公司 Terminal device and its startup method
US20180181179A1 (en) * 2016-12-22 2018-06-28 Texas Instruments Incorporated On chip power on reset with integrated supervisory functions for a functional safety system
CN108399339A (en) * 2018-02-12 2018-08-14 广东为辰信息科技有限公司 A kind of credible startup method based on safety chip
CN108664280A (en) * 2017-03-31 2018-10-16 深圳市中兴微电子技术有限公司 A kind of embedded system start method and device
CN109284114A (en) * 2017-07-20 2019-01-29 深圳市中兴微电子技术有限公司 The automatic method for burn-recording of programmable chip in embedded system

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102369535A (en) * 2009-02-03 2012-03-07 费森尼斯医疗德国公司 Device and method for preventing unauthorized use and/or manipulation of software
EP2506488A2 (en) * 2011-03-28 2012-10-03 Nxp B.V. Secure dynamic on-chip key programming
US9230112B1 (en) * 2013-02-23 2016-01-05 Xilinx, Inc. Secured booting of a field programmable system-on-chip including authentication of a first stage boot loader to mitigate against differential power analysis
CN104573528A (en) * 2014-12-31 2015-04-29 湖南国科微电子有限公司 Copy-prevented Soc starting method and chip thereof
CN107220547A (en) * 2016-03-21 2017-09-29 展讯通信(上海)有限公司 Terminal device and its startup method
US20180181179A1 (en) * 2016-12-22 2018-06-28 Texas Instruments Incorporated On chip power on reset with integrated supervisory functions for a functional safety system
CN108664280A (en) * 2017-03-31 2018-10-16 深圳市中兴微电子技术有限公司 A kind of embedded system start method and device
CN109284114A (en) * 2017-07-20 2019-01-29 深圳市中兴微电子技术有限公司 The automatic method for burn-recording of programmable chip in embedded system
CN108399339A (en) * 2018-02-12 2018-08-14 广东为辰信息科技有限公司 A kind of credible startup method based on safety chip

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110909316A (en) * 2019-11-14 2020-03-24 武汉正维电子技术有限公司 Encryption protection method of single chip microcomputer software and storage medium
CN110909316B (en) * 2019-11-14 2023-05-09 武汉正维电子技术有限公司 Encryption protection method for singlechip software and storage medium
CN111143854A (en) * 2019-12-25 2020-05-12 眸芯科技(上海)有限公司 Device, system and method for starting chip secure download
CN111143854B (en) * 2019-12-25 2021-11-30 眸芯科技(上海)有限公司 Safe starting device, system and method of chip
WO2021232982A1 (en) * 2020-05-22 2021-11-25 华为技术有限公司 Redundant cryptographic algorithm-based secure boot method and device
CN112231709A (en) * 2020-10-15 2021-01-15 中国电子科技集团公司第三十八研究所 System safety design method with remote upgrading function
CN113642006A (en) * 2021-08-30 2021-11-12 南方电网数字电网研究院有限公司 Safe starting method of dual-core relay protection system
CN115934631A (en) * 2022-12-30 2023-04-07 武汉麓谷科技有限公司 Intelligent storage platform based on MPSoC
CN115934631B (en) * 2022-12-30 2023-10-27 武汉麓谷科技有限公司 Intelligent storage platform based on MPSoC

Also Published As

Publication number Publication date
CN110363010B (en) 2021-11-16

Similar Documents

Publication Publication Date Title
CN110363010A (en) A kind of safety startup of system method based on MPSoC chip
CN112035152B (en) Secure processing system and method for upgrading firmware of SoC chip
CN109313690A (en) Self-contained encryption boot policy verifying
CN102270288B (en) Method for performing trusted boot on operation system based on reverse integrity verification
CN104866768B (en) ATM os starting control method and device
US11886593B2 (en) Verification of a provisioned state of a platform
CN109583162B (en) Identity recognition method and system based on state cryptographic algorithm
US20220108018A1 (en) Identity and Root Keys Derivation Scheme for Embedded Devices
CN105930733A (en) Trust chain construction method and apparatus
US20160380771A1 (en) Binary code authentication
CN109086578A (en) A kind of method that soft ware authorization uses, equipment and storage medium
CN113486360B (en) RISC-V based safe starting method and system
CN103577727B (en) A kind of method and device of software deadline checking
CN110175478A (en) A kind of mainboard powering method, system and programming device
CN109814934A (en) Data processing method, device, readable medium and system
CN113553115A (en) Starting method based on heterogeneous multi-core chip and storage medium
CN111597558B (en) Trusted boot method and system of embedded operating system based on multiple mirror images of file
KR20180007717A (en) Soc having double security features, and double security method for soc
CN116738392A (en) Software and hardware verification method for main control system of wind generating set
Kroah-Hartman Signed kernel modules
CN115828255A (en) Method for upgrading signed firmware, electronic device and storage medium
CN108073411A (en) A kind of kernel loads method and device of patch
CN107704756A (en) Safe checking method and system before a kind of system upgrade
TWI520556B (en) Electronic file and vehicle mutual authentication method and system
CN106484477B (en) The software download and starting method of safety

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant