CN115017497B - Information processing method, device and storage medium - Google Patents

Information processing method, device and storage medium Download PDF

Info

Publication number
CN115017497B
CN115017497B CN202111408863.9A CN202111408863A CN115017497B CN 115017497 B CN115017497 B CN 115017497B CN 202111408863 A CN202111408863 A CN 202111408863A CN 115017497 B CN115017497 B CN 115017497B
Authority
CN
China
Prior art keywords
tee
virtual machine
processing request
security service
machine manager
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111408863.9A
Other languages
Chinese (zh)
Other versions
CN115017497A (en
Inventor
杜杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Honor Device Co Ltd
Original Assignee
Honor Device Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Honor Device Co Ltd filed Critical Honor Device Co Ltd
Priority to CN202111408863.9A priority Critical patent/CN115017497B/en
Publication of CN115017497A publication Critical patent/CN115017497A/en
Application granted granted Critical
Publication of CN115017497B publication Critical patent/CN115017497B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6281Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database at program execution time, where the protection is within the operating system

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the application provides an information processing method, an information processing device and a storage medium, which relate to the technical field of terminals, and the method comprises the following steps: the first CA sends a first processing request to the virtual machine manager; the virtual machine manager sends a first processing request to a first TEE where a first TA is located; the first TA processes the first security service by accessing the first hardware resource to obtain a processing result of the first security service; the first TA sends a second processing request to the security monitor; the safety monitor sends a second processing request to a second TEE where a second TA is located; and the second TA processes the second security service by accessing the second hardware resource to obtain a processing result of the second security service. The first TA corresponding to the first CA is abnormal in the process of performing the first security service processing in the first TEE operating system, and the second TA can still perform the second security service processing normally, thereby improving the performance of the terminal device.

Description

Information processing method, device and storage medium
Technical Field
The present application relates to the field of computer security technologies, and in particular, to an information processing method, an information processing apparatus, and a storage medium.
Background
With the development of mobile internet technology, the application of intelligent terminal equipment is more and more extensive. In order to protect user privacy and information security, a Rich Execution Environment (REE) and a Trusted Execution Environment (TEE) are included in the terminal device.
The REE in the terminal equipment is an open operating environment, and the TEE is isolated from the REE. The REE has no direct access to the TEE's hardware and software resources, so the TEE can resist software attacks that occur on the REE side. Security traffic in the terminal equipment may be performed in the TEE to protect user privacy and information security. The security service includes encryption and decryption, signing, secure storage, biometric identification and other services.
Disclosure of Invention
The embodiment of the application provides an information processing method, an information processing device and a storage medium, relates to the technical field of computer security, and is beneficial to improving the performance of terminal equipment.
In a first aspect, an embodiment of the present application provides an information processing method, which is applied to a terminal device; the terminal equipment is deployed with a rich execution environment REE, a virtual machine manager, at least two trusted execution environments TEEs and a security monitor, wherein the at least two TEEs comprise a first TEE running under a virtual machine mechanism and a second TEE running under a TrustZone mechanism, the first TEE and the second TEE have different resource access rights, the different resource access rights correspond to different accessed hardware resources, the first TEE correspondingly accesses a first hardware resource, the second TEE correspondingly accesses a second hardware resource, and the REE at least comprises a first client application program CA; any TEE comprises one or more trusted application program (TA), and the first safety service of the first CA corresponds to the first TA; the first TA is deployed in a first TEE; the second safety service of the first CA corresponds to a second TA; the second TA is deployed in a second TEE; the first TA correspondingly accesses the first hardware resource, and the second TA correspondingly accesses the second hardware resource; the virtual machine manager is used for routing the processing request of the CA to the TA corresponding to the CA; the method comprises the following steps: the method comprises the steps that a first CA sends a first processing request to a virtual machine manager; the first processing request is used for requesting to process a first security service and the second security service; the first processing request includes an identification of the first TA; the virtual machine manager sends a first processing request to a first TEE where a first TA is located; the first TA processes the first security service by accessing the first hardware resource to obtain a processing result of the first security service; the first TA sends a second processing request to the security monitor; the second processing request is used for requesting to process a second security service; the second processing request includes an identification of the second TA; the safety monitor sends a second processing request to a second TEE where a second TA is located; and the second TA processes the second safety service by accessing the second hardware resource to obtain a processing result of the second safety service.
In the embodiment of the application, the first TEE and the second TEE have different resource access authorities, the first TEE and the REE are safely isolated by adopting a virtual machine mode, the second TEE is isolated by utilizing a hardware isolation technology TrustZone, the first TEE correspondingly accesses a first hardware resource, and the second TEE correspondingly accesses a second hardware resource. Therefore, even if an abnormality occurs in the process that the first TA corresponding to the first CA performs the first security service processing by accessing the first hardware resource, the second TA cannot be influenced by processing the second security service by accessing the second hardware resource, and the performance of the terminal equipment is improved.
In a possible implementation, the method further includes: the second TA sends the processing result of the second security service to the first TA through the security monitor; the first TA sends a processing result of the second security service to the virtual machine manager; and the virtual machine manager sends the processing result of the second security service to the first CA.
In this way, in the case that the first processing request further includes a request for processing the second security service (or the first processing request is used for requesting for processing the first security service, but the processing of the first security service needs to involve the processing of the second security service), the first TA may send the second processing request to the second TA in the high security TEE, the second processing request is used for processing the second security service, and the high security TEE communicates with the first TEE through the security monitor, so that the high security TEE is isolated from the first TEE hardware, and the security of information processing performed by the terminal device is further enhanced.
In another possible implementation manner, the method further includes: the second TA sends the processing result of the second security service to the first TA through the security monitor; the first TA sends a processing result of the second security service to the virtual machine manager; and the virtual machine manager sends the processing result of the second security service to the first CA.
In another possible implementation manner, the at least two TEEs further include a third TEE running under the virtual machine mechanism; the third TEE correspondingly accesses a third hardware resource; the REE further comprises a second CA; the third safety service of the second CA corresponds to a third TA; the third TA is deployed in a third TEE; the method further comprises the following steps: the second CA sends a third processing request to the virtual machine manager; the third processing request is used for requesting to process a third safety service; the third processing request includes an identification of the third TA; the virtual machine manager sends a third processing request to a third TEE where a third TA is located; and the third TA processes the third safety service by accessing the third hardware resource to obtain a processing result of the third safety service. Therefore, the first TEE and the second TEE under the virtual machine mechanism are isolated, even if the first TA corresponding to the first CA is abnormal in the process of processing the first security service by accessing the first hardware resource, the third TA can not be influenced by processing the third security service by accessing the third hardware resource, and the performance of the terminal equipment is further improved.
In another possible implementation manner, the method further includes: the first TA sends a processing result of the first security service to the virtual machine manager; and the virtual machine manager sends the processing result of the first security service to the first CA.
In another possible implementation manner, the sending, by the virtual machine manager, the first processing request to the first TEE where the first TA is located includes: the virtual machine manager acquires an identifier of a first TEE corresponding to the identifier of the first TA according to the target corresponding relation; the target corresponding relation is the corresponding relation between the identification of the TA and the identification of the TEE; the virtual machine manager switches the operating system operated by the terminal equipment into an operating system corresponding to the first TEE according to the identifier of the first TEE; and the virtual machine manager sends a first processing request to the first TA through an operating system corresponding to the first TEE according to the identifier of the first TA.
In another possible implementation manner, the first processing request further includes an identifier of the first TEE; the virtual machine manager sends a first processing request to a first TEE where a first TA is located, and the first processing request comprises: the virtual machine manager switches the operating system operated by the terminal equipment to the operating system corresponding to the identifier of the first TEE according to the identifier of the first TEE; and the virtual machine manager sends a first processing request to the first TA through an operating system corresponding to the identifier of the first TEE according to the identifier of the first TA.
In a second aspect, an embodiment of the present application provides an information processing method, which is applied to a terminal device; the terminal equipment is provided with a rich execution environment REE and a virtual machine manager, at least two TEEs comprise a first TEE and a second TEE which run under a virtual machine mechanism, the first TEE and the second TEE have different resource access authorities, the different resource access authorities correspond to different accessed hardware resources, the first TEE correspondingly accesses a first hardware resource, the second TEE correspondingly accesses a second hardware resource, and the REE at least comprises a first client application program CA and a second CA; any TEE comprises one or more trusted application program (TA), and the first safety service of the first CA corresponds to the first TA; the first TA is deployed in a first TEE; the second safety service of the second CA corresponds to the second TA; the second TA is deployed in a second TEE; the first TA correspondingly accesses the first hardware resource, and the second TA correspondingly accesses the second hardware resource; the virtual machine manager is used for routing the processing request of the CA to the TA corresponding to the CA; the method comprises the following steps: the first CA sends a first processing request to the virtual machine manager; the first processing request is used for requesting to process the first security service; the first processing request includes an identification of the first TA; the virtual machine manager sends a first processing request to a first TEE where a first TA is located according to the identifier of the first TA; the first TA processes the first security service by accessing the first hardware resource to obtain a processing result of the first security service; the second CA sends a second processing request to the virtual machine manager; the second processing request is used for requesting to process a second security service; the second processing request includes an identification of the second TA; the virtual machine manager sends a second processing request to a second TEE where a second TA is located according to the identifier of the second TA; and the second TA processes the second safety service by accessing the second hardware resource to obtain a processing result of the second safety service.
In the embodiment of the application, the first TEE and the second TEE have different resource access permissions, the first TEE, the REE and the second TEE achieve safety isolation in a virtual machine mode, the first TEE correspondingly accesses the first hardware resource, and the second TEE correspondingly accesses the second hardware resource. Therefore, even if an abnormality occurs in the process that the first TA corresponding to the first CA performs the first security service processing by accessing the first hardware resource, the second TA cannot be influenced by accessing the second hardware resource to process the second security service, so that the performance of the terminal equipment is improved.
In a third aspect, an embodiment of the present application provides an information processing apparatus, including a rich execution environment REE, a virtual machine manager, at least two trusted execution environments TEE, and a security monitor; the at least two TEEs comprise a first TEE running under a virtual machine mechanism and a second TEE running under a TrustZone mechanism, the first TEE and the second TEE have different resource access authorities, the different resource access authorities correspond to different accessed hardware resources, the first TEE correspondingly accesses a first hardware resource, and the second TEE correspondingly accesses a second hardware resource; the REE comprises at least a first client application CA; any TEE comprises one or more trusted application program (TA), and the first safety service of the first CA corresponds to the first TA; the first TA is deployed in a first TEE; the second safety service of the first CA corresponds to a second TA; the second TA is deployed in the second TEE; the first TA correspondingly accesses the first hardware resource, and the second TA correspondingly accesses the second hardware resource; the first CA is used for sending a first processing request to the virtual machine manager; the first processing request is used for requesting to process the first security service; the first processing request includes an identification of the first TA; the virtual machine manager is used for sending a first processing request to a first TEE where the first TA is located; the first TA is used for processing the first safety service by accessing the first hardware resource to obtain a processing result of the first safety service; the first TA is further configured to send a second processing request to the security monitor; the second processing request is used for requesting to process a second security service; the second processing request includes an identification of the second TA; the safety monitor is used for sending a second processing request to a second TEE where a second TA is located; the second TA is configured to process the second security service by accessing the second hardware resource, and obtain a processing result of the second security service.
Optionally, the second TA sends the processing result of the second security service to the first TA through the security monitor; the first TA sends a processing result of the second security service to the virtual machine manager; and the virtual machine manager sends the processing result of the second security service to the first CA.
Optionally, the at least two TEEs further include a third TEE running under the virtual machine mechanism; the third TEE correspondingly accesses a third hardware resource; the REE further comprises a second CA; a third safety service of the second CA corresponds to a third TA; the third TA is deployed in a third TEE; the second CA is also used for sending a third processing request to the virtual machine manager; the third processing request is used for requesting to process a third security service; the third processing request includes an identification of the third TA; the virtual machine manager is also used for sending a third processing request to a third TEE where a third TA is located; the third TA is configured to process the third security service by accessing the third hardware resource, and obtain a processing result of the third security service.
Optionally, the first TA is further configured to send a processing result of the first security service to the virtual machine manager; the virtual machine manager is further configured to send a processing result of the first security service to the first CA.
Optionally, the virtual machine manager is specifically configured to obtain, according to the target correspondence, an identifier of the first TEE corresponding to the identifier of the first TA; the target corresponding relation is the corresponding relation between the identification of the TA and the identification of the TEE; the virtual machine manager is used for switching the operating system operated by the terminal equipment into an operating system corresponding to the first TEE according to the identifier of the first TEE; the virtual machine manager is configured to send a first processing request to the first TA through an operating system corresponding to the first TEE according to the identifier of the first TA.
Optionally, the first processing request further includes an identifier of the first TEE; the virtual machine manager is used for switching the operating system operated by the terminal equipment into an operating system corresponding to the identifier of the first TEE according to the identifier of the first TEE; the virtual machine manager is used for sending a first processing request to the first TA through an operating system corresponding to the identifier of the first TEE according to the identifier of the first TA.
In a fourth aspect, an embodiment of the present application provides another information processing apparatus, including a rich execution environment REE and a virtual machine manager, where at least two TEEs include a first TEE and a second TEE running under a virtual machine mechanism, the first TEE and the second TEE have different resource access permissions, the different resource access permissions correspond to different accessed hardware resources, the first TEE correspondingly accesses a first hardware resource, and the second TEE correspondingly accesses a second hardware resource; the REE comprises at least a first client application CA and a second CA; any TEE comprises one or more trusted application program (TA), and the first safety service of the first CA corresponds to the first TA; the first TA is deployed in a first TEE; the second security service of the second CA corresponds to the second TA; the second TA is deployed in a second TEE; the first TA correspondingly accesses the first hardware resource, and the second TA correspondingly accesses the second hardware resource; the first CA is used for sending a first processing request to the virtual machine manager; the first processing request is used for requesting to process the first security service; the first processing request includes an identification of the first TA; the virtual machine manager is used for sending a first processing request to a first TEE where a first TA is located according to the identifier of the first TA; the first TA is used for processing the first safety service by accessing the first hardware resource to obtain a processing result of the first safety service; the second CA is used for sending a second processing request to the virtual machine manager; the second processing request is used for requesting to process a second security service; the second processing request includes an identification of the second TA; the virtual machine manager is used for sending a second processing request to a second TEE where a second TA is located according to the identifier of the second TA; the second TA is configured to process the second security service by accessing the second hardware resource, and obtain a processing result of the second security service.
In a fifth aspect, an embodiment of the present application provides an electronic device, where the electronic device includes a memory and a processor, where the memory is used to store a computer program, and the processor is used to execute the computer program to perform the information processing method described in the foregoing first aspect or any one of the possible implementations of the first aspect, or to perform the information processing method described in the foregoing second aspect or any one of the possible implementations of the second aspect.
In a sixth aspect, an embodiment of the present application provides a computer-readable storage medium, where a computer program or an instruction is stored, and when the computer program or the instruction runs on a computer, the computer is caused to execute the information processing method described in the first aspect or any one of the possible implementation manners of the first aspect, or the computer is caused to execute the information processing method described in the second aspect or any one of the possible implementation manners of the second aspect.
In a seventh aspect, an embodiment of the present application provides a computer program product including a computer program, when the computer program runs on a computer, the computer is caused to execute the information processing method described in the first aspect or any one of the possible implementations of the first aspect, or the computer is caused to execute the information processing method described in the second aspect or any one of the possible implementations of the second aspect.
In an eighth aspect, the present application provides a chip or a chip system, where the chip or the chip system includes at least one processor and a communication interface, the communication interface and the at least one processor are interconnected by a line, and the at least one processor is configured to execute a computer program or instructions to perform the information processing method described in the first aspect or any one of the possible implementations of the first aspect, or to perform the information processing method described in the second aspect or any one of the possible implementations of the second aspect. The communication interface in the chip may be an input/output interface, a pin, a circuit, or the like.
In one possible implementation, the chip or chip system described above in this application further comprises at least one memory having instructions stored therein. The memory may be a storage unit inside the chip, such as a register, a cache, etc., or may be a storage unit of the chip (e.g., a read-only memory, a random access memory, etc.).
It should be understood that the third aspect to the eighth aspect of the present application correspond to the technical solutions of the first aspect or the second aspect of the present application, and the beneficial effects achieved by the aspects and the corresponding possible implementations are similar and will not be described again.
Drawings
Fig. 1 is a schematic diagram illustrating that a current terminal device processes security service related information based on an architecture of an REE and a TEE;
FIG. 2 is a schematic diagram of a current terminal device;
fig. 3 is a framework diagram of multi-TEE security management and control of a terminal device according to an embodiment of the present disclosure;
fig. 4 is a schematic view illustrating an interaction flow of each part in a terminal device framework according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of a terminal device according to an embodiment of the present application;
fig. 6 is a block diagram of a software structure of a terminal device to which the embodiment of the present application is applied;
fig. 7 is a schematic flowchart of an information processing method according to an embodiment of the present application;
FIG. 8 is a flowchart illustrating another information processing method according to an embodiment of the present application
Fig. 9 is a schematic structural diagram of a chip according to an embodiment of the present application.
Detailed Description
In the embodiments of the present application, the words "first", "second", and the like are used to distinguish the same items or similar items having substantially the same functions and actions. For example, the first chip and the second chip are only used for distinguishing different chips, and the order of the chips is not limited. Those skilled in the art will appreciate that the terms "first," "second," etc. do not denote any order or quantity, nor do the terms "first," "second," etc. denote any order or importance.
It should be noted that in the embodiments of the present application, words such as "exemplary" or "for example" are used to indicate examples, illustrations or explanations. Any embodiment or design described herein as "exemplary" or "such as" is not necessarily to be construed as preferred or advantageous over other embodiments or designs. Rather, use of the word "exemplary" or "such as" is intended to present concepts related in a concrete fashion.
In the embodiments of the present application, "at least one" means one or more, "a plurality" means two or more. "and/or" describes the association relationship of the associated object, indicating that there may be three relationships, for example, a and/or B, which may indicate: a exists alone, A and B exist simultaneously, and B exists alone, wherein A and B can be singular or plural. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. "at least one of the following" or similar expressions refer to any combination of these items, including any combination of the singular or plural items. For example, at least one (one) of a, b, or c, may represent: a, b, c, a-b, a-c, b-c, or a-b-c, wherein a, b, c may be single or multiple.
At present, under the condition that only one TEE is deployed on terminal equipment, multiple security services run in the same running space, the platform technical requirements on a TEE operating system are very high, and if the TEE operating system is defective, after being triggered by one service and causing an exception, other services can possibly not run normally. When an exception occurs in a terminal device when processing a first security service of a first Client Application (CA), the exception may also occur in the terminal device when processing a second security service of a second CA.
Illustratively, as shown in fig. 1, the terminal equipment includes REE and TEE. The TEE and the REE are two independent operating environments, wherein the REE is a common execution environment in the electronic device. In the REE, a CA for a Digital Rights Management (DRM) service, a CA for a payment service, and a CA for an unlocking service may be run. A Trusted Application (TA) for unlocking the service, a TA for payment service, and a TA for DRM service may be run in the TEE. Under the condition that a multimedia file protected by copyright is played in the REE, the TA of the DRM service is abnormal when the service is processed, so that the multimedia file cannot be normally played, and at the moment, under the condition that the terminal equipment runs the CA of the payment service, the TA of the payment service can also be abnormal.
Generally, the terminal device runs the CA in the REE, and processes the security service corresponding to the CA in the TEE. For example, the terminal device runs the first application and the second application in the REE, and processes the first security service and the second security service in the TEE. The REE is also called a general operating environment, and mainly includes a Rich operating system (Rich operating system, rich OS) running on a general-purpose processor, or the REE operating system, and a CA running on the REE operating system. The TEE is an independent operating environment running outside the REE, and mainly includes a Trusted operating system (Trusted OS), or TEE operating system, and one or more Trusted applications running on the TEE operating system.
TEE is isolated from REE. The REE has no direct access to the TEE's hardware and software resources, both through a security monitor (security monitor) based interaction. The safety monitor realizes the switching between the TEE operating system and the REE operating system and the information interaction between the TA and the corresponding CA.
ARM TrustZone is a SoC and CPU system wide security solution introduced by ARM corporation and is currently widely used on some application processors that employ the ARM instruction set. The ARM TrustZone is a hardware-based security function, and introduces two protection domains with different authorities, namely a security world and a common world, at a processor level by modifying an original hardware architecture, wherein the processor only runs in one environment at any time. Meanwhile, the two worlds are completely isolated by hardware and have different authorities, the access of an application program or an operating system running in the normal world to the resources of the secure world is strictly limited, and conversely, the program running in the secure world can normally access the resources in the normal world. This property of hardware isolation and different permissions between the two worlds provides an efficient mechanism for protecting code and data of applications: the normal world is typically used to run commodity operating systems (e.g., android, iOS, etc.), which provide the REE; the secure world then always uses a secure small kernel (TEE-kernel) to provide the TEE, where confidential data can be stored and accessed. Thus, even if the operating system in the normal world is corrupted or hacked (e.g., iOS has been jail-broken or Android has been ROOT), the hacker still cannot obtain the confidential data stored in the TEE.
Later Cortex TM The A processor adopts a TrustZone architecture, and a processor mode called a monitor mode is introduced into the architecture, wherein the mode is responsible for keeping the processor state during world transition, and the two worlds can enter the monitor mode through a privilege instruction called a Security Monitor (SMC) and realize switching between the monitor mode and the monitor mode. The security monitor is a module in ARM Trusted Firmware (ATF).
Fig. 2 is a schematic diagram of a current terminal device framework. Wherein, this frame includes: REE and TEE. The REE and the TEE are two independent operation environments, wherein the REE is a common execution environment in the electronic equipment. In the REE, a CA20, a CA21, and a REE operating system 22 may be running. The security service in CA20 corresponds to TA30, and the security service in CA21 corresponds to TA31. When a call to TA30 or TA31 is required, the REE operating system 22 may communicate with the TEE operating system 32 through an trusted execution environment client Application Programming Interface (API), requesting a call to TA30 or TA31.
The REE operating system 22 includes drivers to support data transfers between the system and hardware devices, and to support trusted application interactions between the REE and the TEE. For example, may include a trusted application module (trusted application driver), a clock driver, and the like.
The ARM (advanced RISC machines) integrates the TrustZone technology and the Coretex-A processor, and provides a platform capable of supporting a complete trusted execution environment TEE, a security aware application program and security services, namely the TEE is used as a trusted execution environment in electronic equipment, and a trusted application is provided for the REE side. The TEE is a safe area, the TA30, the TA31 and the TEE operating system 32 run in the independent environment, the TA30 and the TA31 run on the TEE operating system 32 based on TrustZone technology, and the TEE is separated from the operating system on the REE side, so that software/malicious software attacks can be prevented. And TrustZone technology may support system switching to a secure mode to provide isolation of hardware support. In addition, TEE operating system 32 provides trusted application support by calling the TEE internal application programming interface to communicate with REE operating system 22.
In addition, an ATF is included in the frame, in which a security monitor 23 is provided. ARM supports multiple Exception Levels (EL), including EL0, EL1, and EL3, with the greater the number following an exception level, the higher the security level. Generally, applications run at the EL0 level, the system kernel (referred to as the operating system in some embodiments) runs at the EL1 level, and the security monitor 23 runs at the EL3 level. For example, in the above-described framework diagram, TA30, TA31, CA20, and CA21 are located at the EL0 layer in the framework, REE operating system 22 and TEE operating system 32 are located at the EL1 layer in the framework, and security monitor 23 is located at the EL3 layer in the framework.
Under the condition that the TA20 operates normally in the TEE operating system 32, after the TA20 acquires the security service related information requested by the first security request information, the acquired security service related information is sent to the security monitor through the TEE operating system, and the security monitor switches the operating system to be the REE operating system and sends the acquired security service related information to the CA20 through the REE operating system.
In fig. 2, in a case where the CA20 needs to process the security service when running in the terminal device, the CA20 sends a message including the first security request information to the REE operating system 22, the REE operating system 22 sends a message including the first security request information to the security monitor 23, the security monitor 23 switches the running operating system to the TEE operating system 32 according to the first security request information, and distributes the message including the first security request information to the TEE operating system 32 TA30 through the TEE operating system 32 TA30 to process the security service requested by the first security request information.
When the TA30 is abnormal in the operation of the TEE operating system 32, the CA21 sends a message including the second safety request information to the safety monitor 23 when operating in the terminal equipment, the safety monitor 23 switches the operating system to be operated to the TEE operating system 32 according to the message including the second safety request information, and the TA31 is abnormal due to the abnormality of the TEE operating system 32, so that the CA21 calling the TA31 is abnormal.
In view of this, embodiments of the present application provide an information processing method in which different TEE operating systems can access different hardware resources. Thus, when the TA corresponding to one CA is abnormal in processing the security service requested by the CA, the TA corresponding to another CA including different security services can still support the normal operation of the CAs including different security services by accessing different hardware resources, thereby improving the performance of the terminal device.
In some embodiments of the present application, one CA includes at least one security service, and each security service may correspond to one or more TAs, i.e., each TA is configured to process at least one security service, and one CA may correspond to one or more TAs. A security service needs the CA on the REE side to cooperate with the TA of the security domain, and the TA can be understood as an enforcement agent of the security service in the security domain. All CAs run in a REE environment, which in a hypervisor-enabled architecture runs in one Virtual Machine (VM).
The terminal equipment provided by the embodiment of the application adopts multi-TEE and safe service hierarchical deployment, so that TAs corresponding to services with different safety levels are deployed in different TEEs, the effect of service isolation is achieved, and the safety and stability of the services are improved.
Each TA may handle at least one security traffic. When TAs corresponding to different security services need to be deployed in TEEs, in this embodiment of the present application, the terminal device may determine, according to hardware resources that the security services need to access, TEEs deployed by the TAs corresponding to the different security services, or the terminal device may determine, according to the security level of the security service, to which security level TEE the TA corresponding to the security service should be deployed. The determination of the security level of the security service can be determined according to the security level of the hardware resource needing to be accessed, and the determination of the security level of the TEE can be determined according to the security level of the hardware resource which can be accessed by the TEE.
In some embodiments, the terminal device provided in the embodiments of the present application may enable each TEE to bear different security services according to different security levels of each TEE, and allocate different resource access rights to each TEE. For example, for the same hardware resource, a first TEE in the terminal device may directly access the hardware resource, and a second TEE needs to indirectly access the hardware resource through the first TEE.
Fig. 3 is a schematic diagram of a framework of multi-TEE security management and control of a terminal device according to an embodiment of the present application. The framework of the terminal device shown in fig. 3 includes android (android), TEE1, TEE2, TEE3, and TEE running in TrustZone.
Android, TEE1, TEE2 and TEE3 adopt a virtual machine mode (such as Arm Hypervisor technology) to achieve security isolation, and the android, TEE1, TEE2 and TEE3 can respectively run in different VMs. The android is an REE, the application with the common authority is operated in the REE, and resources which can be directly accessed by the REE are managed by an android operating system through a software technology. The TEE1, the TEE2 and the TEE3 can be called as VM TEEs, a virtual machine manager (such as hypervisor) performs isolation management control on resources with security requirements, the resources with the security requirements are distributed to the TEEs for management according to policies such as different security levels and/or different types of resource services, and the like, so that the security resources are isolated, and each VM TEE only has access authority for accessing the resources endowed with the security resources. VM TEEs may be deployed into different VMs according to the partitioning of use of resources. The multiple TEEs are isolated from each other, and the TAs running in the respective TEEs do not affect each other. The privacy of the user can be limited to be accessible only in the corresponding TEE, so that the aim of protecting user data more safely is fulfilled.
As shown in fig. 3, a TEE1 in which a TA for processing the unlocking service is located may access a Camera (Camera) resource and a touch screen (TP) resource through a path (4), and a TEE2 in which a TA for processing the payment service is located may access the Camera resource and the touch screen resource through a path (5). The TEE3 where the TA for processing DRM traffic is located may access a secure storage resource (e.g., an embedded secure chip (ESE)) via path (6).
The TEE running in TrustZone is a high-credibility security space isolated by using a hardware isolation technology (such as Arm TrustZone technology). And the TEE in the TrustZone is isolated from the VM TEE and the android hardware. The TEE security level running in TrustZone may be higher than any VM TEE. For example: in fig. 3, the TEE in TrustZone may access high-security hardware resources such as a CryptoEngine (CryptoEngine) and an one-time programmable memory (efuse) through a path (7). The TEE in TrustZone provides a service interface for the VM TEE to use. When the VM TEE needs to access the high-security hardware resources, the TEE in the TrustZone can be entrusted to indirectly access the hardware resources by calling the service interface.
As shown in fig. 3, a request mechanism may be added to the VM TEE, for example, a module named TEE-Client may be added to the VM TEE, a service mechanism may be added to the TEE in TrustZone, for example, a module named TEE-Server may be added to the TEE in TrustZone, the TEE-Client in TEE1 may send a request for accessing a certain high-security hardware resource to the service interface provided by the TEE in TrustZone through a path (3), the TEE-Client in TEE2 may send a request for accessing a certain high-security hardware resource to the service interface provided by the TEE in TrustZone through a path (2), the TEE-Client in TEE3 may send a request for accessing a certain high-security hardware resource to the service interface provided by the TEE in TrustZone through a path (1), the TEE in TrustZone may directly access the corresponding high-security hardware resource according to the request, and then return the access result to the service interface in TrustZone, and implement that the TEE-Client sends the request to the TEE-Client and the high-Server module to execute the TEE-Server access to the TEE-Client module. In addition, the frame also comprises ARM trusted firmware, wherein a security monitor is arranged. The security monitor may be used to provide a service interface for TEEs in TrustZone.
Fig. 4 is a schematic diagram illustrating an interaction flow of each part in a terminal device framework according to an embodiment of the present application. The terminal equipment shown in fig. 4 runs REE, a first TEE, a second TEE and a TEE running in TrustZone (such as QTEE in the figure). The REE, the first TEE and the second TEE adopt a virtual machine mode (such as Arm Hypervisor technology) to achieve safety isolation, the REE, the first TEE and the second TEE can respectively run in different VMs, and the first TEE and the second TEE can be called as VM TEEs.
In addition, the frame of the terminal device shown in fig. 4 further includes ARM trusted firmware, wherein a security monitor 23 is disposed. On the other hand, ARM has also introduced virtualization extension (virtualization extension) technology to support hardware virtualization of ARM platform, so that hardware isolation can be provided for different operating environments in normal operating environment. Further, ARMv8 starts to support four Exception Levels (EL), from EL0 to EL3, respectively, and the larger the number following the exception level, the higher the security level. Generally, applications run at the EL0 level, system kernels (referred to as operating systems in some embodiments) run at the EL1 level, virtual machine managers 24 (e.g., hypevisor) run at the EL2 level, and security monitors run at the EL3 level. The development of these technologies enables virtual machine-based TEE environments to be implemented, thereby enabling more complex security scenarios. For example, in the frame diagram of the terminal device shown in fig. 4, where CA20, CA21, TA30, TA40, and TA50 are located at the EL0 layer in the frame, the REE operating system 22, the first TEE operating brother 32, the second TEE operating system 32, and the third TEE operating system 51 are located at the EL1 layer in the frame, the virtual machine manager 24 is located at the EL2 layer in the frame, and the security monitor 23 is located at the EL3 layer in the frame.
In fig. 4, when the CA20 needs to call a trusted application, if the trusted application corresponding to the client application is located in the first TEE environment (i.e. TA30 in the figure), the CA20 issues an application to the REE operating system 22 by calling an API interface (e.g. GP TEE client API interface, which is used for providing an interface for the CA20 to call the TA in the first TEE), and then sends the application to the virtual machine manager 24 by calling an HVC (hypervisor call) after being driven by a kernel in the REE operating system 22, and sends the application to the first TEE operating system 32 after being processed by the virtual machine manager 24; and then sent to the corresponding TA30 after distribution processing by the first TEE operating system 32. After TA30 processes the received request, it returns the processing result to first TEE operating system 32, and calls an HVC instruction through first TEE operating system 32 to send to virtual machine manager 24; after being processed by the virtual machine manager 24, the processing result of the TA30 is returned to the REE operating system 22; the processing results are then sent by the REE operating system 22 to the corresponding CA20.
When the TA of the first TEE (such as TA30 in the figure) or the TA of the second TEE (such as TA40 in the figure) needs to access the resource in the QTEE, the TA of the first TEE or the TA of the second TEE can be sent to the QTEE through the SMC instruction for interaction. Further, while the first TEE operating system 32 interacts with TA30, interaction may occur through the GP TEE Internal API interface. When the second TEE operating system 41 interacts with TA40, the interaction may be through the GP TEE Internal API interface.
In some examples, in fig. 4, in a case that CA20 needs to process a security service when running in a terminal device, CA20 sends a message including first security request information to REE operating system 22, REE operating system 22 sends a message including the first security request information to virtual machine manager 24, and virtual machine manager 24 switches the running operating system to first TEE operating system 32 according to the first security request information, and distributes the message including the first security request information to TA30 through first TEE operating system 32 to obtain a processing result of the security service requested by the first security request information.
When the TA30 is abnormal in the operation of the first TEE operating system 32, the CA21 sends a message including the second safety request information to the virtual machine manager 24 when operating in the terminal device, and the virtual machine manager switches the operating system to the second TEE operating system 42 according to the message including the second safety request information, and since the second TEE operating system 42 is normal, the TA30 is abnormal and does not cause the TA40 to be abnormal, so the CA21 can still operate normally.
As shown in fig. 5, which is a schematic structural diagram of a terminal device according to an embodiment of the present disclosure, the terminal device 50 shown in fig. 5 may include a processor 510, a memory 520, a power supply 540, a communication module 550, a sensor module 580, a button 590, a display screen 560, and the like. Among other things, the sensor module 580 may include a pressure sensor 580A, a fingerprint sensor 580B, a touch sensor 580C, and the like.
Processor 510 may include one or more processing units, such as: the processor 510 may include an Application Processor (AP), a modem processor, a graphics processor, an Image Signal Processor (ISP), a controller, a Digital Signal Processor (DSP), a baseband processor), and the like. The different processing units may be separate devices or may be integrated into one or more processors.
A memory may also be provided in processor 510 for storing instructions and data. In some embodiments, the memory in processor 510 is a cache memory. The memory may hold instructions or data that have just been used or recycled by processor 510. If the processor 510 needs to use the instruction or data again, it can be called directly from the memory. Avoiding repeated accesses reduces the latency of the processor 510, thereby increasing the efficiency of the system.
In some implementations of the application, the memory 520 may include regions for storing data related to the TEE or trusted applications in the VM TEE, which may be referred to as the safe memory of the TEE or the safe memory of the VM TEE.
It is to be understood that the illustrated structure of the embodiment of the present application does not specifically limit the terminal device 50. In other embodiments of the present application, terminal device 50 may include more or fewer components than shown, or some components may be combined, some components may be split, or a different arrangement of components. The illustrated components may be implemented in hardware, software, or a combination of software and hardware.
It should be understood that the interface connection relationship between the modules illustrated in the embodiment of the present application is only an exemplary illustration, and does not constitute a limitation on the structure of the terminal device 50. In other embodiments of the present application, the terminal device 50 may also adopt different interface connection manners or a combination of multiple interface connection manners in the above embodiments.
The software system of the terminal device 50 may adopt a hierarchical architecture, an event-driven architecture, a micro-core architecture, a micro-service architecture, or a cloud architecture. The embodiment of the present invention takes an Android system with a layered architecture as an example, and exemplarily illustrates a software structure of the terminal device 50.
Fig. 6 is a block diagram of a software structure of a terminal device to which the embodiment of the present application is applied. The layered architecture divides the software into several layers, each layer having a clear role and division of labor. The layers communicate with each other through a software interface. In some embodiments, the Android system is divided into four layers, an application layer, an application framework layer, an Android runtime (Android runtime) and system library, and a kernel layer from top to bottom.
The application layer may include a series of application packages.
As shown in fig. 6, the application package may include applications such as camera, gallery, calendar, phone call, map, navigation, WLAN, bluetooth, music, video, short message, etc. In some embodiments of the present application, the application in the application layer runs on the EL0 layer of the electronic device.
The application framework layer provides an Application Programming Interface (API) and a programming framework for the application program of the application layer. The application framework layer includes a number of predefined functions.
As shown in FIG. 6, the application framework layers may include a window manager, content provider, view system, phone manager, resource manager, notification manager, and the like.
The window manager is used for managing window programs. The window manager can obtain the size of the display screen, judge whether a status bar exists, lock the screen, intercept the screen and the like.
The content provider is used to store and retrieve data and make it accessible to applications. The data may include video, images, audio, calls made and received, browsing history and bookmarks, phone books, etc.
The view system includes visual controls such as controls to display text, controls to display pictures, and the like. The view system may be used to build applications. The display interface may be composed of one or more views. For example, the display interface including the short message notification icon may include a view for displaying text and a view for displaying pictures.
The phone manager is used to provide the communication function of the terminal device 50. Such as management of call status (including on, off, etc.).
The resource manager provides various resources for the application, such as localized strings, icons, pictures, layout files, video files, and the like.
The notification manager enables the application to display notification information in the status bar, can be used to convey notification-type messages, can disappear automatically after a brief dwell, and does not require user interaction. Such as a notification manager used to inform download completion, message alerts, etc. The notification manager may also be a notification that appears in the form of a chart or scroll bar text at the top status bar of the system, such as a notification of a background running application, or a notification that appears on the screen in the form of a dialog window. For example, prompting text information in the status bar, sounding a prompt tone, vibrating the electronic device, flashing an indicator light, etc. In some embodiments of the present application, the application framework layer in the android system is distributed in the EL0 and EL1 layers in the terminal device correspondingly.
The Android Runtime comprises a core library and a virtual machine. The Android runtime is responsible for scheduling and managing an Android system.
The core library comprises two parts: one part is a function which needs to be called by java language, and the other part is a core library of android.
The application layer and the application framework layer run in a virtual machine. And executing java files of the application program layer and the application program framework layer into a binary file by the virtual machine. The virtual machine is used for performing the functions of object life cycle management, stack management, thread management, safety and exception management, garbage collection and the like.
The system library may include a plurality of functional modules. For example: surface managers (surface managers), media Libraries (Media Libraries), three-dimensional graphics processing Libraries (e.g., openGL ES), 2D graphics engines (e.g., SGL), and the like.
The surface manager is used to manage the display subsystem and provide fusion of 2D and 3D layers for multiple applications.
In some embodiments of the present application, the android runtime and the system library in the android system may both be distributed in the EL0 and EL1 layers in the terminal device.
The kernel layer is a layer between hardware and software. The inner core layer at least comprises a display driver, a camera driver, an audio driver and a sensor driver. In some embodiments of the present application, the core layer corresponds to the EL1 layer distributed in the terminal device.
The following describes a process for processing security service related information by a terminal device in this embodiment with reference to the accompanying drawings. Fig. 7 is a schematic flowchart of an information processing method according to an embodiment of the present application, where the information processing method shown in fig. 7 may include the following steps:
s700: and a client application program running in the terminal equipment receives an operation instruction of a user.
In the embodiment of the application, the operation instruction triggers the processing of the security service information. And after the terminal equipment is started, the input management service is operated in the terminal equipment.
In a possible implementation manner, the input management service in the terminal device receives an operation instruction of a user and sends the operation instruction to a corresponding client application program.
Illustratively, the input management service in the terminal device receives a click operation of a user on a payment application icon, and the click operation triggers the payment application to generate a fingerprint verification request which is used for verifying fingerprint information acquired by a fingerprint sensor.
S701: and the client application program running in the terminal equipment responds to the operation instruction and sends a first processing request to the virtual machine manager through the REE operation system. Wherein the first processing request includes an identification of the first TA.
In this embodiment, the first processing request is used to request processing of the first security service. The first TA corresponds to the client application. The first TEE is the TEE of the first TA.
Illustratively, in conjunction with FIG. 4, the client application is the CA20, and the CA20 sends a fingerprint verification request message to the virtual machine manager 24 via the REE operating system 22 in response to the operating instruction. The fingerprint authentication request message includes an identification of TA30. The first TEE may access data acquired by the fingerprint sensor.
S702: and the virtual machine manager switches the operating system operated by the terminal equipment into a first TEE operating system corresponding to the first TEE according to the first processing request, and sends the first processing request to the first TA through the first TEE operating system.
In this embodiment, the virtual machine manager may obtain routing information of each operating environment in the terminal device.
In a possible implementation manner, the first processing request includes an identifier of the first TEE and an identifier of the first TA, and the virtual machine manager switches the operating system operated by the terminal device to the first TEE operating system corresponding to the identifier of the first TEE according to the preset routing information of each operating environment and the first processing request, and sends the first processing request to the first TA through the first TEE operating system.
In another possible implementation manner, the first processing request includes an identifier of the first TA, the virtual machine manager obtains, according to the target correspondence, an identifier of the first TEE corresponding to the identifier of the first TA, then switches, according to preset routing information of each operating environment and the first processing request, the operating system run by the terminal device to the first TEE operating system corresponding to the identifier of the first TEE, and sends the first processing request to the first TA through the first TEE operating system. Wherein, the target corresponding relationship is the corresponding relationship between the TA mark and the TEE mark.
Illustratively, referring to fig. 4, the virtual machine manager 24 switches the operating system executed by the terminal device to the first TEE operating system 32 according to the preset routing information of each operating environment and the first processing request, and sends a fingerprint verification request to the TA30 through the first TEE operating system 32.
S703: and the first TA processes the first safety service according to the first processing request to obtain a processing result of the first safety service.
In an exemplary embodiment, the TA30 acquires fingerprint data acquired by the fingerprint sensor and acquires a verification result according to the acquired fingerprint data and pre-stored fingerprint data. In the case that the acquired fingerprint data exists in the pre-stored fingerprint data, the authentication result acquired by the TA30 is a first authentication result, the first authentication result is used for representing that the authentication is passed, and in the case that the acquired fingerprint data does not exist in the pre-stored fingerprint data, the authentication result acquired by the TA30 is a second authentication result. The second verification result characterizes a failure of the verification.
S704: and the first TA sends the processing result of the first security service to the virtual machine manager through the first TEE operating system.
S705: and the virtual machine manager switches the operating system operated by the terminal equipment into an REE operating system, and sends the processing result of the first security service to the client application program through the REE operating system.
In the embodiment of the application, TAs of different security services are deployed in different TEE operating systems, and the different TEE operating systems can access different hardware resources. The virtual machine manager sends the first processing request to the corresponding operating system according to the first processing request so as to process the first security service requested to be processed by the first processing request in the corresponding TEE, therefore, even if the corresponding TEE is abnormal, other TEEs are not affected, and under the condition that the processing of other security services needs to be executed in other TEEs, other TEEs can still normally process the other security services, so that the performance of the terminal equipment is improved.
It should be noted that, in the case that the first processing request further includes the second security service, and the processing of the second security service needs to be executed in the TEE in the TrustZone, the first TA may further send a second processing request to the security monitor, where the second processing request is used for the security monitor to switch the operating system of the terminal device to the TEE operating system in the TrustZone, and perform the processing of the second security service in the TEE operating system in the TrustZone. The following describes the flow of information processing in this process with reference to fig. 8, and as shown in fig. 8, is a schematic flow chart of another information processing method provided in an embodiment of the present application, the information processing method shown in fig. 8 may include the following steps:
s800: and under the condition that the first TA determines that the client application program requests to process the second security service, sending a second processing request to the security monitor through the first TEE operating system.
In a possible implementation manner, when the first TA determines that the client application requests to process the second security service, the first TA exists in the preset first corresponding relationship according to the second security service identifier, and the first TA obtains the identifier of the second TA corresponding to the second security service identifier; wherein, the first corresponding relationship is the corresponding relationship between the security service identifier and the TA identifier. The first TA sends a second processing request to the security monitor through an interface defined by the first TEE operating system and according to a communication protocol defined by the ARM. The second processing request is for requesting processing of a second security service.
Based on the example of fig. 4, the second processing request is used to switch the page displayed by the terminal device to the page provided by TA50, and perform processing of the second security service on the page provided by TA 50.
S801: and the security monitor switches the operating system operated by the terminal equipment to a second TEE operating system corresponding to the TEE in the TrustZone according to the second processing request, and sends the second processing request to the second TA through the second TEE operating system.
In a possible implementation manner, the security monitor sends the second processing request to the second TEE operating system according to the communication protocol defined by the ARM, and the second TEE operating system sends the second processing request to the second TA through the interface defined by the TEE in the TrustZoo.
S802: and the second TA processes the second safety service according to the second processing request to obtain a processing result of the second safety service.
Based on the example of S800, the TA50 switches the interface displayed by the terminal device to the interface provided by the TA50 according to the second processing request, and performs processing of the second security service on the interface provided by the TA 50.
It should be noted that the second security service may be stored in the ESE.
S803: the second TA sends the processing result of the second security traffic to the security monitor through the second TEE operating system.
In a possible implementation manner, the second TA sends the processing result of the second security service to the second TEE operating system through an interface defined by the second TEE operating system. And the second TEE operating system sends the processing result of the second security service to the security monitor through the communication protocol defined by the ARM.
Illustratively, the TA50 sends the processing result of the second security service to the third TEE operating system 51 through the GP internalAPI511 defined by the third TEE operating system 51, and the third TEE operating system 51 sends the processing result of the second security service to the security monitor through the SMC communication protocol defined by the ARM.
S804: and the security monitor switches the operating system operated by the terminal equipment into a first TEE operating system according to the processing result of the second security service, and sends the processing result of the second security service to the first TA through the first TEE operating system.
S805: and the first TA sends the processing result of the second safety service to the virtual machine manager through the first TEE operating system.
S806: and the virtual machine manager switches the operating system operated by the terminal equipment into an REE operating system according to the processing result of the second security service, and sends the processing result of the second security service to the client application program through the REE operating system.
In the embodiment of the application, under the condition that the processing request sent by the client application program further comprises a second security service which needs to be executed by the high security TEE in TrustZoo, the first TA can send the second processing request to the high security TEE in TrustZoo, so that the second security service can be processed in the high security TEE in TrustZoo, and the security of security service processing is further improved.
The scheme provided by the embodiment of the application is mainly introduced from the perspective of a method. To implement the above functions, it includes hardware structures and/or software modules for performing the respective functions. Those of skill in the art will readily appreciate that the present application is capable of hardware or a combination of hardware and computer software implementing the exemplary method steps described in connection with the embodiments disclosed herein. Whether a function is performed in hardware or computer software drives hardware depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
In the embodiment of the present application, functional modules of a device for implementing an information processing method may be divided according to the above method examples, for example, each functional module may be divided corresponding to each function, or two or more functions may be integrated into one processing module. Illustratively, the functions of the target application, drawing interface, and display engine are integrated in the display control unit. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. It should be noted that, in the embodiment of the present application, the division of the module is schematic, and is only one logic function division, and another division manner may be available in actual implementation.
With reference to fig. 4, an embodiment of the present application provides an information processing apparatus, including a rich execution environment REE (e.g., the REE in fig. 4), a virtual machine manager (e.g., the virtual machine manager 24 in fig. 4), a first TEE running under a virtual machine mechanism, and a second TEE running under a TrustZone mechanism, where the first TEE (e.g., the first TEE in fig. 4) and the second TEE (e.g., the QTEE in fig. 4) have different resource access permissions, where the different resource access permissions correspond to different accessed hardware resources, the first TEE corresponds to accessing a first hardware resource, and the second TEE corresponds to accessing a second hardware resource; the REE includes at least a first client application CA (such as CA20 in FIG. 4); any TEE includes one or more trusted applications TA, the first security traffic of the first CA corresponding to the first TA (e.g., TA30 in fig. 4); the first TA is deployed in a first TEE; the second security service of the first CA corresponds to the second TA (e.g., TA50 in fig. 4); the second TA is deployed in a second TEE; the first TA correspondingly accesses the first hardware resource, and the second TA correspondingly accesses the second hardware resource; the first CA is used for sending a first processing request to the virtual machine manager; the first processing request is used for requesting to process the first security service and the second security service; the first processing request includes an identification of the first TA; the virtual machine manager is used for sending a first processing request to a first TEE where the first TA is located; the first TA is used for processing the first safety service by accessing the first hardware resource to obtain a processing result of the first safety service; the first TA is further configured to send a second processing request to the security monitor (e.g., security monitor 23 in fig. 4); the second processing request is used for requesting to process a second security service; the second processing request includes an identification of the second TA; the safety monitor is used for sending a second processing request to a second TEE where a second TA is located; the second TA is configured to process the second security service by accessing the second hardware resource, and obtain a processing result of the second security service.
Optionally, the second TA sends the processing result of the second security service to the first TA through the security monitor; the first TA sends a processing result of the second security service to the virtual machine manager; and the virtual machine manager sends the processing result of the second security service to the first CA.
Optionally, the at least two TEEs further include a third TEE (e.g., the second TEE in fig. 4) operating under the virtual machine mechanism; the third TEE correspondingly accesses a third hardware resource; the REE also includes a second CA (e.g., CA21 in FIG. 4); the third security service of the second CA corresponds to a third TA (e.g., TA40 in fig. 4); the third TA is deployed in a third TEE; the second CA is also used for sending a third processing request to the virtual machine manager; the third processing request is used for requesting to process a third safety service; the third processing request includes an identification of the third TA; the virtual machine manager is also used for sending a third processing request to a third TEE where a third TA is located; the third TA is configured to process the third security service by accessing the third hardware resource, and obtain a processing result of the third security service.
Optionally, the first TA is further configured to send a processing result of the first security service to the virtual machine manager; the virtual machine manager is further configured to send a processing result of the first security service to the first CA.
Optionally, the virtual machine manager is specifically configured to obtain, according to the target correspondence, an identifier of the first TEE corresponding to the identifier of the first TA; the target corresponding relation is the corresponding relation between the identification of the TA and the identification of the TEE; the virtual machine manager is used for switching the operating system operated by the terminal equipment into an operating system corresponding to the first TEE according to the identification of the first TEE; the virtual machine manager is configured to send a first processing request to the first TA through an operating system corresponding to the first TEE according to the identifier of the first TA.
Optionally, the first processing request further includes an identifier of the first TEE; the virtual machine manager is used for switching the operating system operated by the terminal equipment into the operating system corresponding to the identifier of the first TEE according to the identifier of the first TEE; the virtual machine manager is used for sending a first processing request to the first TA through an operating system corresponding to the identifier of the first TEE according to the identifier of the first TA.
With reference to fig. 4, an embodiment of the present application provides another information processing apparatus, including a rich execution environment REE (e.g., the REE in fig. 4) and a virtual machine manager (e.g., the virtual machine manager 24 in fig. 4), where at least two TEEs include a first TEE (corresponding to the first TEE in fig. 4) and a second TEE (corresponding to the second TEE in fig. 4) operating under a virtual machine mechanism, the first TEE and the second TEE have different resource access permissions, the different resource access permissions correspond to different accessed hardware resources, the first TEE corresponds to access to a first hardware resource, and the second TEE corresponds to access to a second hardware resource; the REE includes at least a first client application CA (corresponding to CA20 in fig. 4) and a second CA (corresponding to CA21 in fig. 4); any TEE includes one or more trusted applications TA, the first security traffic of the first CA corresponding to the first TA (corresponding to TA30 in fig. 4); the first TA is deployed in a first TEE; the second security traffic of the second CA corresponds to the second TA (corresponding to TA40 in fig. 4); the second TA is deployed in a second TEE; the first TA correspondingly accesses the first hardware resource, and the second TA correspondingly accesses the second hardware resource; the first CA is used for sending a first processing request to the virtual machine manager; the first processing request is used for requesting to process the first security service; the first processing request includes an identification of the first TA; the virtual machine manager is used for sending a first processing request to a first TEE where the first TA is located according to the identifier of the first TA; the first TA is used for processing the first safety service by accessing the first hardware resource to obtain a processing result of the first safety service; the second CA is used for sending a second processing request to the virtual machine manager; the second processing request is used for requesting to process a second security service; the second processing request includes an identification of the second TA; the virtual machine manager is used for sending a second processing request to a second TEE where a second TA is located according to the identifier of the second TA; the second TA is configured to process the second security service by accessing the second hardware resource, and obtain a processing result of the second security service.
In one example, the functions of the information processing apparatus described above in connection with fig. 5 may be implemented by the processor 510 calling the computer program in the memory 520 in the terminal device 50 shown in fig. 5.
Fig. 9 is a schematic structural diagram of a chip according to an embodiment of the present disclosure. Chip 90 includes one or more (including two) processors 901, communication lines 902, and a communication interface 903, and optionally chip 90 also includes memory 904.
In some embodiments, memory 904 stores the following elements: an executable module or a data structure, or a subset thereof, or an expanded set thereof.
The method described in the foregoing embodiment of the present application may be applied to the processor 901, or implemented by the processor 901. The processor 901 may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be implemented by integrated logic circuits of hardware or instructions in the form of software in the processor 901. The processor 901 may be a general-purpose processor (e.g., a microprocessor or a conventional processor), a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf programmable gate array (FPGA) or other programmable logic device, discrete gate, transistor logic device or discrete hardware component, and the processor 901 may implement or execute the methods, steps and logic blocks disclosed in the embodiments of the present application.
The steps of the method disclosed in connection with the embodiments of the present application may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software module may be located in a storage medium mature in the field, such as a random access memory, a read only memory, a programmable read only memory, or a charged erasable programmable memory (EEPROM). The storage medium is located in the memory 904, and the processor 901 reads the information in the memory 904, and completes the steps of the method in combination with the hardware thereof.
The processor 901, memory 904, and communication interface 903 may communicate over a communication line 902.
In the above embodiments, the instructions stored by the memory for execution by the processor may be implemented in the form of a computer program product. The computer program product may be written in the memory in advance, or may be downloaded in the form of software and installed in the memory.
Embodiments of the present application also provide a computer program product comprising one or more computer instructions. The procedures or functions according to the embodiments of the present application are all or partially generated when the computer program instructions are loaded and executed on a computer. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in, or transmitted from, one computer-readable storage medium to another, e.g., from one website, computer, server, or datacenter, through a wired (e.g., coaxial cable, fiber optic, digital Subscriber Line (DSL), or wireless (e.g., infrared, wireless, microwave, etc.) manner to another website, computer, server, or datacenter.
An embodiment of the present application provides an electronic device, which includes a processor and a memory, where the memory is used to store a computer program, and the processor is used to execute the computer program to execute any one of the information processing methods described above.
The embodiment of the application also provides a computer readable storage medium. The methods described in the above embodiments may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. Computer-readable media may include computer storage media and communication media, and may include any medium that can communicate a computer program from one place to another. A storage media may be any target media that can be accessed by a computer.
As one possible design, the computer-readable medium may include a compact disk read-only memory (CD-ROM), RAM, ROM, EEPROM, or other optical disk storage; the computer readable medium may include a disk memory or other disk storage device. Also, any connecting line may also be referred to as a computer-readable medium, where appropriate. For example, if the software is transmitted from a website, server, or other remote source using a coaxial cable, fiber optic cable, twisted pair, DSL, or wireless technologies such as infrared, radio, and microwave, then the coaxial cable, fiber optic cable, twisted pair, DSL, or wireless technologies such as infrared, radio, and microwave are included in the definition of medium. Disk and disc, as used herein, includes Compact Disc (CD), laser disc, optical disc, digital Versatile Disc (DVD), floppy disk and blu-ray disc where disks usually reproduce data magnetically, while discs reproduce data optically with lasers.
Combinations of the above should also be included within the scope of computer-readable media. The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (11)

1. An information processing method is characterized by being applied to a terminal device; the terminal equipment is deployed with a rich execution environment REE, a virtual machine manager, at least two trusted execution environments TEEs and a security monitor, wherein the at least two TEEs comprise a first TEE running under a virtual machine mechanism and a second TEE running under a TrustZone mechanism, the first TEE and the second TEE have different resource access authorities, the different resource access authorities correspond to different accessed hardware resources, the first TEE correspondingly accesses a first hardware resource, the second TEE correspondingly accesses a second hardware resource, and the REE at least comprises a first client application program CA; any TEE comprises one or more trusted application program (TA), and the first safety service of the first CA corresponds to the first TA; the first TA is deployed in the first TEE; the second security service of the first CA corresponds to a second TA; the second TA is deployed in the second TEE; the first TA correspondingly accesses the first hardware resource, and the second TA correspondingly accesses the second hardware resource; the virtual machine manager is used for routing the processing request of the CA to the TA corresponding to the CA; the method comprises the following steps:
the first CA sends a first processing request to the virtual machine manager, wherein the first processing request is used for requesting processing of the first security service and the second security service, and the first processing request comprises an identifier of the first TA;
the virtual machine manager sends the first processing request to the first TEE where the first TA is located;
the first TA processes the first security service by accessing the first hardware resource to obtain a processing result of the first security service;
the first TA sending a second processing request to the security monitor; the second processing request is used for requesting to process the second security service; the second processing request includes an identification of the second TA;
the security monitor sends the second processing request to the second TEE where the second TA is located;
and the second TA processes the second security service by accessing the second hardware resource to obtain a processing result of the second security service.
2. The information processing method according to claim 1, characterized by further comprising:
the second TA sends the processing result of the second security service to the first TA through the security monitor;
the first TA sends a processing result of the second security service to the virtual machine manager;
and the virtual machine manager sends the processing result of the second security service to the first CA.
3. The information processing method according to claim 1 or 2, wherein the at least two TEEs further comprise a third TEE running under a virtual machine mechanism; the third TEE correspondingly accesses a third hardware resource; the REE further comprises a second CA; the third safety service of the second CA corresponds to a third TA; the third TA is deployed in the third TEE; the method further comprises the following steps:
the second CA sending a third processing request to the virtual machine manager; the third processing request is used for requesting to process the third security service; the third processing request includes an identification of the third TA;
the virtual machine manager sends the third processing request to the third TEE where the third TA is located;
and the third TA processes the third safety service by accessing the third hardware resource to obtain a processing result of the third safety service.
4. The information processing method according to claim 1 or 2, characterized by further comprising:
the first TA sends a processing result of the first security service to the virtual machine manager;
and the virtual machine manager sends the processing result of the first security service to the first CA.
5. The information processing method according to claim 1 or 2, wherein the sending, by the virtual machine manager, the first processing request to the first TEE where the first TA is located comprises:
the virtual machine manager acquires the identifier of the first TEE corresponding to the identifier of the first TA according to the target corresponding relation; the target corresponding relation is the corresponding relation between the identification of the TA and the identification of the TEE;
the virtual machine manager switches the operating system operated by the terminal equipment to the operating system corresponding to the first TEE according to the identifier of the first TEE;
and the virtual machine manager sends the first processing request to the first TA through an operating system corresponding to the first TEE according to the identifier of the first TA.
6. The information processing method according to claim 1 or 2, wherein the first processing request further includes an identification of the first TEE; the virtual machine manager sends the first processing request to the first TEE where the first TA is located, and the first processing request comprises:
the virtual machine manager switches the operating system operated by the terminal equipment to an operating system corresponding to the identifier of the first TEE according to the identifier of the first TEE;
and the virtual machine manager sends the first processing request to the first TA through an operating system corresponding to the identifier of the first TEE according to the identifier of the first TA.
7. An information processing method is characterized by being applied to a terminal device; the terminal equipment is deployed with a rich execution environment REE, at least two trusted execution environments TEEs and a virtual machine manager, wherein the at least two TEEs comprise a first TEE and a second TEE which run under a virtual machine mechanism, the first TEE and the second TEE have different resource access authorities, the different resource access authorities correspond to different accessed hardware resources, the first TEE correspondingly accesses a first hardware resource, the second TEE correspondingly accesses a second hardware resource, and the REE at least comprises a first client application program CA and a second CA; any TEE comprises one or more trusted application program (TA), and the first security service of the first CA corresponds to the first TA; the first TA is deployed in the first TEE; the second security service of the second CA corresponds to a second TA; the second TA is deployed in the second TEE; the first TA correspondingly accesses the first hardware resource, and the second TA correspondingly accesses the second hardware resource; the virtual machine manager is used for routing the processing request of the CA to the TA corresponding to the CA; the method comprises the following steps:
the first CA sending a first processing request to the virtual machine manager; the first processing request is used for requesting to process the first security service; the first processing request includes an identification of the first TA;
the virtual machine manager sends the first processing request to the first TEE where the first TA is located according to the identifier of the first TA;
the first TA processes the first security service by accessing the first hardware resource to obtain a processing result of the first security service;
the second CA sending a second processing request to the virtual machine manager; the second processing request is used for requesting to process the second security service; the second processing request includes an identification of the second TA;
the virtual machine manager sends the second processing request to the second TEE where the second TA is located according to the identifier of the second TA;
and the second TA processes the second security service by accessing the second hardware resource to obtain a processing result of the second security service.
8. An information processing apparatus characterized by comprising a rich execution environment REE, a virtual machine manager, at least two trusted execution environments TEE, and a security monitor;
the at least two TEEs comprise a first TEE running under a virtual machine mechanism and a second TEE running under a TrustZone mechanism, the first TEE and the second TEE have different resource access rights, the different resource access rights correspond to different accessed hardware resources, the first TEE correspondingly accesses a first hardware resource, and the second TEE correspondingly accesses a second hardware resource;
the REE comprises at least a first client application CA; any TEE comprises one or more trusted application program (TA), and the first safety service of the first CA corresponds to the first TA; the first TA is deployed in the first TEE; the second security service of the first CA corresponds to a second TA; the second TA is deployed in the second TEE; the first TA correspondingly accesses the first hardware resource, and the second TA correspondingly accesses the second hardware resource;
the first CA is used for sending a first processing request to the virtual machine manager; the first processing request is used for requesting to process the first security service and the second security service; the first processing request includes an identification of the first TA;
the virtual machine manager is configured to send the first processing request to the first TEE where the first TA is located;
the first TA is used for processing the first security service by accessing the first hardware resource to obtain a processing result of the first security service;
the first TA is further configured to send a second processing request to the security monitor; the second processing request is used for requesting to process the second security service; the second processing request includes an identification of the second TA;
the security monitor is configured to send the second processing request to the second TEE where the second TA is located;
the second TA is configured to process the second security service by accessing the second hardware resource, so as to obtain a processing result of the second security service.
9. An information processing apparatus, comprising a Rich Execution Environment (REE), at least two Trusted Execution Environments (TEEs), and a virtual machine manager, wherein the at least two TEEs include a first TEE and a second TEE operating under a virtual machine mechanism, the first TEE and the second TEE have different resource access permissions, the different resource access permissions correspond to different accessed hardware resources, the first TEE corresponds to access a first hardware resource, and the second TEE corresponds to access a second hardware resource;
the REE comprises at least a first client application CA and a second CA; any TEE comprises one or more trusted application program (TA), and the first security service of the first CA corresponds to the first TA; the first TA is deployed in the first TEE; the second security service of the second CA corresponds to a second TA; the second TA is deployed in the second TEE; the first TA correspondingly accesses the first hardware resource, and the second TA correspondingly accesses the second hardware resource;
the first CA is used for sending a first processing request to the virtual machine manager; the first processing request is used for requesting to process the first security service; the first processing request includes an identification of the first TA;
the virtual machine manager is configured to send the first processing request to the first TEE where the first TA is located according to the identifier of the first TA;
the first TA is used for processing the first security service by accessing the first hardware resource to obtain a processing result of the first security service;
the second CA is used for sending a second processing request to the virtual machine manager; the second processing request is used for requesting to process the second security service; the second processing request includes an identification of the second TA;
the virtual machine manager is configured to send the second processing request to the second TEE where the second TA is located according to the identifier of the second TA;
the second TA is configured to process the second security service by accessing the second hardware resource, so as to obtain a processing result of the second security service.
10. An electronic device, comprising: a memory for storing a computer program and a processor for executing the computer program to perform the information processing method of any one of claims 1 to 6 or to perform the information processing method of claim 7.
11. A computer-readable storage medium storing instructions that, when executed, cause a computer to execute an information processing method according to any one of claims 1 to 6 or to execute an information processing method according to claim 7.
CN202111408863.9A 2021-11-24 2021-11-24 Information processing method, device and storage medium Active CN115017497B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111408863.9A CN115017497B (en) 2021-11-24 2021-11-24 Information processing method, device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111408863.9A CN115017497B (en) 2021-11-24 2021-11-24 Information processing method, device and storage medium

Publications (2)

Publication Number Publication Date
CN115017497A CN115017497A (en) 2022-09-06
CN115017497B true CN115017497B (en) 2023-04-18

Family

ID=83064952

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111408863.9A Active CN115017497B (en) 2021-11-24 2021-11-24 Information processing method, device and storage medium

Country Status (1)

Country Link
CN (1) CN115017497B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2024075929A1 (en) * 2022-10-04 2024-04-11 삼성전자 주식회사 Electronic device for providing trusted execution environment
CN117009108A (en) * 2023-02-24 2023-11-07 荣耀终端有限公司 Message processing method, device and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109460373A (en) * 2017-09-06 2019-03-12 阿里巴巴集团控股有限公司 A kind of data sharing method, terminal device and storage medium
CN110383277A (en) * 2017-03-07 2019-10-25 华为技术有限公司 Virtual machine monitor measurement agent
CN112714117A (en) * 2020-08-24 2021-04-27 支付宝(杭州)信息技术有限公司 Service processing method, device, equipment and system

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106845285B (en) * 2016-12-28 2023-04-07 北京握奇智能科技有限公司 Method for realizing service by matching TEE system and REE system and terminal equipment
EP3644569B1 (en) * 2017-07-13 2021-09-29 Huawei Technologies Co., Ltd. Method and terminal for controlling trusted application access
CN109787943B (en) * 2017-11-14 2022-02-22 华为技术有限公司 Method and equipment for resisting denial of service attack
CN109086100B (en) * 2018-07-26 2020-03-31 中国科学院信息工程研究所 High-security credible mobile terminal security system architecture and security service method
CN112596802B (en) * 2019-09-17 2022-07-12 华为技术有限公司 Information processing method and device
CN111859457A (en) * 2020-07-31 2020-10-30 联想(北京)有限公司 Intelligent contract setting method and system
CN112817697A (en) * 2021-02-09 2021-05-18 ***股份有限公司 Virtualization system and method for trusted execution environment and device calling method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110383277A (en) * 2017-03-07 2019-10-25 华为技术有限公司 Virtual machine monitor measurement agent
CN109460373A (en) * 2017-09-06 2019-03-12 阿里巴巴集团控股有限公司 A kind of data sharing method, terminal device and storage medium
CN112714117A (en) * 2020-08-24 2021-04-27 支付宝(杭州)信息技术有限公司 Service processing method, device, equipment and system

Also Published As

Publication number Publication date
CN115017497A (en) 2022-09-06

Similar Documents

Publication Publication Date Title
US10831886B2 (en) Virtual machine manager facilitated selective code integrity enforcement
US11562086B2 (en) Filesystem view separation for data confidentiality and integrity using lattice-based security domains
TWI410797B (en) Method and data processing apparatus for memory access security management
CN110612512B (en) Protecting virtual execution environments
KR102217941B1 (en) Method of authorizing an operation to be performed on a targeted computing device
US7073059B2 (en) Secure machine platform that interfaces to operating systems and customized control programs
CA2761563C (en) Annotating virtual application processes
CN115017497B (en) Information processing method, device and storage medium
KR101425621B1 (en) Method and system for sharing contents securely
KR20220027874A (en) Using secure memory enclaves in the context of process containers
KR20210121170A (en) Security Execution Guest Owner Environment Control
CN111753311B (en) Method and device for safely entering trusted execution environment in hyper-thread scene
CN103457974A (en) Safety control method and device for virtual machine mirror images
JP2022100217A (en) Isolation of memory in reliable execution environment
WO2023123850A1 (en) Method and apparatus for implementing firmware root of trust, device, and readable storage medium
WO2017016231A1 (en) Policy management method, system and computer storage medium
JP2022099241A (en) Reducing latency of hardware trusted execution environments
Dimou Automatic security hardening of Docker containers using Mandatory Access Control, specialized in defending isolation
US20080208756A1 (en) Apparatus and method for providing security domain
KR20130093804A (en) Apparatus and method for secure and consistent runtime based confidential execution of application services
CN118349973A (en) Authority management method of application program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant