CN114547626A - Hypervisor-based kernel starting method and device and electronic equipment - Google Patents

Hypervisor-based kernel starting method and device and electronic equipment Download PDF

Info

Publication number
CN114547626A
CN114547626A CN202210159541.3A CN202210159541A CN114547626A CN 114547626 A CN114547626 A CN 114547626A CN 202210159541 A CN202210159541 A CN 202210159541A CN 114547626 A CN114547626 A CN 114547626A
Authority
CN
China
Prior art keywords
hypervisor
bootloader
kernel
public
public key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210159541.3A
Other languages
Chinese (zh)
Inventor
不公告发明人
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhongling Zhixing Chengdu Technology Co ltd
Original Assignee
Zhongling Zhixing Chengdu Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhongling Zhixing Chengdu Technology Co ltd filed Critical Zhongling Zhixing Chengdu Technology Co ltd
Priority to CN202210159541.3A priority Critical patent/CN114547626A/en
Publication of CN114547626A publication Critical patent/CN114547626A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45575Starting, stopping, suspending or resuming virtual machine instances
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Stored Programmes (AREA)

Abstract

The disclosure relates to a kernel starting method and device based on Hypervisor and an electronic device, wherein the method comprises the following steps: generating a plurality of pairs of public and private key cipher pairs by using an asymmetric encryption algorithm; the multiple pairs of public and private key password pairs comprise Hypervisor public and private key password pairs and OS public and private key password pairs; signing the Hypervisor by utilizing a Hypervisor private key; signing the OS kernel by using an OS private key; writing the Hypervisor public key and the OS public key into the RPMB partition; when the Hypervisor is started through the Bootloader, the Hypervisor public key is used for verifying the Hypervisor and a corresponding signature; when the OS kernel is started, the OS public key is used for verifying the OS kernel and the corresponding signature. The scheme is used for solving the technical problem that in the prior art, after the ARM platform introduces the virtualization technology, the data security in the system is reduced, the accuracy of signature verification is realized, and the technical effects of trusted start and system data security are guaranteed.

Description

Hypervisor-based kernel starting method and device and electronic equipment
Technical Field
The present disclosure relates to the field of computer security, and in particular, to a kernel booting method and apparatus based on Hypervisor, and an electronic device.
Background
The ARM (advanced RISC machines) platform is widely applied to equipment such as Internet of things equipment, intelligent equipment and industrial control equipment due to the characteristics of low power consumption, high performance and the like. The system-related image of the ARM platform is directly burned on the storage medium, and a hacker can acquire device sensitive data by burning a defective OS. To ensure the security of data on a device, a secure trusted OS is necessary.
The ARM platform generally starts an OS kernel by a Bootloader; thus, the key to trusted boot of the ARM platform is how Bootloader boots the secure OS kernel. Typically, Bootloader will perform an authenticated boot of the OS.
With the improvement of chip computing power, the use of virtualization technology on the ARM is a wide demand, the Hypervisor serving as a virtual machine management system is loaded by the Bootloader, and after the Hypervisor is successfully started, resources are allocated for each virtual machine and an OS corresponding to the virtual machine is started.
After the ARM platform introduces the virtualization technology, because the OS is started by the Hypervisor, the Bootloader cannot directly start the OS, and therefore the Bootloader cannot verify and start the OS, and an attacker can start the unverified OS only by starting one Hypervisor with a defect, and further data in the system can be acquired. Therefore, the technical problem that the data security in the system is reduced after the ARM platform introduces the virtualization technology exists in the prior art.
Disclosure of Invention
The purpose of the disclosure is to provide a kernel starting method and device based on Hypervisor, and an electronic device, which are used for solving the technical problem in the prior art that after an ARM platform introduces a virtualization technology, the data security in a system is reduced.
In order to achieve the above object, a first aspect of the present disclosure provides a kernel booting method based on Hypervisor, where the method includes:
generating a plurality of pairs of public and private key cipher pairs by using an asymmetric encryption algorithm; the multiple pairs of public and private key password pairs comprise a Hypervisor public and private key password pair and an OS public and private key password pair;
signing the Hypervisor by utilizing a Hypervisor private key;
signing the OS kernel by using an OS private key;
writing the Hypervisor public key and the OS public key into the RPMB partition; when the Hypervisor is started through the Bootloader, the Hypervisor public key is used for verifying the Hypervisor and a corresponding signature; when the OS kernel is started, the OS public key is used for verifying the OS kernel and the corresponding signature.
Optionally, the multiple pairs of public and private key passwords further include Bootloader public and private key password pairs; the method further comprises the following steps:
signing the Bootloader by using a Bootloader private key; and hard-coding the Bootloader public key into a ROM code.
Optionally, the multiple pairs of public and private key passwords further include a virtual Bootloader public and private key password pair; the method further comprises the following steps:
signing the virtual Bootloader by using a private key of the virtual Bootloader; writing the virtual Bootloader public key into the RPMB partition; when the virtual Bootloader is started through the Hypervisor, the virtual Bootloader public key is used for verifying the virtual Bootloader and a corresponding signature.
A second aspect of the present disclosure provides a kernel booting method based on Hypervisor, where the method includes:
starting Bootloader through ROM code;
reading a Hypervisor public key from an RPMB partition when the Hypervisor is started through the Bootloader;
verifying the Hypervisor and the corresponding signature by using the Hypervisor public key; if the verification is successful, starting the Hypervisor;
when the OS kernel is started through the Hypervisor, reading an OS public key from the RPMB partition;
and verifying the OS kernel and the corresponding signature by using the OS public key, and starting the OS kernel if the verification is successful.
Optionally, starting Bootloader through ROM code includes:
verifying the Bootloader and the corresponding signature by using a Bootloader public key which is hard coded into a ROM code; and if the verification is successful, starting the Bootloader.
Optionally, if a virtual Bootloader exists in the system, starting an OS kernel through the Hypervisor, including the following steps:
starting a virtual Bootloader through the Hypervisor;
when the virtual Bootloader is started through the Hypervisor, reading a public key of the virtual Bootloader from the RPMB partition;
verifying the virtual Bootloader and the corresponding signature by using the public key of the virtual Bootloader; and if the verification is successful, starting the virtual Bootloader.
And after the virtual Bootloader is started, starting the OS kernel through the virtual Bootloader.
A third aspect of the present disclosure provides a kernel booting apparatus based on Hypervisor, including:
the password pair generation module is used for generating a plurality of pairs of public and private key password pairs by using an asymmetric encryption algorithm; the multiple pairs of public and private key password pairs comprise Hypervisor public and private key password pairs and OS public and private key password pairs;
the Hypervisor signature module is used for signing the Hypervisor by utilizing a Hypervisor private key;
the OS kernel signing module is used for signing the OS kernel by using an OS private key;
the storage module is used for writing the Hypervisor public key and the OS public key into the RPMB partition; when the Hypervisor is started through the Bootloader, the Hypervisor public key is used for verifying the Hypervisor and a corresponding signature; when the OS kernel is started, the OS public key is used for verifying the OS kernel and the corresponding signature.
A fourth aspect of the present disclosure provides a kernel booting apparatus based on Hypervisor, including:
the Bootloader starting module is used for starting the Bootloader through the ROM code;
the Hypervisor public key reading module is used for reading the Hypervisor public key from the RPMB partition when the Hypervisor is started through the Bootloader;
the Hypervisor verification module is used for verifying the Hypervisor and the corresponding signature by using the Hypervisor public key; if the verification is successful, starting the Hypervisor;
the OS public key reading module is used for reading an OS public key from the RPMB partition when the OS kernel is started through the Hypervisor;
and the OS kernel verification module is used for verifying the OS kernel and the corresponding signature by using the OS public key, and starting the OS kernel if the verification is successful.
A fifth aspect of the present disclosure provides a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of the method of the first aspect.
A sixth aspect of the present disclosure provides an electronic device, comprising:
a memory having a computer program stored thereon;
a processor for executing the computer program in the memory to implement the steps of the method of the first aspect.
Through the technical scheme, a plurality of pairs of public and private key cipher pairs are generated by using an asymmetric encryption algorithm; the multiple pairs of public and private key password pairs comprise Hypervisor public and private key password pairs and OS public and private key password pairs; then, signing the Hypervisor by utilizing a Hypervisor private key; the OS kernel is signed by using an OS private key, and a Hypervisor public key and an OS public key are written into a partition by using an RPMB (Replay Protected Memory Block) partition and then are prohibited to be modified, so that the technical problem that the data security in a system is reduced after an ARM platform introduces a virtualization technology in the prior art is solved, the accuracy of signature verification is realized, and the technical effects of trusted start and system data security are ensured.
Additional features and advantages of the disclosure will be set forth in the detailed description which follows.
Drawings
The accompanying drawings, which are included to provide a further understanding of the disclosure and are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description serve to explain the disclosure without limiting the disclosure. In the drawings:
FIG. 1 is a block diagram illustrating an ARM platform boot core in accordance with an illustrative embodiment;
FIG. 2 is a flowchart illustrating a Hypervisor-based method of launching a kernel in accordance with an exemplary embodiment;
FIG. 3 is another flowchart illustration of a Hypervisor-based method of booting a kernel in accordance with an exemplary embodiment;
FIG. 4 is yet another flowchart illustration of a Hypervisor-based method of booting a kernel in accordance with an exemplary embodiment;
FIG. 5 is a block diagram illustrating a Hypervisor-based method of launching a kernel in accordance with an exemplary embodiment;
FIG. 6 is a block diagram illustrating a Hypervisor-based apparatus to launch a kernel in accordance with an exemplary embodiment;
FIG. 7 is another block diagram illustrating a Hypervisor-based apparatus to launch a kernel in accordance with an exemplary embodiment;
FIG. 8 is a block diagram illustrating an electronic device in accordance with an example embodiment.
Detailed Description
The following detailed description of the embodiments of the disclosure refers to the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating the present disclosure, are given by way of illustration and explanation only, not limitation.
In the embodiment of the present disclosure, the ARM platform uses emmc (embedded Multi Media card)/UFS (Universal Flash Storage) as its Storage medium, and in order to meet the requirement of trusted boot, an RPMB partition of the Storage medium needs to be used, and the partition can access data only by a trusted end. RPMB is a secure partition of a storage medium that is specifically designed to store sensitive data.
The general startup mode of the ARM platform is as follows: 1, electrifying; 2, starting Bootloader by ROM code (hereinafter referred to as ROM code); and 3, loading the OS kernel and starting. The rom code cannot be changed, and the rom code ensures the security of the Bootloader, so that the key of the trusted boot of the ARM platform lies in how the Bootloader guides a secure OS kernel. Generally, Bootloader performs authenticated boot on the OS to complete trusted boot. The method comprises the steps of generating a public and private key by using an asymmetric encryption algorithm, signing an OS kernel by using the private key, embedding the public key into an unchangeable area of an ARM platform (such as directly coding the public key into a Bootloader or writing the public key into a tee environment, namely a trusted execution environment), and after the Bootloader is started, obtaining the public key by the Bootloader and verifying the signature of the OS kernel to finish trusted starting.
With the improvement of chip computing power, the use of virtualization technology on the ARM is a wide demand, the Hypervisor serving as a virtual machine management system is loaded by the Bootloader, and after the Hypervisor is successfully started, resources are allocated for each virtual machine and an OS corresponding to the virtual machine is started. After the Hypervisor is introduced, the starting mode of the ARM platform is changed into the following mode: 1, electrifying; 2, starting Bootloader by rom code; 3, Bootloader starts Hypervisor; 4, the Hypervisor starts a virtual Bootloader; 5. the virtual Bootloader starts the OS. The virtual Bootloader is responsible for initializing the virtual machine resources and loading and booting the virtual machine OS, and is optional, and if the virtual Bootloader does not exist in the system, the Hypervisor directly starts the OS, as shown in fig. 1.
In the embodiment of the disclosure, in order to ensure trusted boot, a kernel booting method based on Hypervisor is disclosed, as shown in fig. 2, including the following steps.
Step 201, generating a plurality of pairs of public and private key pairs by using an asymmetric encryption algorithm; the multiple pairs of public and private key cryptography pairs comprise a Hypervisor public and private key cryptography pair and an OS public and private key cryptography pair.
Step 202, signing the Hypervisor by utilizing a Hypervisor private key.
Step 203, the OS kernel is signed with the OS private key.
Step 204, writing the Hypervisor public key and the OS public key into the RPMB partition.
When the Hypervisor is started through the Bootloader, the Hypervisor public key is used for verifying the Hypervisor and a corresponding signature; when the OS kernel is started, the OS public key is used for verifying the OS kernel and the corresponding signature.
As described in the above specification, the RPMB partition has only trusted sides to access data. The RPMB is specially designed to store sensitive data as a safe partition of the storage medium, so that the security of the secret key can be ensured by writing the Hypervisor public key and the OS public key into the RPMB partition.
Then, when the OS kernel is started, the Hypervisor public key is used for verifying the Hypervisor and the corresponding signature, and the OS public key is used for verifying the OS kernel and the corresponding signature, so that trusted starting is ensured.
In one possible embodiment, the plurality of pairs of public-private key-ciphers further includes a Bootloader public-private key-cipher pair; signing the Bootloader by using a Bootloader private key; and hard-coding the Bootloader public key into a ROM code. When the Bootloader is started, verifying the Bootloader and a corresponding signature by using a Bootloader public key; and if the verification is successful, starting the Bootloader.
In the embodiment of the disclosure, if the system has a virtual Bootloader, the multiple pairs of public and private key passwords further include a virtual Bootloader public and private key password pair; signing the virtual Bootloader by using a private key of the virtual Bootloader; writing the virtual Bootloader public key into the RPMB partition; and when the virtual Bootloader is started through the Hypervisor, the virtual Bootloader public key is used for verifying the virtual Bootloader and the corresponding signature.
Based on the same inventive concept, the embodiment of the present disclosure further provides a kernel starting method based on Hypervisor, as shown in fig. 3, including the following steps.
Step 301, starting Bootloader through ROM code;
step 302, when the Hypervisor is started through the Bootloader, reading a Hypervisor public key from an RPMB partition;
step 303, verifying the Hypervisor and the corresponding signature by using the Hypervisor public key; if the verification is successful, starting the Hypervisor;
step 304, when the OS kernel is started through the Hypervisor, reading an OS public key from the RPMB partition;
step 305, the OS kernel and the corresponding signature are verified by using the OS public key, and if the verification is successful, the OS kernel is started.
As described in the above specification, the RPMB partition has only trusted sides to access data. The RPMB is specially designed to store sensitive data as a safe partition of the storage medium, so that the security of the secret key can be ensured by writing the Hypervisor public key and the OS public key into the RPMB partition.
Then, when the OS kernel is started, the Hypervisor public key is used for verifying the Hypervisor and the corresponding signature, and the OS public key is used for verifying the OS kernel and the corresponding signature, so that trusted starting is ensured.
In the embodiment of the disclosure, when the Bootloader is started by the rom code, the Bootloader and the corresponding signature are verified by using a Bootloader public key hard-coded in the rom code; and if the verification is successful, starting the Bootloader.
Because the Bootloader public key is directly hard coded into the rom code, and the rom code can not be read and written, the trusted mirror image starting of the Bootloader is ensured.
In the embodiment of the disclosure, whether the virtual Bootloader exists in the system is divided into the following two cases.
In one possible implementation, if the system does not have the virtual Bootloader, the Hypervisor directly starts the OS kernel after verifying the OS kernel.
When the OS kernel is verified through the Hypervisor, reading an OS public key from the RPMB partition, and verifying the OS kernel and a corresponding signature by using the OS public key; if the verification is successful, the OS kernel is started.
In another possible implementation manner, if the system has the virtual Bootloader, when the OS kernel is started through the Hypervisor, the virtual Bootloader is verified and started through the Hypervisor first; and after the virtual Bootloader is started, verifying the OS kernel through the virtual Bootloader and starting.
When the virtual Bootloader is started through the Hypervisor, reading a public key of the virtual Bootloader from the RPMB partition; then, the virtual Bootloader public key is used for verifying the virtual Bootloader and the corresponding signature; and if the verification is successful, starting the virtual Bootloader. After the virtual Bootloader is started, reading an OS public key from the RPMB partition, and verifying the OS kernel and the corresponding signature by using the OS public key; if the verification is successful, the OS kernel is started.
Next, a method for launching a kernel based on Hypervisor in the embodiment of the present disclosure is described by way of an example, and as shown in fig. 4 and 5, if a virtual Bootloader exists in a system, the method includes the following steps.
Step 401, generating a plurality of pairs of public and private key pairs by using an asymmetric encryption algorithm;
the system comprises a Bootloader public and private key password pair (priv _ bl, pub _ bl), a Hypervisor public and private key password pair (priv _ hyp, pub _ hyp), a virtual Bootloader public and private key password pair (priv _ vbl, pub _ vbl) and an OS public and private key password pair (priv _ OS, pub _ OS).
Step 402, signing Bootloader by using private key priv _ bl; and hard-encodes the public key pub _ bl into rom code.
Step 403, signing the Hypervisor by using the private key priv _ hyp; and writes the public key pub _ hyp to the RPMB partition.
Step 404, signing the virtual Bootloader by using a private key priv _ vbl; and writes the public key pub _ vbl to the RPMB partition.
Step 405, signing the OS with private key priv _ OS; and writes the public key pub _ os to the RPMB partition.
At step 406, the rom code and signature are line packaged and deployed.
Step 407, packaging and burning the Hypervisor and the signature.
And step 408, packaging and programming the virtual Bootloader and the signature.
Step 409, packaging and programming the OS and the signature.
And step 410, the rom code verifies the Bootloader and the signature by using the Bootloader public key. If the verification is successful, the next stage is started, otherwise, the power is directly cut off or the system is suspended.
Step 411, Bootloader obtains the public key of Hypervisor from the RPMB partition, and verifies Hypervisor and the signature. If the verification is successful, starting the next stage, otherwise directly powering down or suspending the system.
Step 412, the Hypervisor acquires the public key of the virtual Bootloader from the RPMB partition, and verifies the virtual Bootloader and the signature. If the verification is successful, starting to the next stage, otherwise, directly powering down or suspending the system.
And 413, the virtual Bootloader acquires the public key of the OS from the RPMB partition, verifies the OS and the signature, starts to the next stage if the verification is successful, and directly powers down or suspends the system if the verification is not successful.
In the process, the rom code deployment is carried out by using a specific tool, and a third party cannot read and write the rom code after the deployment. So that the third party cannot obtain the Bootloader public key.
In the process, the public key is written into the RPMB partition by using a specific tool, and the Bootloader/Hypervisor/virtual Bootloader can only read the public key but cannot write the public key. An attacker cannot tamper with the corresponding public key.
If the virtual Bootloader does not exist in the system, step 404, step 408 and step 412 in the above process are optional, and when the virtual Bootloader does not exist in the system, the Hypervisor directly obtains the OS public key and verifies the OS and the signature.
In the embodiment of the disclosure, the RPMB partition is utilized, and the public key is written in and is prohibited from being modified, so that the accuracy of signature verification is realized, and the trusted mirror image is ensured to be started.
The public key is directly hard coded into the rom code, and the rom code cannot be read and written, so that the trusted mirror image starting of the Bootloader is ensured.
And ensuring trusted boot of the Bootloader by the rom code, ensuring trusted boot of the Hypervisor, ensuring trusted boot of the virtual Bootloader by the Hypervisor, ensuring trusted boot of the OS by the virtual Bootloader, forming a complete trusted boot chain, and finally completing the trusted boot of the whole system.
Compared with the prior art, Trusted boot of the Hypervisor is completed by using a TPM (Trusted Platform Module) Module on an X86 Platform. Although the ARM platform can realize the trusted boot by using the RPMB partition, the trusted boot chain of the ARM platform can be interrupted after the Hypervisor is introduced, and the Hypervisor under the ARM platform can still ensure the trusted boot of the whole system after the scheme of the embodiment of the disclosure is used.
Based on the same inventive concept, as shown in fig. 6, an embodiment of the present disclosure further provides a kernel booting apparatus 600 based on Hypervisor, including: a cipher pair generating module 601, configured to generate multiple pairs of public-private key cipher pairs by using an asymmetric encryption algorithm; the multiple pairs of public and private key password pairs comprise Hypervisor public and private key password pairs and OS public and private key password pairs; a Hypervisor signature module 602, configured to sign the Hypervisor by using a Hypervisor private key; an OS kernel signing module 603 configured to sign an OS kernel using an OS private key; a storage module 604, configured to write the Hypervisor public key and the OS public key into the RPMB partition; when the Hypervisor is started through the Bootloader, the Hypervisor public key is used for verifying the Hypervisor and a corresponding signature; when the OS kernel is started, the OS public key is used for verifying the OS kernel and the corresponding signature.
Based on the same inventive concept, as shown in fig. 7, an embodiment of the present disclosure further provides a kernel booting apparatus 700 based on Hypervisor, including:
a Bootloader starting module 701, configured to start a Bootloader through a ROM code;
a Hypervisor public key reading module 702, configured to read a Hypervisor public key from an RPMB partition when the Hypervisor is started through the Bootloader; a Hypervisor verifying module 703, configured to verify the Hypervisor and the corresponding signature by using the Hypervisor public key; if the verification is successful, starting the Hypervisor; an OS public key reading module 704, configured to read an OS public key from the RPMB partition when the OS kernel is started by the Hypervisor; the OS kernel verification module 705 is configured to verify the OS kernel and the corresponding signature by using the OS public key, and if the verification is successful, start the OS kernel.
With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.
Fig. 8 is a block diagram illustrating an electronic device 800 in accordance with an example embodiment. As shown in fig. 8, the electronic device 800 may include: a processor 801, a memory 802. The electronic device 800 may also include one or more of a multimedia component 803, an input/output (I/O) interface 804, and a communications component 805.
The processor 801 is configured to control the overall operation of the electronic device 800, so as to complete all or part of the steps in the method for booting the kernel based on the Hypervisor. The memory 802 is used to store various types of data to support operation at the electronic device 800, such as instructions for any application or method operating on the electronic device 800 and application-related data, such as contact data, messages sent or received, pictures, audio, video, and so forth. The Memory 802 may be implemented by any type of volatile or non-volatile Memory device or combination thereof, such as Static Random Access Memory (SRAM), Electrically Erasable Programmable Read-Only Memory (EEPROM), Erasable Programmable Read-Only Memory (EPROM), Programmable Read-Only Memory (PROM), Read-Only Memory (ROM), magnetic Memory, flash Memory, magnetic disk or optical disk. The multimedia components 803 may include screen and audio components. Wherein the screen may be, for example, a touch screen and the audio component is used for outputting and/or inputting audio signals. For example, the audio component may include a microphone for receiving external audio signals. The received audio signal may further be stored in the memory 802 or transmitted through the communication component 805. The audio assembly also includes at least one speaker for outputting audio signals. The I/O interface 804 provides an interface between the processor 801 and other interface modules, such as a keyboard, mouse, buttons, etc. These buttons may be virtual buttons or physical buttons. The communication component 805 is used for wired or wireless communication between the electronic device 800 and other devices. Wireless Communication, such as Wi-Fi, bluetooth, Near Field Communication (NFC), 2G, 3G, 4G, NB-IOT, eMTC, or other 5G, etc., or a combination of one or more of them, which is not limited herein. The corresponding communication component 805 may therefore include: Wi-Fi module, Bluetooth module, NFC module, etc.
In an exemplary embodiment, the electronic Device 800 may be implemented by one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), controllers, microcontrollers, microprocessors, or other electronic components for performing the above-described method for launching a kernel based on a Hypervisor.
In another exemplary embodiment, a computer readable storage medium including program instructions which, when executed by a processor, implement the steps of the above-described Hypervisor-based method of booting a kernel is also provided. For example, the computer readable storage medium may be the memory 802 described above including program instructions that are executable by the processor 801 of the electronic device 800 to perform the method for booting a kernel based on Hypervisor described above.
In another exemplary embodiment, a computer program product is also provided, which comprises a computer program executable by a programmable apparatus, the computer program having code portions for performing the above-mentioned method of Hypervisor-based boot kernel when executed by the programmable apparatus.
The preferred embodiments of the present disclosure are described in detail with reference to the accompanying drawings, however, the present disclosure is not limited to the specific details of the above embodiments, and various simple modifications may be made to the technical solution of the present disclosure within the technical idea of the present disclosure, and these simple modifications all belong to the protection scope of the present disclosure.
It should be noted that, in the foregoing embodiments, various features described in the above embodiments may be combined in any suitable manner, and in order to avoid unnecessary repetition, various combinations that are possible in the present disclosure are not described again.
In addition, any combination of various embodiments of the present disclosure may be made, and the same should be considered as the disclosure of the present disclosure, as long as it does not depart from the spirit of the present disclosure.

Claims (10)

1. A kernel starting method based on Hypervisor is characterized by comprising the following steps:
generating a plurality of pairs of public and private key cipher pairs by using an asymmetric encryption algorithm; the multiple pairs of public and private key password pairs comprise Hypervisor public and private key password pairs and OS public and private key password pairs;
signing the Hypervisor by utilizing a Hypervisor private key;
signing the OS kernel by using an OS private key;
writing the Hypervisor public key and the OS public key into the RPMB partition; when the Hypervisor is started through the Bootloader, the Hypervisor public key is used for verifying the Hypervisor and a corresponding signature; when the OS kernel is started, the OS public key is used for verifying the OS kernel and the corresponding signature.
2. The method of claim 1, wherein the plurality of pairs of public-private key ciphers further includes a Bootloader public-private key cipher pair; the method further comprises the following steps:
signing the Bootloader by using a Bootloader private key; and hard-coding the Bootloader public key into a ROM code.
3. The method of claim 1, wherein the plurality of pairs of public-private key ciphers further includes a virtual Bootloader public-private key cipher pair; the method further comprises the following steps:
signing the virtual Bootloader by using a private key of the virtual Bootloader; writing the virtual Bootloader public key into the RPMB partition; when the virtual Bootloader is started through the Hypervisor, the virtual Bootloader public key is used for verifying the virtual Bootloader and a corresponding signature.
4. A kernel starting method based on Hypervisor is characterized by comprising the following steps:
starting Bootloader through ROM code;
reading a Hypervisor public key from an RPMB partition when the Hypervisor is started through the Bootloader;
verifying the Hypervisor and the corresponding signature by using the Hypervisor public key; if the verification is successful, starting the Hypervisor;
reading an OS public key from the RPMB partition when the OS kernel is started through the Hypervisor;
and verifying the OS kernel and the corresponding signature by using the OS public key, and starting the OS kernel if the verification is successful.
5. The method of claim 4, wherein booting the Bootloader via ROM code comprises:
verifying the Bootloader and the corresponding signature by using a Bootloader public key hard-coded into a ROM code; and if the verification is successful, starting the Bootloader.
6. The method of claim 4, wherein if a virtual Bootloader exists in the system, starting an OS kernel through the Hypervisor, comprising the steps of:
starting a virtual Bootloader through the Hypervisor;
when the virtual Bootloader is started through the Hypervisor, reading a public key of the virtual Bootloader from the RPMB partition;
verifying the virtual Bootloader and the corresponding signature by using the virtual Bootloader public key; if the verification is successful, starting the virtual Bootloader;
and after the virtual Bootloader is started, verifying and starting the OS kernel through the virtual Bootloader.
7. A Hypervisor-based kernel booting apparatus, comprising:
the password pair generation module is used for generating a plurality of pairs of public and private key password pairs by using an asymmetric encryption algorithm; the multiple pairs of public and private key password pairs comprise Hypervisor public and private key password pairs and OS public and private key password pairs;
the Hypervisor signature module is used for signing the Hypervisor by utilizing a Hypervisor private key;
the OS kernel signing module is used for signing the OS kernel by using an OS private key;
the storage module is used for writing the Hypervisor public key and the OS public key into the RPMB partition; when the Hypervisor is started through Bootloader, the Hypervisor public key is used for verifying the Hypervisor and a corresponding signature; when the OS kernel is started, the OS public key is used for verifying the OS kernel and the corresponding signature.
8. A Hypervisor-based kernel booting apparatus, comprising:
the Bootloader starting module is used for starting the Bootloader through the ROM code;
the Hypervisor public key reading module is used for reading the Hypervisor public key from the RPMB partition when the Hypervisor is started through the Bootloader;
the Hypervisor verification module is used for verifying the Hypervisor and the corresponding signature by utilizing the Hypervisor public key; if the verification is successful, starting the Hypervisor;
the OS public key reading module is used for reading an OS public key from the RPMB partition when the OS kernel is started through the Hypervisor;
and the OS kernel verification module is used for verifying the OS kernel and the corresponding signature by using the OS public key, and starting the OS kernel if the verification is successful.
9. A non-transitory computer readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 6.
10. An electronic device, comprising:
a memory having a computer program stored thereon;
a processor for executing the computer program in the memory to carry out the steps of the method of any one of claims 1 to 6.
CN202210159541.3A 2022-02-22 2022-02-22 Hypervisor-based kernel starting method and device and electronic equipment Pending CN114547626A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210159541.3A CN114547626A (en) 2022-02-22 2022-02-22 Hypervisor-based kernel starting method and device and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210159541.3A CN114547626A (en) 2022-02-22 2022-02-22 Hypervisor-based kernel starting method and device and electronic equipment

Publications (1)

Publication Number Publication Date
CN114547626A true CN114547626A (en) 2022-05-27

Family

ID=81677532

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210159541.3A Pending CN114547626A (en) 2022-02-22 2022-02-22 Hypervisor-based kernel starting method and device and electronic equipment

Country Status (1)

Country Link
CN (1) CN114547626A (en)

Similar Documents

Publication Publication Date Title
EP3458999B1 (en) Self-contained cryptographic boot policy validation
CN109669734B (en) Method and apparatus for starting a device
CN110663027B (en) Method and system for securely booting a computing system
US10032030B2 (en) Trusted kernel starting method and apparatus
RU2542930C2 (en) Booting and configuring subsystem securely from non-local storage
EP2962241B1 (en) Continuation of trust for platform boot firmware
US11829479B2 (en) Firmware security verification method and device
KR101066727B1 (en) Secure booting a computing device
US8782801B2 (en) Securing stored content for trusted hosts and safe computing environments
KR100792287B1 (en) Method for security and the security apparatus thereof
TW202009778A (en) Firmware upgrade method and device
CN108154025A (en) Method, the method and device of application program mirror image processing of embedded device startup
KR20200085724A (en) Method and system for providing secure communication between a host system and a data processing accelerator
CN109614798B (en) Safe starting method and device and terminal equipment
CN110874467B (en) Information processing method, device, system, processor and storage medium
WO2017045627A1 (en) Control board secure start method, and software package upgrade method and device
US11803644B2 (en) Security hardened processing device
CN109814934B (en) Data processing method, device, readable medium and system
CN112148314B (en) Mirror image verification method, device and equipment of embedded system and storage medium
CN112528244A (en) Method for processing data by a data processing accelerator and data processing accelerator
KR20210089486A (en) Apparatus and method for securely managing keys
US20160350537A1 (en) Central processing unit and method to verify mainboard data
CN112528245A (en) Method for processing data by a data processing accelerator and data processing accelerator
CN112528242A (en) System and method for configuring watermarking units using watermarking algorithms for data processing accelerators
CN107924440B (en) Method, system, and computer readable medium for managing containers

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination