CN117472465A - System-on-chip secure starting method and device, electronic equipment and storage medium - Google Patents
System-on-chip secure starting method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN117472465A CN117472465A CN202311404844.8A CN202311404844A CN117472465A CN 117472465 A CN117472465 A CN 117472465A CN 202311404844 A CN202311404844 A CN 202311404844A CN 117472465 A CN117472465 A CN 117472465A
- Authority
- CN
- China
- Prior art keywords
- firmware
- public key
- hash value
- certificate
- tag
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 41
- 238000012795 verification Methods 0.000 claims description 45
- 238000004590 computer program Methods 0.000 claims description 9
- 238000002347 injection Methods 0.000 abstract description 10
- 239000007924 injection Substances 0.000 abstract description 10
- 238000010586 diagram Methods 0.000 description 11
- 238000004422 calculation algorithm Methods 0.000 description 6
- 238000004364 calculation method Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000012360 testing method Methods 0.000 description 3
- 206010063385 Intellectualisation Diseases 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000009795 derivation Methods 0.000 description 2
- 230000009191 jumping Effects 0.000 description 2
- 230000006855 networking Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000007858 starting material Substances 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides a system-on-chip secure starting method, a device, electronic equipment and a storage medium. The method provided by the invention comprises the following steps: acquiring a certificate, encrypted firmware and a first public key hash value according to the configuration descriptor file and the firmware; obtaining public key information and a public key hash type to obtain a second public key hash value; if the first public key hash value is the same as the second public key hash value, decrypting the signature information by utilizing the public key information to obtain a first certificate hash value, and obtaining a second certificate hash value according to contents except the signature information in the certificate; if the hash value of the first certificate is the same as the hash value of the second certificate, reading the corresponding encrypted firmware from the firmware storage address according to the loaded firmware index, decrypting the corresponding encrypted firmware according to the firmware encryption type, checking the decrypted firmware according to the firmware checking type, and operating the decrypted firmware. The method of the invention can avoid the problem of illegally acquiring the system permission caused by fault injection.
Description
Technical Field
The present invention relates to the field of system security technologies, and in particular, to a method and apparatus for safely starting a system on a chip, an electronic device, and a storage medium.
Background
With the popularization of the intellectualization and the networking of electronic devices, the intellectualization and the networking electronic devices are widely used in the daily life of people, and the network security problem is also increasing. If the application program in the intelligent terminal does not have relevant safety protection, the application program can be easily tampered and attacked, and in order to ensure the safe operation of the intelligent terminal, the safety and the controllability of the intelligent terminal system are ensured from the source, so that the safe starting of the reliable system on chip is very important. The existing safe starting scheme cannot prevent fault injection, and fault injection comprises the steps of accurately injecting faults through means of electromagnetic interference, voltage surge or clock burr and the like, so that errors occur in the program in the execution process, and a decryption signature verification function is skipped; and fault injection can destroy a trust chain started safely, and the authority of the system is obtained illegally.
Disclosure of Invention
The invention aims to provide a system-on-chip safe starting method, a device, electronic equipment and a storage medium, which are used for solving the technical problem that system rights are illegally obtained due to fault injection in the prior art.
The technical scheme of the invention is as follows, and provides a system-on-chip safe starting method, which comprises the following steps:
acquiring a configuration descriptor file and firmware, and acquiring a certificate, encrypted firmware and a first public key hash value according to the configuration descriptor file and the firmware, wherein the firmware comprises unencrypted firmware, and the content of the certificate comprises public key information, a public key hash type, a firmware verification type, a firmware encryption type, a loading firmware index, a firmware storage address and signature information;
acquiring the public key information and the public key hash type to acquire a second public key hash value;
if the first public key hash value is the same as the second public key hash value, decrypting the signature information by utilizing the public key information to obtain a first certificate hash value, and obtaining a second certificate hash value according to contents except the signature information in the certificate;
and if the hash value of the first certificate is the same as the hash value of the second certificate, reading the corresponding encrypted firmware from the firmware storage address according to the loaded firmware index, decrypting the corresponding encrypted firmware according to the firmware encryption type to obtain decrypted firmware, checking the decrypted firmware according to the firmware check type, and operating the decrypted firmware after the verification is passed.
Further, the system-on-chip secure start method further comprises:
generating a first label if the first public key hash value is the same as the second public key hash value, generating a second label if the first certificate hash value is the same as the second certificate hash value, generating a third label after decrypting the encrypted firmware corresponding to the firmware encryption type, and generating a fourth label after checking; correspondingly, after the verification is passed, if the first tag, the second tag, the third tag and the fourth tag are detected, the decrypted firmware is operated.
Further, the system-on-chip secure start method further comprises:
performing self-checking on the guide chip, initializing a system on chip if the self-checking is successful, generating a fifth label, and then executing the step of acquiring the configuration descriptor file and the firmware; correspondingly, after the verification is passed, if the first tag, the second tag, the third tag, the fourth tag and the fifth tag are detected, the decrypted firmware is operated.
Further, the firmware further comprises an extension firmware, after the fact that the first certificate hash value is identical to the second certificate hash value is judged, loading operation is carried out on the extension firmware before decryption is carried out on the encrypted firmware corresponding to the firmware encryption type, and a sixth label is generated; correspondingly, after the verification is passed, if the first tag, the second tag, the third tag, the fourth tag, the fifth tag and the sixth tag are detected, the decrypted firmware is operated.
Further, the content of the certificate further includes a firmware loading address and a firmware running address, and correspondingly, the corresponding encrypted firmware is read from the firmware storage address according to the loading firmware index, the corresponding encrypted firmware is decrypted according to the firmware encryption type, the decrypted firmware is obtained, the decrypted firmware is verified according to the firmware verification type, and after verification is passed, the decrypted firmware is run, including:
reading the corresponding encrypted firmware from the firmware storage address according to the loading firmware index, storing the corresponding encrypted firmware according to the firmware loading address, decrypting the corresponding encrypted firmware according to the firmware encryption type to obtain decrypted firmware, checking the decrypted firmware according to the firmware checking type, and operating the decrypted firmware on the firmware operation address after the checking is passed.
Further, obtaining a certificate, encrypted firmware, and a first public key hash value from the configuration descriptor file and the firmware, comprising:
and generating a secure boot firmware file and a first public key hash value according to the configuration descriptor file and the firmware, wherein the secure boot firmware file comprises the certificate and the encrypted firmware.
Further, after generating the secure boot firmware file and the first public key hash value according to the configuration descriptor file and the firmware, the method further includes burning the secure boot firmware file into a storage medium and burning the public key hash value into a non-secure OTP area.
Further, the content of the certificate also comprises a version, a signature type, an extended firmware mark and a firmware quantity.
The invention also provides a system-on-chip safety starting device, which comprises a safety firmware generating module, a public key hash obtaining module, a certificate hash obtaining module and a firmware running module;
the secure firmware generation module is used for acquiring a configuration descriptor file and firmware, acquiring a certificate, encrypted firmware and a first public key hash value according to the configuration descriptor file and the firmware, wherein the firmware comprises unencrypted firmware, and the content of the certificate comprises public key information, a public key hash type, a firmware verification type, a firmware encryption type, a loaded firmware index, a firmware storage address and signature information;
the public key hash acquisition module is used for acquiring the public key information and the public key hash type to acquire a second public key hash value;
the certificate hash acquisition module is used for carrying out decryption operation on the signature information by utilizing the public key information when the first public key hash value is the same as the second public key hash value to obtain a first certificate hash value, and acquiring a second certificate hash value according to contents except the signature information in the certificate;
and the firmware operation module is used for reading the corresponding encrypted firmware from the firmware storage address according to the loaded firmware index when the first certificate hash value is the same as the second certificate hash value, decrypting the corresponding encrypted firmware according to the firmware encryption type to obtain decrypted firmware, checking the decrypted firmware according to the firmware check type, and operating the decrypted firmware after the verification is passed.
Another technical scheme of the present invention is as follows, and provides an electronic device, including a memory and a processor, where the memory stores a computer program executable by the processor, and the processor implements the system-on-chip secure startup method according to any one of the above technical schemes when executing the computer program.
Another aspect of the present invention provides a computer readable storage medium storing a computer program, which when executed by a processor, implements a system-on-chip secure booting method according to any one of the above aspects.
The invention has the beneficial effects that: acquiring a configuration descriptor file and firmware, and acquiring a certificate, encrypted firmware and a first public key hash value according to the configuration descriptor file and the firmware, wherein the firmware comprises unencrypted firmware, and the content of the certificate comprises public key information, a public key hash type, a firmware verification type, a firmware encryption type, a loading firmware index, a firmware storage address and signature information; acquiring the public key information and the public key hash type to acquire a second public key hash value; if the first public key hash value is the same as the second public key hash value, decrypting the signature information by utilizing the public key information to obtain a first certificate hash value, and obtaining a second certificate hash value according to contents except the signature information in the certificate; if the hash value of the first certificate is the same as the hash value of the second certificate, reading the corresponding encrypted firmware from the firmware storage address according to the loaded firmware index, decrypting the corresponding encrypted firmware according to the firmware encryption type to obtain decrypted firmware, checking the decrypted firmware according to the firmware check type, and operating the decrypted firmware after the verification is passed; the trust chain of safe starting is not damaged, the problem of illegally acquiring the system permission caused by fault injection can be avoided, and the safety of the system is improved.
Drawings
FIG. 1 is a flowchart of a method for secure start-up of a system on chip according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a configuration descriptor file according to an embodiment of the present invention;
FIG. 3 is a flow chart of secure firmware generation provided by an embodiment of the present invention;
FIG. 4 is a schematic diagram of a certificate structure according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of a hardware system including a storage medium according to an embodiment of the present invention;
FIG. 6 is a system block diagram of a security module provided by an embodiment of the present invention;
FIG. 7 is a schematic diagram of an OTP configuration according to an embodiment of the present invention;
FIG. 8 is a schematic diagram of a system-on-chip safety starter according to an embodiment of the present invention;
fig. 9 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are only some, but not all embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment may be included in at least one embodiment of the invention. The appearances of such phrases in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. Those of skill in the art will explicitly and implicitly appreciate that the embodiments described herein may be combined with other embodiments.
In the embodiment of the application, at least one refers to one or more; plural means two or more. In the description of the present application, the words "first," "second," "third," and the like are used solely for the purpose of distinguishing between descriptions and not necessarily for the purpose of indicating or implying a relative importance or order.
Fig. 1 is a flow chart of a system-on-chip secure boot method according to an embodiment of the present invention. It should be noted that, if there are substantially the same results, the system-on-chip secure start-up method of the present invention is not limited to the flow sequence shown in fig. 1. As shown in FIG. 1, the system-on-chip safe starting method mainly comprises the following steps:
s101, acquiring a configuration descriptor file and firmware, and acquiring a certificate, encrypted firmware and a first public key HASH (HASH) value according to the configuration descriptor file and the firmware, wherein the firmware comprises unencrypted firmware, and the content of the certificate comprises public key information, public key HASH (HASH) type, firmware verification type, firmware encryption type, loading firmware index, firmware storage address and signature information;
the content of the configuration descriptor file may include a public KEY hash type, a signature type, a public KEY and a private KEY, a loading firmware index, an encryption type, a firmware verification type, and a derivative source of an encryption KEY (KEY), and the configuration descriptor file may have a schematic structure, as shown in fig. 2, and the order of the content in the configuration descriptor file in fig. 2 may be arbitrarily set.
In some embodiments, obtaining a certificate, encrypted firmware, and first public key hash value from the configuration descriptor file and the firmware includes:
and generating a secure boot firmware file (BOOT. Bin file) and a first public key hash value according to the configuration descriptor file and the firmware, wherein the secure boot firmware file comprises the certificate and the encrypted firmware.
In some embodiments, after generating the secure boot firmware file and the first public key hash value from the configuration descriptor file and the firmware, further comprising burning the secure boot firmware file into a storage medium and burning the public key hash value into an unsecure OTP area.
In a specific embodiment, according to the configuration description file and the firmware to be operated, a secure boot tool is utilized to generate a secure boot firmware file and a first public key hash value, the secure boot firmware file is burnt into a storage medium, and the first public key hash value is burnt into a non-secure OTP area. In fig. 3, the firmware includes non-encrypted firmware and extended firmware, the non-encrypted firmware includes at least one, the extended firmware may or may not exist, when the extended firmware exists, a secure boot firmware file including certificate, encrypted firmware, extended firmware, and the like may be generated according to the configuration description file, the non-encrypted firmware, and the extended firmware, and the first public key hash value, and when the extended firmware does not exist, the extended firmware does not exist in the secure boot firmware file.
In some embodiments, the contents of the certificate also include version, signature type, extended firmware flag, and firmware quantity.
The structure of the certificate is schematically shown in fig. 4, and the certificate includes contents such as version, signature type, firmware number, and the like in addition to the above contents, and when the extended firmware exists, the certificate further includes an extended firmware flag, and the order of the contents of the certificate in fig. 4 can be arbitrarily set.
In one embodiment, a hardware system including a storage medium is shown in fig. 5, where the hardware system in fig. 5 further includes a boot chip (roorom), a security module, an SRAM (Static Random-Access Memory), a storage interface controller, a processor, and a bus. The system block diagram of the security module is shown in fig. 6, and in fig. 6, the system block diagram includes a bus, a HASH (HASH) engine, a symmetric encryption engine, a Key Ladder (a hardware module for generating a symmetric encryption Key), an asymmetric encryption engine, an OTP interface, a rights management module, and a secure OTP area and a non-secure OTP area connected with the OTP interface. The derived source of the encryption KEY may also be burned into the secure OTP area. In fig. 6, the rights management module is used to divide the OTP (One Time Programmable, one-time programmable) space into two access rights areas, namely a secure OTP area and a non-secure OTP area, the secure OTP area has a higher security level, both areas are readable and writable in the development stage, and the contents of the secure area in the product stage can only be accessed and used by the module inside the security engine, so that the derived source of the symmetric encryption KEY is well protected, and the security of the system is ensured. When the encryption KEY is applied, the KEY Ladder processes the derived source of the encryption KEY and restores the encryption KEY, namely, the decryption KEY is generated by using a user KEY derived mode, so that the security of the system is improved. The OTP includes a secure domain (secure OTP area) and a non-secure domain (non-secure OTP area) as shown in fig. 7.
S102, acquiring the public key information and the public key hash type to acquire a second public key hash value;
s103, if the first public key hash value is the same as the second public key hash value, decrypting the signature information by utilizing the public key information to obtain a first certificate hash value, and obtaining a second certificate hash value according to contents except the signature information in the certificate;
and S104, if the hash value of the first certificate is the same as the hash value of the second certificate, reading the corresponding encrypted firmware from the firmware storage address according to the loaded firmware index, decrypting the corresponding encrypted firmware according to the firmware encryption type to obtain decrypted firmware, checking the decrypted firmware according to the firmware check type, and operating the decrypted firmware after the verification is passed.
According to the embodiment of the invention, a configuration descriptor file and firmware are obtained, a certificate, encrypted firmware and a first public key hash value are obtained according to the configuration descriptor file and the firmware, the firmware comprises unencrypted firmware, and the content of the certificate comprises public key information, public key hash type, firmware verification type, firmware encryption type, loading firmware index, firmware storage address and signature information; acquiring the public key information and the public key hash type to acquire a second public key hash value; if the first public key hash value is the same as the second public key hash value, decrypting the signature information by utilizing the public key information to obtain a first certificate hash value, and obtaining a second certificate hash value according to contents except the signature information in the certificate; if the hash value of the first certificate is the same as the hash value of the second certificate, reading the corresponding encrypted firmware from the firmware storage address according to the loaded firmware index, decrypting the corresponding encrypted firmware according to the firmware encryption type to obtain decrypted firmware, checking the decrypted firmware according to the firmware check type, and operating the decrypted firmware after the verification is passed; the trust chain of safe starting is not damaged, the problem of illegally acquiring the system permission caused by fault injection can be avoided, and the safety of the system is improved.
In some embodiments, the system-on-chip secure boot method further comprises:
generating a first label if the first public key hash value is the same as the second public key hash value, generating a second label if the first certificate hash value is the same as the second certificate hash value, generating a third label after decrypting the encrypted firmware corresponding to the firmware encryption type, and generating a fourth label after checking; correspondingly, after the verification is passed, if the first tag, the second tag, the third tag and the fourth tag are detected, the decrypted firmware is operated.
In a specific embodiment, the content of the certificate is read from the corresponding storage medium, public key information and a public key HASH (HASH) type (public key HASH calculation type) are extracted, a second public key HASH value is calculated, then the second public key HASH value is compared with a first public key HASH value read from the unsecure OTP area, if the comparison fails, an exception handling flow is entered, and if the comparison is successful, a tag B is set, namely a first tag is generated.
Extracting certificate information, namely the content of the certificate, determining an asymmetric algorithm type, verifying the certificate by utilizing public key information, and specifically, decrypting the signature information of the certificate by utilizing the public key information and the asymmetric algorithm type to obtain a first certificate hash value (decryption hash value) M; carrying out hash calculation on the content (the content except the signature information) of the certificate to obtain a second certificate hash value N, wherein the hash algorithm used for carrying out the hash calculation is the same as that used for generating the signature information; if M and N are different, entering an exception handling flow, otherwise setting a label C, and generating a second label. And if the first public key hash value does not exist in the non-secure OTP area, entering an exception processing flow.
When signature information is generated, the signature information is obtained according to the content except the signature information and a private key in the certificate, then the signature information of the certificate is decrypted by utilizing the public key information and an asymmetric algorithm type to obtain a first certificate hash value M when public key hash verification is carried out, and the content except the signature information in the certificate is subjected to hash calculation to obtain a second certificate hash value N.
In a specific embodiment, information such as a firmware verification type, a firmware encryption type, a loading firmware index, a firmware storage address and the like is obtained from a certificate; reading firmware information from a firmware storage address according to a loaded firmware index, decrypting the firmware based on a firmware encryption type, setting a tag E, namely generating a third tag, then performing firmware verification according to a firmware verification type, performing verification failure, entering an exception handling flow, performing verification successfully, setting a tag F, namely generating a fourth tag, detecting whether the first tag, the second tag, the third tag and the fourth tag exist, namely judging whether a security start key flow node is correct, and if the security start key flow node is incorrect, jumping to a firmware operation address to perform firmware execution, and closing the authority of a system to access a boot chip (ROOTROM) space before jumping to the firmware operation address.
In some embodiments, the system-on-chip secure boot method further comprises:
performing self-checking on the guide chip, initializing a system on chip if the self-checking is successful, generating a fifth label, and then executing the step of acquiring the configuration descriptor file and the firmware; correspondingly, after the verification is passed, if the first tag, the second tag, the third tag, the fourth tag and the fifth tag are detected, the decrypted firmware is operated.
In a specific embodiment, after the system is powered on, the system may select to perform a boot chip self-test, if the self-test fails, the system is not started, if the self-test succeeds, relevant system configuration is performed, that is, initialization of the system is performed, a tag a is set, that is, a fifth tag is generated, and accordingly, after verification is passed, whether the first tag, the second tag, the third tag, the fourth tag and the fifth tag are detected is determined, if yes, the decrypted firmware is operated.
In some embodiments, the firmware further includes an extension firmware, and after determining that the first certificate hash value is the same as the second certificate hash value, loading and running the extension firmware to generate a sixth tag before decrypting the encrypted firmware corresponding to the firmware encryption type; correspondingly, after the verification is passed, if the first tag, the second tag, the third tag, the fourth tag, the fifth tag and the sixth tag are detected, the decrypted firmware is operated.
In one embodiment, if the first certificate hash value is the same as the second certificate hash value, it may be that if it is determined that the first certificate hash value is the same as the second certificate hash value; the firmware further comprises an expansion firmware, at the moment, the expansion firmware information correspondingly exists in the certificate, the expansion firmware information is obtained from the certificate, loading operation is carried out on the expansion firmware, a label D is set, namely a sixth label is generated, and accordingly, after verification is passed, whether the first label, the second label, the third label, the fourth label, the fifth label and the sixth label are detected or not is judged, and if yes, the decrypted firmware is operated.
In some embodiments, the content of the certificate further includes a firmware loading address and a firmware running address, and accordingly, the corresponding encrypted firmware is read from the firmware storage address according to the loading firmware index, the corresponding encrypted firmware is decrypted according to the firmware encryption type, the decrypted firmware is obtained, the decrypted firmware is verified according to the firmware verification type, and after verification is passed, the decrypted firmware is run, including:
reading the corresponding encrypted firmware from the firmware storage address according to the loading firmware index, storing the corresponding encrypted firmware according to the firmware loading address, decrypting the corresponding encrypted firmware according to the firmware encryption type to obtain decrypted firmware, checking the decrypted firmware according to the firmware checking type, and operating the decrypted firmware on the firmware operation address after the checking is passed.
In a specific embodiment, information such as the number of firmware, the loading address of the firmware, the running address of the firmware and the like is also obtained from the certificate, and the read encrypted firmware can be determined according to the loading firmware index.
The system-on-chip secure starting method provided by the embodiment of the invention comprises the steps of obtaining a configuration descriptor file and firmware, and obtaining a certificate, encrypted firmware and a first public key hash value according to the configuration descriptor file and the firmware, wherein the firmware comprises unencrypted firmware, and the content of the certificate comprises public key information, public key hash type, firmware verification type, firmware encryption type, loading firmware index, firmware storage address and signature information; acquiring the public key information and the public key hash type to acquire a second public key hash value; if the first public key hash value is the same as the second public key hash value, decrypting the signature information by utilizing the public key information to obtain a first certificate hash value, and obtaining a second certificate hash value according to contents except the signature information in the certificate; if the hash value of the first certificate is the same as the hash value of the second certificate, reading the corresponding encrypted firmware from the firmware storage address according to the loaded firmware index, decrypting the corresponding encrypted firmware according to the firmware encryption type to obtain decrypted firmware, checking the decrypted firmware according to the firmware check type, and operating the decrypted firmware after the verification is passed; the trust chain of safe starting is not damaged, the problem of illegally acquiring the system permission caused by fault injection can be avoided, and the safety of the system is improved.
