CN111177709A - Execution method and device of terminal trusted component and computer equipment - Google Patents
Execution method and device of terminal trusted component and computer equipment Download PDFInfo
- Publication number
- CN111177709A CN111177709A CN201911411800.1A CN201911411800A CN111177709A CN 111177709 A CN111177709 A CN 111177709A CN 201911411800 A CN201911411800 A CN 201911411800A CN 111177709 A CN111177709 A CN 111177709A
- Authority
- CN
- China
- Prior art keywords
- trusted component
- trusted
- module
- boot process
- component
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 133
- 230000008569 process Effects 0.000 claims abstract description 60
- 238000004891 communication Methods 0.000 claims abstract description 38
- 238000012795 verification Methods 0.000 claims abstract description 26
- 230000015654 memory Effects 0.000 claims description 24
- 231100000279 safety data Toxicity 0.000 claims description 8
- 238000013475 authorization Methods 0.000 description 22
- 238000005259 measurement Methods 0.000 description 13
- 230000006870 function Effects 0.000 description 9
- 238000012360 testing method Methods 0.000 description 4
- 238000001514 detection method Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000013507 mapping Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 239000007787 solid Substances 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 238000013528 artificial neural network Methods 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000013135 deep learning Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000008676 import Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
Abstract
The invention discloses an execution method and device of a terminal trusted component and computer equipment, wherein the execution method of the terminal trusted component comprises the following steps: acquiring a communication interface of the terminal equipment, and establishing communication connection with the trusted component; starting the trusted component, and verifying the trusted component; executing the trusted component when the trusted component is successfully verified; controlling a boot process of an application system of the terminal equipment by using the control I/O of the trusted component; judging whether the boot process is successful in signature verification through the trusted component; and if the label checking in the boot process is successful, starting an application system of the terminal equipment. By implementing the method and the device, a safe communication channel can be established between the terminal equipment and the trusted component, and the security of the application system of the terminal equipment and the credibility of the trusted component are ensured by verifying and signing the boot process through the trusted component.
Description
Technical Field
The invention relates to the field of computer communication security, in particular to an execution method and device of a terminal trusted component and computer equipment.
Background
Different with traditional computer and server etc. of electric power industry equipment, the form and the software and hardware constitution of electric power industry equipment are various, and some equipment inner space is comparatively narrow and small, can't use traditional credible subassembly, can't ensure terminal equipment transmission data's security. In the prior art, a trusted security architecture is usually designed in a terminal device based on a trusted computing concept to ensure the security of the terminal device, however, the trusted problem of a trusted component is not considered in the structural design of an operating system, such a security architecture cannot establish a secure communication channel between the terminal device and the trusted component, and cannot ensure the security of an application system and the trustworthiness of the trusted component.
Disclosure of Invention
Therefore, the technical problem to be solved by the present invention is to overcome the defect that a trusted computing technology in the prior art cannot establish a secure communication channel between a terminal device and a trusted component to ensure the security of an application system and the trustworthiness of the trusted component, so as to provide an execution method and apparatus for a trusted component of a terminal, and a computer device.
According to a first aspect, an embodiment of the present invention provides an execution method of a terminal trusted component, including: acquiring a communication interface of the terminal equipment, and establishing communication connection with the trusted component; starting a trusted component, and verifying the trusted component; executing the trusted component when the trusted component is verified successfully; controlling a boot process of an application system of the terminal equipment by using the control I/O of the trusted component; judging whether the boot process is successfully signed by the trusted component; and if the label checking in the boot process is successful, starting an application system of the terminal equipment.
With reference to the first aspect, in a first implementation of the first aspect, the method further includes: and when the trusted component is not successfully verified, closing the trusted component or forcibly restarting the trusted component.
With reference to the first aspect, in a second implementation of the first aspect, the method further includes: and if the signature verification in the boot process is unsuccessful, controlling the terminal equipment to execute reset operation until the signature verification in the boot process is successful.
With reference to the second implementation manner of the first aspect, in a third implementation manner of the first aspect, after the trusted component is executed when the trusted component is successfully verified, the method further includes: setting a protected storage area inside the trusted component; initializing the storage area and putting safety data in the storage area; and reading the security data based on a preset authority.
With reference to the third implementation manner of the first aspect, in a fourth implementation manner of the first aspect, after the trusted component is executed when the trusted component is successfully verified, the method further includes: acquiring a data length and a driving mode corresponding to a preset protocol based on the preset protocol of the trusted component; calling a hardware encryption engine according to the data length and the driving mode to acquire interface service of the encryption engine; and driving the encrypted hardware according to the interface service.
According to a second aspect, an embodiment of the present invention provides an apparatus for executing a trusted component of a terminal, including: the connection module is used for acquiring a communication interface of the terminal equipment and establishing communication connection with the trusted component; the starting module is used for starting the trusted component and verifying the trusted component; the execution module is used for executing the trusted component when the trusted component is verified successfully; the control module is used for controlling a boot process of an application system of the terminal equipment by using the control I/O of the trusted component; the judging module is used for judging whether the boot process is successful in signature verification through the trusted component; and the starting module is used for starting the application system of the terminal equipment if the label checking in the boot process is successful.
With reference to the second aspect, in a first implementation manner of the second aspect, after executing the modules, the apparatus further includes: a setting module for setting a protected storage area inside the trusted component; the initialization module is used for initializing the storage area and placing the safety data; and the reading module is used for reading the safety data based on the preset authority.
With reference to the first implementation manner of the second aspect, in a second implementation manner of the second aspect, after executing the module, the apparatus further includes: the acquisition module is used for acquiring the data length and the driving mode corresponding to the preset protocol based on the preset protocol of the trusted component; the calling module is used for calling a hardware encryption engine according to the data length and the driving mode to acquire interface service of the encryption engine; and the driving module is used for driving the encrypted hardware according to the interface service.
According to a third aspect, an embodiment of the present invention provides a computer device, including: a memory and a processor, the memory and the processor are communicatively connected to each other, the memory stores computer instructions, and the processor executes the computer instructions to perform the method for executing the trusted component of the terminal according to the first aspect or any embodiment of the first aspect.
According to a fourth aspect, an embodiment of the present invention provides a computer-readable storage medium, where computer instructions are stored, and the computer instructions are configured to cause the computer to execute the method for executing the trusted component of the terminal according to the first aspect or any implementation manner of the first aspect.
The technical scheme of the invention has the following advantages:
according to the execution method and device of the terminal trusted component and the computer equipment, the communication interface of the terminal equipment is obtained, the communication connection with the trusted component is established, the trusted component is started, the trusted component is verified, and when the trusted component is successfully verified, the trusted component is executed; the method comprises the steps of using a control I/O of a trusted component to control a boot process of an application system of the terminal device, judging whether the boot process is successfully signed by a signature check through the trusted component, starting the application system of the terminal device if the boot process is successfully signed by the signature check, ensuring that the terminal device can establish a safe communication channel with the trusted component, carrying out signature check on the boot process through the trusted component, and ensuring the safety of the application system of the terminal device and the credibility of the trusted component.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a flowchart of a method for executing a trusted component of a terminal according to an embodiment of the present invention;
fig. 2 is a schematic block diagram of an execution apparatus of a trusted component of a terminal in an embodiment of the present invention;
FIG. 3 is a diagram illustrating the results of a computer device according to an embodiment of the present invention.
Detailed Description
The technical solutions of the present invention will be described clearly and completely with reference to the accompanying drawings, and it should be understood that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In the description of the present invention, it should be noted that the terms "center", "upper", "lower", "left", "right", "vertical", "horizontal", "inner", "outer", etc., indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings, and are only for convenience of description and simplicity of description, but do not indicate or imply that the device or element being referred to must have a particular orientation, be constructed and operated in a particular orientation, and thus, should not be construed as limiting the present invention. Furthermore, the terms "first," "second," and "third" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
In the description of the present invention, it should be noted that, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral connection; can be mechanically or electrically connected; the two elements may be directly connected or indirectly connected through an intermediate medium, or may be communicated with each other inside the two elements, or may be wirelessly connected or wired connected. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.
In addition, the technical features involved in the different embodiments of the present invention described below may be combined with each other as long as they do not conflict with each other.
Example 1
The embodiment provides an execution method of a terminal trusted component, which can be used for trusted execution of a terminal device operating system of an electric power embedded system using multiple hardware platforms and multiple CPUs, as shown in fig. 1, and the method includes:
and S11, acquiring the communication interface of the terminal equipment, and establishing communication connection with the trusted component.
Illustratively, the communication Interface of the terminal device may be a serial port, or a Serial Peripheral Interface (SPI), or an Integrated Circuit bus (I2C), and the communication Interface is not limited in the present invention, and can be determined by those skilled in the art according to actual needs. The terminal device is usually provided with a communication interface, the trusted component can establish connection with the terminal device through the communication interface arranged on the terminal device, the terminal device can transmit original data to the trusted component through the communication interface, and the trusted component provides corresponding trusted support and security service for the terminal device through the communication interface.
And S12, starting the trusted component and checking the trusted component.
Illustratively, the trusted component contains a trusted component instruction set, which may enable detection of the trusted state initiated by the trusted component itself. After the trusted component is started, the trusted component can start the trusted state detection of the component, and the self-checking starting is realized. The starting self-check comprises a self-check part and a self-check result obtaining part, wherein the self-check part is used for checking the software and hardware states of the inside of the trusted component and the platform where the trusted component is located, and is a first command which is forcibly executed when the trusted component is started. And if the check fails, stopping starting the trusted component and the platform or forcibly restarting. The trusted component executes self-checking operation on all functions inside the trusted component; failure of any of the functional self-tests will result in the trusted component being unavailable. A self-test result is obtained and the command may return information describing the vendor specific block of the most recent self-test result.
The trusted component instruction set contained in the trusted component can also realize the configuration management of the trusted component, including the trusted component management and the trusted component upgrade. Wherein trusted component management comprises: (1) and the change authorization is used for changing an authorization password required by executing the command, and the authorization password is preset to a default value when the trusted component leaves the factory. The method specifically comprises the following steps: the trusted component verifies the old command authorization password; a new command authorization password is set. (2) And closing the trusted component for closing the trusted component function. The method specifically comprises the following steps: the trusted component verifies the command authorization password; the trusted component functionality is turned off from use. (3) And the starting trusted component is used for starting the functions of the trusted component. The method specifically comprises the following steps: the trusted component verifies the command authorization password; trusted component functionality is opened and made available. (4) And the clearing trusted component is used for clearing all data in the trusted component. The method specifically comprises the following steps: the trusted component verifies the command authorization password; and clearing all data in the trusted component. Component upgrades are used to upgrade trusted component content. The method specifically comprises the following steps: the trusted component verifies the command authorization password; and upgrading the content of the internal components of the trusted component.
And S13, executing the trusted component when the trusted component is verified successfully.
Illustratively, when the binary integrity metric values of the CPU of the terminal device and the software and hardware of the trusted component are the same as the binary integrity reference values stored in the trusted component, the self-checking of the trusted component is successful. After the self-checking of the trusted component is successful, the trusted component can be executed on the embedded platform, and the trusted component supports the trusted starting of the terminal and starts the trusted security of the terminal equipment. The method for supporting the terminal trusted boot by the trusted component comprises platform data protection, identity identification and certificate management.
The platform data protection comprises the following steps: generating an SMS4 key for generating an SMS4 symmetric key, and binding with a corresponding key handle, specifically: the trusted component verifies the command authorization password; the trusted component verifies whether a key of a specified type can be created, and if not, an error code can be returned; generating a symmetric key according to a key algorithm and parameter information in the input parameters, and binding a corresponding key handle; and returning the newly generated key to the output parameter. SMS4, encrypting plaintext data using SMS4 symmetric cipher algorithm, and returning ciphertext data. The trusted component uses the symmetric key to symmetrically encrypt the input data, and the data calculation mode adopts a CBC mode. The data filling principle satisfies: the length of the filled data must be an integral multiple of 16; the absence of a few bytes (d1) fills d1 bytes, each with d1 as the content, and if d1 is 0, fills 16 bytes, each with 16 as the content. The method specifically comprises the following steps: the trusted component verifies the command authorization password; if the length value of the encrypted data is 0, the trusted component returns an error code; validating the SMS4 encryption key handle and if not returning an error code; the trusted component encrypts the input parameter data using the SMS4 symmetric encryption algorithm and returns a ciphertext value. And the SMS4 decrypts, decrypts the ciphertext data by adopting an SMS4 symmetric cryptographic algorithm, and returns the plaintext data. The method specifically comprises the following steps: the trusted component verifies the command authorization password; if the length value of the data to be decrypted is 0, the trusted component returns an error code; validating the SMS4 decryption key handle, and if not, returning an error code; the trusted component decrypts the ciphertext and returns a plaintext value. SM2, encrypting the plaintext data by adopting an elliptic curve cryptography algorithm SM2, and returning the ciphertext data. The method specifically comprises the following steps: the trusted component verifies the command authorization password; if the length value of the data to be encrypted is 0, the trusted component returns an error code; validating the SM2 encryption key handle, and if not, returning an error code; the trusted component encrypts the data value to be encrypted using the SM2 encryption algorithm and returns a ciphertext value. And SM2, decrypting the ciphertext data by adopting an elliptic curve cryptography algorithm SM2, and returning the plaintext data. The method specifically comprises the following steps: the trusted component verifies the command authorization password; if the length value of the data to be decrypted is 0, the trusted component returns an error code; validating the SM2 decrypts the key handle, and if not, returns an error code; the trusted component decrypts the ciphertext and returns a plaintext value.
The identity identification comprises a signature and a signature verification, wherein the signature is used for signing the data, and a signature result is returned. When the chip internally carries out data signature, the data to be signed and the value of the PCR [0] are connected together and signed together, so that the data signature is ensured to be really implemented by a credible component. The trusted component signs data of a specified length size using a signature algorithm, the maximum value of the length and the form of the signature buffer depending on the signature algorithm. The method specifically comprises the following steps: the trusted component verifies the command authorization password; if the length value is 0, the trusted component returns an error code; verifying the signature key handle, and if not, returning an error code; the trusted component verifies that the value of the input parameter connected with the PCR [0] can be correctly signed by using a signature algorithm, and if the value is not correct, an error code is returned; the trusted component computes the signature and returns the signature value. And the verification label is used for verifying the correctness of the data signature and returning a verification result. The method specifically comprises the following steps: the trusted component verifies the command authorization password; if the length or the cache value is 0, the trusted component returns an error code; verifying the signed key handle, and if not, returning an error code; the trusted component connects the data to be signed with the PCR [0] value, verifies the signature and returns a verification result.
The certificate management comprises the steps of importing a certificate and obtaining the certificate, wherein the imported certificate is used for importing a public key certificate into the trusted component and binding the public key with the corresponding key handle. The method specifically comprises the following steps: the trusted component verifies the command authorization password; the trusted component verifies that the certificate format is correct, and otherwise, an error code is returned; the trusted component imports the certificate and binds it with the corresponding key handle. The get certificate is used to get a certificate specifying a key. The method specifically comprises the following steps: the trusted component verifies the command authorization password; and returning the acquired certificate.
And S14, controlling the boot process of the application system of the terminal equipment by using the control I/O of the trusted component.
Illustratively, according to an identity identification method provided by the trusted component for supporting trusted boot of the terminal, a boot process of an application system of the terminal device is controlled by controlling the I/O. The trusted component controls the boot process of the application system of the terminal device by controlling Reset or enable of the relevant terminal CPU of the application system.
And S15, judging whether the boot process is successfully signed by the trusted component.
For an exemplary specific description of the signature verification, refer to the related description of the signature verification corresponding to step S13, and no further description is given here.
And S16, if the label checking in the boot process is successful, starting the application system of the terminal equipment.
Illustratively, after the trusted component successfully verifies and signs the boot process of the terminal device application system, the terminal device application system is started.
In the execution method of the trusted terminal component provided by this embodiment, a communication interface of the terminal device is acquired, a communication connection is established with the trusted component, the trusted component is started, the trusted component is verified, and when the trusted component is successfully verified, the trusted component is executed; the method comprises the steps of using a control I/O of a trusted component to control a boot process of an application system of the terminal device, judging whether the boot process is successfully signed by a signature check through the trusted component, starting the application system of the terminal device if the boot process is successfully signed by the signature check, ensuring that the terminal device can establish a safe communication channel with the trusted component, carrying out signature check on the boot process through the trusted component, and ensuring the safety of the application system of the terminal device and the credibility of the trusted component.
As an optional embodiment of the present invention, the method further comprises: and if the signature verification in the boot process is unsuccessful, controlling the terminal equipment to execute reset operation until the signature verification in the boot process is successful.
For an exemplary specific description of the signature verification, refer to the related description of the signature verification corresponding to step S13, and no further description is given here. When the trusted component fails to verify the signature of the boot process of the terminal equipment application system, resetting a CPU of the terminal equipment if any one-step signature verification fails in the trusted starting of the terminal equipment application system; if the signature is over time, the CPU of the terminal equipment is reset, so that the application system is in a continuous reset state when the trusted start is unsuccessful and cannot work normally.
As an optional embodiment of the present invention, the method further comprises: and when the verification of the trusted component is unsuccessful, closing the trusted component or forcibly restarting the trusted component.
Illustratively, after the trusted component is started, the trusted component may start the trusted state detection of the component itself, so as to implement the self-test. The method comprises the steps of automatically running when a CPU and a trusted component of the terminal device are started, checking the states of a platform and a module, and closing the trusted component or forcibly restarting the trusted component if the states are not consistent with expectations, namely the binary integrity metric values of software and hardware of the CPU and the trusted component of the terminal device are different from the binary integrity reference values stored in the trusted component.
As an optional embodiment of the present invention, after step S13, the method further includes:
first, a protected storage area is set inside the trusted component.
For example, in order to ensure the security of data transmission between the terminal device and the trusted component, a protected storage area may be set inside the trusted component, and when the terminal device transmits the original data to the trusted component through the communication interface, the trusted component may store the received security data in the protected storage area set inside the trusted component.
Secondly, initializing a storage area and putting in security data.
Illustratively, after the trusted component receives the security data transmitted by the terminal device, before the security data is stored, the storage area needs to be initialized, and after the initialization is completed, the security data transmitted by the terminal device is stored in the storage area. The security data may include top security data that can only be placed when the storage area is initialized and can only be reset when authorized by a specific authority, and secondary security data.
And thirdly, reading the security data based on the preset authority.
Illustratively, the preset authority is a reading authority set for the security data, and corresponds to a reading mode of the highest security data and the secondary security data. The highest security data is placed into the storage area during initialization and cannot be read, if the highest security data is required to be modified, a corresponding preset authority is required, and the highest security data can only be reset under a specific preset authority. The time safety data can be read through a communication interface command according to a preset specific authority. The preset authority is not limited by the invention, and can be determined by the technical personnel in the field according to the actual requirement.
As an optional embodiment of the present invention, after step S13, the method further includes:
firstly, based on a preset protocol of a trusted component, acquiring a data length and a driving mode corresponding to the preset protocol.
For example, when the trusted component is safely started, the trusted software protocol stack may be checked based on a preset protocol, and the trusted software protocol stack checked by the trusted component is run, where the trusted software protocol stack may perform real-time check on all processes run by the terminal device. And acquiring the data length and the driving mode corresponding to the preset protocol according to the trusted start of the trusted component and the trusted software protocol stack.
And secondly, calling a hardware encryption engine according to the data length and the driving mode, and acquiring the interface service of the encryption engine.
Illustratively, according to the acquired data length and driving mode corresponding to the preset protocol, a hardware encryption engine in the trusted component hardware is called, an interface of the encryption engine is acquired, and then interface service provided by the interface is acquired.
And driving the encrypted hardware according to the interface service.
Illustratively, according to the acquired data length and the driving mode corresponding to the preset protocol, an interface service of a hardware encryption engine in the trusted component hardware is called, and the encrypted hardware is driven, so that the terminal device can call the interface service of the hardware encryption engine. The interface service provided to the outside includes: and (3) cryptographic operation: generating a random number, generating an identity key for a node, and acquiring a public key; identification: providing an identity key which can prove the identity of the node and a corresponding digital signature function for the node; certificate management: the certificate is imported, and the certificate function is obtained for the key application; platform data protection: generating a symmetric key for the node, providing functions such as encryption and decryption and the like, and protecting the confidentiality and integrity of node data; integrity storage, verification and reporting: the integrity reference value is put in, binary integrity measurement values of software and hardware of the nodes are stored, the current measurement values and the reference values are compared strictly, and signatures are carried out on the values according to requirements to realize integrity reporting; starting self-checking: the method is characterized by automatically running when a CPU and a trusted component of the terminal device are started, checking the states of a platform and a module, and stopping starting or forcibly restarting if the states are not accordant with expectations.
The method can support the electric power embedded system to use various hardware platforms and various CPUs, including a domestic Loongson CPU, a no-operating system and an embedded Linux operating system. The specific implementation process is as follows: the system starts from the trust root, before the control right of the system is transmitted to the next module, the next starting module is measured firstly, namely the hash value of the next starting module is calculated by using the hash algorithm, then the measurement result is expanded into a platform configuration register in a credible security chip, and the trust is transmitted layer by layer from the trust root by comparing with the credible system state measurement value, and finally the credibility of the terminal system environment can be ensured.
For a no-operating system, the execution process comprises: a terminal equipment manufacturer integrates a trusted chip on the terminal setting; a terminal equipment manufacturer stores an abstract of an initial chip authorized password in a ROM space, stores the abstract of the initial chip authorized password together with parameters such as a starting mark and the like, can also be stored in other places, is used when a chip instruction is called, and needs to update the abstract of the authorized password stored in the ROM if an application program calls a chip instruction to update the authorized password; and the terminal equipment manufacturer modifies the starting process to realize trusted starting.
For the embedded operating system, taking Linux operating system as an example, the other system principles are the same, and the execution process is as follows: a terminal equipment manufacturer integrates a trusted chip on a terminal; a terminal equipment manufacturer can be read and used in a ROM space in a starting process, stores an abstract of an initial chip authorization password, and is used when a chip instruction is called, if an application program calls a chip instruction to update the authorization password, the abstract of the authorization password stored in the ROM needs to be updated together; the terminal device manufacturer modifies the flow of boot code associated with stage2 to implement trusted boot.
The starting process of the Linux operating system terminal is as follows: starting a guide; a kernel; a file system. The implementation process depends on the architecture of the terminal device CPU, and the starting process can be divided into two stages of stage1 and stage 2. The workflow of the first phase of startup (Stage1) is: initializing hardware equipment; code relocation, preparing RAM space for loading Boot Loader's stage 2; loading the second stage code into RAM space; the setup stack jumps to the second stage code entry. Before loading the kernel image in the third step of the original workflow of the second Stage (Stage2) of BootLoader, integrity measurement and verification need to be added, and the process is as follows: initializing the hardware equipment used in the current stage; detecting system memory mapping; loading a kernel image, and calling an integrity measurement module according to the first address loaded to the memory and the length of the image; the integrity measurement module reads the kernel mirror image entry address and the mirror image length, performs integrity measurement on the kernel, writes the integrity measurement value in, and returns whether the measurement operation is successfully operated; if the integrity measurement module is successfully executed, Stage2 calls an extension command of the chip (the specific chip command calling format is in the power trusted component specification), sequentially transmits a command message type, the total byte number of all input parameters, an identification command code, a digest value of a command authorization password (stored in a ROM), a PCR index (0x3, extended to PCR No. 3) of a value to be updated, and a 160-bit integrity value (hash value calculated in step 3) to be extended, and extends the integrity measurement value to the PCR; then, calling a chip measurement command, referring to the electric power credible assembly specification by the transmitted parameters and the return values, comparing the values of No. 3 PCR, and carrying out integrity verification; if the verification is not passed, the CPU is reset; otherwise, loading the root file system mapping; setting a starting parameter of the kernel; the kernel is started.
After booting of the system is completed and the Linux kernel is called into the memory, a boot function is called, and the function jumps to the initial position of the kernel. If the kernel is not compressed, it can be started. And if the kernel is compressed, decompressing, wherein a decompressing program is arranged at the head of the compressed kernel, the kernel is placed at a specified position, and the kernel is started.
Example 2
The embodiment provides an execution device of a terminal trusted component, which can be used for trusted execution of a terminal device operating system of an electric power embedded system using multiple hardware platforms and multiple CPUs, as shown in fig. 2, and includes:
and the connection module 21 is configured to acquire a communication interface of the terminal device, and establish a communication connection with the trusted component. For details, refer to the related description of step S11 in the above method embodiment, and are not described herein again.
And the starting module 22 is used for starting the trusted component and verifying the trusted component. For details, refer to the related description of step S12 in the above method embodiment, and are not described herein again.
And the execution module 23 is used for executing the trusted component when the trusted component is verified successfully. For details, refer to the related description of step S13 in the above method embodiment, and are not described herein again.
And the control module 24 is used for controlling the boot process of the application system of the terminal equipment by using the control I/O of the trusted component. For details, refer to the related description of step S14 in the above method embodiment, and are not described herein again.
And the judging module 25 is configured to judge whether the boot process is successfully signed by checking through the trusted component. For details, refer to the related description of step S15 in the above method embodiment, and are not described herein again.
And the starting module 26 is configured to start the application system of the terminal device if the label checking in the boot process is successful. For details, refer to the related description of step S16 in the above method embodiment, and are not described herein again.
The execution device of the trusted terminal assembly provided by this embodiment obtains the communication interface of the terminal device through the connection module, establish communication connection with the trusted assembly, start the trusted assembly by the start module, verify the trusted assembly, when the trusted assembly is successfully verified, execute the trusted assembly by the execution module, control the boot process of the application system of the control I/O control terminal device of the trusted assembly by the control module, the judgment module can judge whether the boot process is successfully signed through the trusted assembly, if the boot process is successfully signed, start the application system of the terminal device through the start module. The device ensures that the terminal equipment can establish a safe communication channel with the trusted component, and the trusted component is used for verifying and signing the boot process, so that the safety of the terminal equipment application system and the credibility of the trusted component are ensured.
As an optional embodiment of the present invention, the apparatus further comprises:
and the closing module is used for closing the trusted component or forcibly restarting the trusted component when the verification of the trusted component is unsuccessful. For details, reference is made to the description of the above method embodiments, which are not repeated herein.
As an optional embodiment of the present invention, the apparatus further comprises:
and the resetting module is used for controlling the terminal equipment to execute resetting operation if the signature verification in the boot process is unsuccessful until the signature verification in the boot process is successful. For details, reference is made to the description of the above method embodiments, which are not repeated herein.
As an optional embodiment of the present invention, after executing the module, the apparatus further includes:
a setup module to set up a protected storage area inside the trusted component. For details, reference is made to the description of the above method embodiments, which are not repeated herein.
And the initialization module is used for initializing the storage area and putting in the security data. For details, reference is made to the description of the above method embodiments, which are not repeated herein.
And the reading module is used for reading the safety data based on the preset authority. For details, reference is made to the description of the above method embodiments, which are not repeated herein.
As an optional embodiment of the present invention, after executing the module, the apparatus further includes:
and the acquisition module is used for acquiring the data length and the driving mode corresponding to the preset protocol based on the preset protocol of the trusted component. For details, reference is made to the description of the above method embodiments, which are not repeated herein.
And the calling module is used for calling the hardware encryption engine according to the data length and the driving mode to acquire the interface service of the encryption engine. For details, reference is made to the description of the above method embodiments, which are not repeated herein.
And the driving module is used for driving the encrypted hardware according to the interface service. For details, reference is made to the description of the above method embodiments, which are not repeated herein.
Example 3
An embodiment of the present invention further provides a computer device, as shown in fig. 3, the device includes a processor 31 and a memory 32, where the processor 31 and the memory 32 may be connected by a bus or in another manner, and fig. 3 takes the connection by the bus 30 as an example.
The processor 31 may be a Central Processing Unit (CPU). The Processor 31 may also be other general-purpose processors, Digital Signal Processors (DSPs), Graphics Processing Units (GPUs), embedded Neural Network Processors (NPUs), or other dedicated deep learning coprocessors, Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs), or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components, or any combination thereof.
The memory 32 is a non-transitory computer readable storage medium, and can be used for storing non-transitory software programs, non-transitory computer executable programs, and modules, such as program instructions/modules corresponding to the execution method of the terminal trusted component in the embodiment of the present invention (for example, the connection module 21, the starting module 22, the execution module 23, the control module 24, the judgment module 25, and the starting module 26 shown in fig. 2). The processor 31 executes various functional applications and data processing of the processor by executing the non-transitory software programs, instructions and modules stored in the memory 32, that is, implements the execution method of the terminal trusted component in the above method embodiment.
The memory 32 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created by the processor 31, and the like. Further, the memory 32 may include high speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, the memory 32 may optionally include memory located remotely from the processor 31, and these remote memories may be connected to the processor 31 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The one or more modules are stored in the memory 32 and, when executed by the processor 31, perform the method of execution of the trusted component of the terminal as in the embodiment shown in fig. 1.
Establishing communication connection with the trusted component by acquiring a communication interface of the terminal equipment, starting the trusted component, checking the trusted component, and executing the trusted component when the trusted component is successfully checked; the method comprises the steps of using a control I/O of a trusted component to control a boot process of an application system of the terminal device, judging whether the boot process is successfully signed by a signature check through the trusted component, starting the application system of the terminal device if the boot process is successfully signed by the signature check, ensuring that the terminal device can establish a safe communication channel with the trusted component, carrying out signature check on the boot process through the trusted component, and ensuring the safety of the application system of the terminal device and the credibility of the trusted component.
The details of the computer device may be understood by referring to the corresponding descriptions and effects in the embodiments shown in fig. 1 to fig. 2, and are not described herein again.
An embodiment of the present invention further provides a non-transitory computer storage medium, where the computer storage medium stores computer-executable instructions, and the computer-executable instructions may execute the execution method of the terminal trusted component in any method embodiment described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a Flash Memory (Flash Memory), a hard disk (hard disk Drive, abbreviated as HDD), a Solid State Drive (SSD), or the like; the storage medium may also comprise a combination of memories of the kind described above.
It should be understood that the above examples are only for clarity of illustration and are not intended to limit the embodiments. Other variations and modifications will be apparent to persons skilled in the art in light of the above description. And are neither required nor exhaustive of all embodiments. And obvious variations or modifications therefrom are within the scope of the invention.
Claims (10)
1. An execution method of a terminal trusted component is characterized by comprising the following steps:
acquiring a communication interface of the terminal equipment, and establishing communication connection with the trusted component;
starting a trusted component, and verifying the trusted component;
executing the trusted component when the trusted component is verified successfully;
controlling a boot process of an application system of the terminal equipment by using the control I/O of the trusted component;
judging whether the boot process is successfully signed by the trusted component;
and if the label checking in the boot process is successful, starting an application system of the terminal equipment.
2. The method of claim 1, further comprising:
and when the trusted component is not successfully verified, closing the trusted component or forcibly restarting the trusted component.
3. The method of claim 1, further comprising:
and if the signature verification in the boot process is unsuccessful, controlling the terminal equipment to execute reset operation until the signature verification in the boot process is successful.
4. The method of claim 3, wherein after executing the trusted component when the trusted component checks successfully, the method further comprises:
setting a protected storage area inside the trusted component;
initializing the storage area and putting safety data in the storage area;
and reading the security data based on a preset authority.
5. The method of claim 4, wherein after executing the trusted component when the trusted component checks successfully, the method further comprises:
acquiring a data length and a driving mode corresponding to a preset protocol based on the preset protocol of the trusted component;
calling a hardware encryption engine according to the data length and the driving mode to acquire interface service of the encryption engine;
and driving the encrypted hardware according to the interface service.
6. An apparatus for executing a trusted component of a terminal, comprising:
the connection module is used for acquiring a communication interface of the terminal equipment and establishing communication connection with the trusted component;
the starting module is used for starting the trusted component and verifying the trusted component;
the execution module is used for executing the trusted component when the trusted component is verified successfully;
the control module is used for controlling a boot process of an application system of the terminal equipment by using the control I/O of the trusted component;
the judging module is used for judging whether the boot process is successful in signature verification through the trusted component;
and the starting module is used for starting the application system of the terminal equipment if the label checking in the boot process is successful.
7. The apparatus of claim 6, wherein after executing the module, the apparatus further comprises:
a setting module for setting a protected storage area inside the trusted component;
the initialization module is used for initializing the storage area and placing the safety data;
and the reading module is used for reading the safety data based on the preset authority.
8. The apparatus of claim 7, wherein after executing the module, the apparatus further comprises:
the acquisition module is used for acquiring the data length and the driving mode corresponding to the preset protocol based on the preset protocol of the trusted component;
the calling module is used for calling a hardware encryption engine according to the data length and the driving mode to acquire interface service of the encryption engine;
and the driving module is used for driving the encrypted hardware according to the interface service.
9. A computer device, comprising:
a memory and a processor, the memory and the processor being communicatively connected to each other, the memory having stored therein computer instructions, the processor executing the computer instructions to perform the method of executing the terminal trusted component according to any one of claims 1 to 5.
10. A computer-readable storage medium, characterized in that it stores computer instructions for causing the computer to execute the execution method of a terminal trusted component according to any one of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911411800.1A CN111177709A (en) | 2019-12-31 | 2019-12-31 | Execution method and device of terminal trusted component and computer equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911411800.1A CN111177709A (en) | 2019-12-31 | 2019-12-31 | Execution method and device of terminal trusted component and computer equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111177709A true CN111177709A (en) | 2020-05-19 |
Family
ID=70655964
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911411800.1A Pending CN111177709A (en) | 2019-12-31 | 2019-12-31 | Execution method and device of terminal trusted component and computer equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111177709A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112035844A (en) * | 2020-08-31 | 2020-12-04 | 全球能源互联网研究院有限公司 | System and method for acquiring trust state of terminal and computer equipment |
| CN112464174A (en) * | 2020-10-27 | 2021-03-09 | 华控清交信息科技(北京)有限公司 | Method and device for verifying multi-party secure computing software and device for verifying |
| CN112506267A (en) * | 2020-12-01 | 2021-03-16 | 上海银基信息安全技术股份有限公司 | RTC calibration method, vehicle-mounted terminal, user side and storage medium |
| CN113254029A (en) * | 2020-12-30 | 2021-08-13 | 深圳怡化电脑股份有限公司 | Peripheral interface setting method and device of terminal equipment and electronic equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101504705A (en) * | 2009-03-17 | 2009-08-12 | 武汉大学 | Trusted platform module and its computer starting control method |
| CN103902915A (en) * | 2014-04-17 | 2014-07-02 | 中国科学院信息工程研究所 | Trustable industrial control terminal and establishing method thereof |
| CN107403098A (en) * | 2017-06-13 | 2017-11-28 | 北京溢思得瑞智能科技研究院有限公司 | The active safety means of defence and credible industrial control computer of credible industrial control computer startup stage |
| CN108280351A (en) * | 2017-12-25 | 2018-07-13 | 上海电力学院 | A kind of credible startup method of the electricity consumption acquisition terminal based on TPM |
| CN110110526A (en) * | 2019-05-08 | 2019-08-09 | 郑州信大捷安信息技术股份有限公司 | A kind of safety starting device and method based on safety chip |
-
2019
- 2019-12-31 CN CN201911411800.1A patent/CN111177709A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101504705A (en) * | 2009-03-17 | 2009-08-12 | 武汉大学 | Trusted platform module and its computer starting control method |
| CN103902915A (en) * | 2014-04-17 | 2014-07-02 | 中国科学院信息工程研究所 | Trustable industrial control terminal and establishing method thereof |
| CN107403098A (en) * | 2017-06-13 | 2017-11-28 | 北京溢思得瑞智能科技研究院有限公司 | The active safety means of defence and credible industrial control computer of credible industrial control computer startup stage |
| CN108280351A (en) * | 2017-12-25 | 2018-07-13 | 上海电力学院 | A kind of credible startup method of the electricity consumption acquisition terminal based on TPM |
| CN110110526A (en) * | 2019-05-08 | 2019-08-09 | 郑州信大捷安信息技术股份有限公司 | A kind of safety starting device and method based on safety chip |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112035844A (en) * | 2020-08-31 | 2020-12-04 | 全球能源互联网研究院有限公司 | System and method for acquiring trust state of terminal and computer equipment |
| CN112464174A (en) * | 2020-10-27 | 2021-03-09 | 华控清交信息科技(北京)有限公司 | Method and device for verifying multi-party secure computing software and device for verifying |
| CN112464174B (en) * | 2020-10-27 | 2023-09-29 | 华控清交信息科技(北京)有限公司 | Method and device for verifying multi-party security computing software and device for verification |
| CN112506267A (en) * | 2020-12-01 | 2021-03-16 | 上海银基信息安全技术股份有限公司 | RTC calibration method, vehicle-mounted terminal, user side and storage medium |
| CN112506267B (en) * | 2020-12-01 | 2024-04-19 | 上海银基信息安全技术股份有限公司 | RTC calibration method, vehicle-mounted terminal, user and storage medium |
| CN113254029A (en) * | 2020-12-30 | 2021-08-13 | 深圳怡化电脑股份有限公司 | Peripheral interface setting method and device of terminal equipment and electronic equipment |
| CN113254029B (en) * | 2020-12-30 | 2024-02-02 | 深圳怡化电脑股份有限公司 | Peripheral interface setting method and device of terminal equipment and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10244394B2 (en) | Method and update gateway for updating an embedded control unit | |
| CN111177709A (en) | Execution method and device of terminal trusted component and computer equipment | |
| KR102285236B1 (en) | Secure os boot as per reference platform manifest and data sealing | |
| US11361087B2 (en) | Security data processing device | |
| CN110737897B (en) | Method and system for starting measurement based on trusted card | |
| US20210012008A1 (en) | Method of initializing device and method of updating firmware of device having enhanced security function | |
| TW201732669A (en) | Controlled secure code authentication | |
| EP3637297A1 (en) | Securing firmware | |
| CN110795742B (en) | Metric processing method, device, storage medium and processor for high-speed cryptographic operation | |
| EP3343424B1 (en) | Control board secure start method, and software package upgrade method and device | |
| US11270003B2 (en) | Semiconductor device including secure patchable ROM and patch method thereof | |
| CN110688660A (en) | Method and device for safely starting terminal and storage medium | |
| CN109814934B (en) | Data processing method, device, readable medium and system | |
| WO2020037613A1 (en) | Security upgrade method, apparatus and device for embedded program, and storage medium | |
| CN111147259B (en) | Authentication method and device | |
| US20220182248A1 (en) | Secure startup method, controller, and control system | |
| CN113055340B (en) | Authentication method and equipment | |
| CN112861137A (en) | Secure firmware | |
| CN115688120A (en) | Secure chip firmware importing method, secure chip and computer readable storage medium | |
| CN113885907A (en) | Firmware upgrading system and method | |
| CN108228219B (en) | Method and device for verifying BIOS validity during in-band refreshing of BIOS | |
| CN114391134A (en) | Flashing processing method and related device | |
| CN112000935A (en) | Remote authentication method, device, system, storage medium and computer equipment | |
| KR20190118894A (en) | A secure boot method for secure usb device | |
| EP4354792A1 (en) | A device and a method for performing a cryptographic operation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200519 |
|
| RJ01 | Rejection of invention patent application after publication |