Most of the existing secure starting schemes encrypt and sign the bootstrap program, the public KEY of the trusted root and the encrypted KEY are directly stored in the OTP, decryption and signature verification are carried out in the secure starting process of the system, the authenticity and the integrity of the bootstrap program are ensured, the program is prevented from being tampered and replaced, and the scheme has the following defects: the public KEY length is longer, for example SM2 algorithm public KEY is 512 pieces, RSA2048 algorithm public KEY is 2048 bits, more OTP memory space is occupied, encryption KEY is directly stored, the risk of exposure exists, and BOOTROM is not checked and protected, so that fault injection cannot be prevented.
According to the system-on-chip secure starting method, the public key hash value (the first public key hash value) of the trusted root is stored in the OTP, so that public key information is relatively directly written into the OTP, the storage space of the OTP is saved, and leakage of the OTP is prevented; the encryption KEY is not directly stored, but is obtained through the derivation of the information such as the chip batch number, the chip ID and the like in the running process, and the decryption KEY is generated in a user KEY derivation mode, so that the safety is improved; during the safe starting period, the guide chip is optionally checked to ensure the integrity of the guide chip, so that the performance of a user in starting time and the safety can be balanced, a label is arranged at a safe starting key flow node, the running track is marked, and the permission of a system (a system on a chip and an embedded system) is prevented from being illegally acquired through fault injection; the access right of the sensitive information can be controlled through a specific field, for example, the access right of the secure OTP can be controlled by setting a specific field (domain) in the non-secure OTP, so as to realize the access right of the sensitive information. The system-on-chip secure boot method of the embodiment of the invention supports the extension firmware to execute some extra logic, such as repairing the boot chip problem, executing some user code logic in the boot phase, and the like, in the secure boot process.
Fig. 8 is a schematic structural diagram of a system-on-chip secure boot device according to an embodiment of the present invention, and as shown in fig. 8, the system-on-chip secure boot device 20 includes a secure firmware generation module 21, a public key hash acquisition module 22, a certificate hash acquisition module 23, and a firmware operation module 24;
the secure firmware generation module 21 is configured to obtain a configuration descriptor file and firmware, obtain a certificate, encrypted firmware and a first public key hash value according to the configuration descriptor file and the firmware, wherein the firmware includes unencrypted firmware, and the content of the certificate includes public key information, a public key hash type, a firmware verification type, a firmware encryption type, a loaded firmware index, a firmware storage address and signature information;
the public key hash obtaining module 22 is configured to obtain the public key information and the public key hash type to obtain a second public key hash value;
the certificate hash obtaining module 23 is configured to perform decryption operation on the signature information by using the public key information when the first public key hash value is the same as the second public key hash value, to obtain a first certificate hash value, and obtain a second certificate hash value according to contents in the certificate except the signature information;
the firmware operation module 24 is configured to read the corresponding encrypted firmware from the firmware storage address according to the loaded firmware index when the first certificate hash value is the same as the second certificate hash value, decrypt the corresponding encrypted firmware according to the firmware encryption type, obtain decrypted firmware, verify the decrypted firmware according to the firmware verification type, and operate the decrypted firmware after the verification is passed.
Fig. 3 is a schematic structural diagram of an electronic device according to an embodiment of the present invention. As shown in fig. 3, the electronic device 30 includes a processor 31 and a memory 32 communicatively coupled to the processor 31.
The memory 32 stores program instructions for implementing the system-on-chip secure boot method of any of the embodiments described above.
The processor 31 is configured to execute program instructions stored in the memory 32 for secure system-on-chip booting.
The processor 31 may also be referred to as a CPU (Central Processing Unit ). The processor 31 may be an integrated circuit chip with signal processing capabilities. The processor 31 may also be a general purpose processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory 32 may be used to store the computer program and/or module, and the processor 31 may implement various functions of the electronic device by running or executing the computer program and/or module stored in the memory 32 and invoking data stored in the memory 32. The memory 32 may mainly include a storage program area that may store an operating system, application programs required for at least one function, and the like, and a storage data area.
The memory 32 may be integrated in the processor 31 or may be provided separately from the processor 31.
The embodiment of the invention provides a storage medium, which stores program instructions capable of implementing all the methods, and the storage medium can be nonvolatile or volatile.
In the several embodiments provided by the present invention, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of modules is merely a logical function division, and there may be additional divisions of actual implementation, e.g., multiple modules or components may be combined or integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or modules, which may be in electrical, mechanical, or other forms.
In addition, each functional module in the embodiments of the present invention may be integrated in one processing unit, or each module may exist alone physically, or two or more modules may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units. The foregoing is only the embodiments of the present invention, and the patent scope of the invention is not limited thereto, but is also covered by the patent protection scope of the invention, as long as the equivalent structures or equivalent processes of the present invention and the contents of the accompanying drawings are changed, or the present invention is directly or indirectly applied to other related technical fields.
Claims (11)
1. The system-on-chip safe starting method is characterized by comprising the following steps of:
acquiring a configuration descriptor file and firmware, and acquiring a certificate, encrypted firmware and a first public key hash value according to the configuration descriptor file and the firmware, wherein the firmware comprises unencrypted firmware, and the content of the certificate comprises public key information, a public key hash type, a firmware verification type, a firmware encryption type, a loading firmware index, a firmware storage address and signature information;
acquiring the public key information and the public key hash type to acquire a second public key hash value;
if the first public key hash value is the same as the second public key hash value, decrypting the signature information by utilizing the public key information to obtain a first certificate hash value, and obtaining a second certificate hash value according to contents except the signature information in the certificate;
and if the hash value of the first certificate is the same as the hash value of the second certificate, reading the corresponding encrypted firmware from the firmware storage address according to the loaded firmware index, decrypting the corresponding encrypted firmware according to the firmware encryption type to obtain decrypted firmware, checking the decrypted firmware according to the firmware check type, and operating the decrypted firmware after the verification is passed.
2. The system-on-chip secure boot method of claim 1, further comprising:
generating a first label if the first public key hash value is the same as the second public key hash value, generating a second label if the first certificate hash value is the same as the second certificate hash value, generating a third label after decrypting the encrypted firmware corresponding to the firmware encryption type, and generating a fourth label after checking; correspondingly, after the verification is passed, if the first tag, the second tag, the third tag and the fourth tag are detected, the decrypted firmware is operated.
3. The system-on-chip secure boot method of claim 2, further comprising:
performing self-checking on the guide chip, initializing a system on chip if the self-checking is successful, generating a fifth label, and then executing the step of acquiring the configuration descriptor file and the firmware; correspondingly, after the verification is passed, if the first tag, the second tag, the third tag, the fourth tag and the fifth tag are detected, the decrypted firmware is operated.
4. The system-on-chip secure boot method according to claim 3, wherein the firmware further comprises an extension firmware, and after determining that the first certificate hash value is the same as the second certificate hash value, loading and running the extension firmware to generate a sixth tag before decrypting the encrypted firmware corresponding to the firmware encryption type; correspondingly, after the verification is passed, if the first tag, the second tag, the third tag, the fourth tag, the fifth tag and the sixth tag are detected, the decrypted firmware is operated.
5. The system-on-chip secure boot method according to claim 1, wherein the content of the certificate further includes a firmware loading address and a firmware running address, and correspondingly, the encrypted firmware corresponding to the loading firmware index is read from the firmware storage address, the encrypted firmware corresponding to the firmware encryption type is decrypted according to the firmware encryption type, the decrypted firmware is obtained, the decrypted firmware is verified according to the firmware verification type, and after the verification is passed, the decrypted firmware is run, including:
reading the corresponding encrypted firmware from the firmware storage address according to the loading firmware index, storing the corresponding encrypted firmware according to the firmware loading address, decrypting the corresponding encrypted firmware according to the firmware encryption type to obtain decrypted firmware, checking the decrypted firmware according to the firmware checking type, and operating the decrypted firmware on the firmware operation address after the checking is passed.
6. The system-on-chip secure boot method of claim 1, wherein obtaining a certificate, encrypted firmware, and first public key hash value from the configuration descriptor file and the firmware comprises:
and generating a secure boot firmware file and a first public key hash value according to the configuration descriptor file and the firmware, wherein the secure boot firmware file comprises the certificate and the encrypted firmware.
7. The system-on-chip secure boot method of claim 6, further comprising, after generating a secure boot firmware file and a first public key hash value from the configuration descriptor file and the firmware, burning the secure boot firmware file into a storage medium and burning the public key hash value into a non-secure OTP area.
8. The system-on-chip secure boot method of claim 4, wherein the contents of the certificate further comprise version, signature type, extended firmware flag, and firmware quantity.
9. The system-on-chip safety starting device is characterized by comprising a safety firmware generating module, a public key hash acquiring module, a certificate hash acquiring module and a firmware running module;
the secure firmware generation module is used for acquiring a configuration descriptor file and firmware, acquiring a certificate, encrypted firmware and a first public key hash value according to the configuration descriptor file and the firmware, wherein the firmware comprises unencrypted firmware, and the content of the certificate comprises public key information, a public key hash type, a firmware verification type, a firmware encryption type, a loaded firmware index, a firmware storage address and signature information;
the public key hash acquisition module is used for acquiring the public key information and the public key hash type to acquire a second public key hash value;
the certificate hash acquisition module is used for carrying out decryption operation on the signature information by utilizing the public key information when the first public key hash value is the same as the second public key hash value to obtain a first certificate hash value, and acquiring a second certificate hash value according to contents except the signature information in the certificate;
and the firmware operation module is used for reading the corresponding encrypted firmware from the firmware storage address according to the loaded firmware index when the first certificate hash value is the same as the second certificate hash value, decrypting the corresponding encrypted firmware according to the firmware encryption type to obtain decrypted firmware, checking the decrypted firmware according to the firmware check type, and operating the decrypted firmware after the verification is passed.
10. An electronic device comprising a memory, a processor, the memory storing a computer program executable by the processor, wherein the processor implements the system-on-chip secure boot method of any of claims 1-8 when the computer program is executed.
11. A computer readable storage medium storing a computer program, wherein the computer program when executed by a processor implements the system-on-chip secure boot method according to any of claims 1-8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311404844.8A CN117472465A (en) | 2023-10-26 | 2023-10-26 | System-on-chip secure starting method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311404844.8A CN117472465A (en) | 2023-10-26 | 2023-10-26 | System-on-chip secure starting method and device, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117472465A true CN117472465A (en) | 2024-01-30 |
Family
ID=89638984
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311404844.8A Pending CN117472465A (en) | 2023-10-26 | 2023-10-26 | System-on-chip secure starting method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117472465A (en) |
-
2023
- 2023-10-26 CN CN202311404844.8A patent/CN117472465A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108399339B (en) | Trusted starting method based on security chip | |
| EP2854066B1 (en) | System and method for firmware integrity verification using multiple keys and OTP memory | |
| US11829479B2 (en) | Firmware security verification method and device | |
| EP1594030B1 (en) | Program update method and server | |
| CN110990084B (en) | Chip secure starting method and device, storage medium and terminal | |
| US20050021968A1 (en) | Method for performing a trusted firmware/bios update | |
| CN112035152A (en) | Secure processing system and method for SoC chip firmware upgrade | |
| TW201500960A (en) | Detection of secure variable alteration in a computing device equipped with unified extensible firmware interface (UEFI)-compliant firmware | |
| US20090287917A1 (en) | Secure software distribution | |
| CN109445705B (en) | Firmware authentication method and solid state disk | |
| CN109814934B (en) | Data processing method, device, readable medium and system | |
| JP2021179982A (en) | Security system and method for preventing roll-back attack on silicon device firmware | |
| CN116070217A (en) | Safe starting system and method for chip module | |
| KR101954439B1 (en) | Soc having double security features, and double security method for soc | |
| KR101988404B1 (en) | Soc having double security features, and double security method for soc | |
| CN112243154B (en) | Set top box safe starting method, equipment and medium | |
| CN115357908B (en) | Network equipment kernel credibility measurement and automatic restoration method | |
| CN114816549B (en) | Method and system for protecting bootloader and environment variable thereof | |
| CN117472465A (en) | System-on-chip secure starting method and device, electronic equipment and storage medium | |
| CN114995918A (en) | Starting method and configuration method and device of baseboard management controller and electronic equipment | |
| CN112733126B (en) | Product license authentication method and system | |
| CN111695164B (en) | Electronic apparatus and control method thereof | |
| CN113032739A (en) | Software code copyright protection method | |
| CN111967019A (en) | TEE-based Internet of things secure startup implementation method | |
| CN114065218B (en) | SoC system chip safe starting method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |