為了解決上述技術問題,本發明提供一種實現驅動的系統及方法,能夠實現以TA的方式對使用者的驅動程式進行管理,而且能夠很大程度上減輕程式開發的複雜度。 為了達到本發明目的,本發明提供了一種實現驅動的系統,包括:用戶空間和內核空間,其中,用戶空間中設置有:第一可信執行環境內部應用程式設計發展介面、安全應用,以及驅動程式;內核空間中設置有:第二可信執行環境內部應用程式設計發展介面、可信執行環境框架,以及安全作業系統;其中, 所述驅動程式中配置有驅動所述安全應用的屬性; 所述第一可信執行環境內部應用程式設計發展介面與所述第二可信執行環境內部應用程式設計發展介面,用於實現用戶空間內部、內核空間內部,以及用戶空間與內核空間之間的相互調用; 所述可信執行環境框架,基於所述安全作業系統,在載入所述驅動程式時,解析驅動所述安全應用的屬性,以完成分配資源、註冊驅動、將設備實體位址映射到對應的虛擬位址空間中的至少一個功能。 可選地,所述內核空間中還設置有:用戶空間驅動框架; 所述可信執行環境框架還用於:在需要註冊用戶空間驅動的中斷時,為該中斷需要回應的驅動程式建立一個單獨的中斷處理執行緒; 用戶空間驅動框架,用於保存所述可信執行環境框架建立的中斷處理執行緒、用戶空間中中斷處理函數和該中斷的中斷號的對應關係,被所述第二可信執行環境內部應用程式設計發展介面調用註冊用戶空間驅動設備通用的中斷處理函數;當有中斷產生時,用戶空間驅動框架調用通用的中斷處理函數,根據對應關係中與產生的中斷對應的中斷號喚醒對應的中斷處理執行緒,將用戶空間中斷處理函數的入口位址傳給喚醒的中斷處理執行緒。 本發明還提供了一種實現驅動的方法,包括: 內核空間載入驅動程式時,解析驅動安全應用的屬性,以完成分配資源、註冊驅動、將設備實體位址映射到對應的虛擬位址空間上中的至少一個功能,其中,所述驅動安全應用的屬性在用戶空間配置。 可選地,所述方法還包括: 在需要註冊用戶空間驅動的中斷時,所述內核空間為該中斷需要回應的驅動程式建立一個單獨的中斷處理執行緒; 所述內核空間保存建立的中斷處理執行緒、所述用戶空間中中斷處理函數和該所述註冊的中斷的中斷號的對應關係,註冊所述用戶空間驅動設備通用的中斷處理函數; 當有中斷產生時,所述內核空間調用通用的中斷處理函數,根據對應關係中與產生的中斷對應的中斷號喚醒對應的中斷處理執行緒,將驅動用戶空間中斷處理函數的入口位址傳給喚醒的中斷處理執行緒。 本發明又提供了一種電腦可讀儲存介質,儲存有電腦可執行指令,所述電腦可執行指令用於執行上述任一項所述的實現驅動的方法。 本發明再提供了一種用於實現驅動的裝置,包括記憶體和處理器,其中,記憶體中儲存有以下可被處理器執行的指令:內核空間載入驅動程式時,解析驅動安全應用的屬性,以完成分配資源、註冊驅動、將設備實體位址映射到對應的虛擬位址空間上中的至少一個功能,其中,所述驅動安全應用的屬性在用戶空間配置。 可選地,所述記憶體中還儲存有以下可被處理器執行的指令: 在需要註冊用戶空間驅動的中斷時,所述內核空間為該中斷需要回應的驅動程式建立一個單獨的中斷處理執行緒;所述內核空間保存建立的中斷處理執行緒、所述用戶空間中中斷處理函數和所述註冊的中斷的中斷號的對應關係,註冊所述用戶空間驅動設備通用的中斷處理函數;當有中斷產生時,所述內核空間調用通用的中斷處理函數,根據對應關係中與產生的中斷對應的中斷號喚醒對應的中斷處理執行緒,將驅動用戶空間中斷處理函數的入口位址傳給喚醒的中斷處理執行緒。 本發明技術方案至少包括:在用戶空間配置驅動TA的屬性;內核空間載入驅動程式時,解析驅動TA的屬性,以完成分配資源、註冊驅動、將設備實體位址映射到對應的虛擬位址空間上中的至少一個功能。通過本發明提供的方案,驅動程式的代碼均在用戶空間,不需要再與OS進行整合處理,完全實現了以TA的形式對用戶的驅動程式進行開發整合和管理。而且,不需要使用sysfs記錄用戶空間驅動的記憶體映射等資訊,所有的用戶空間的驅動資訊都只在驅動的TA中和TEE動態運行的記憶體中,因此不會造成資訊洩露,保證了驅動程式的安全性。 可選地,本發明還包括:在註冊用戶空間驅動的中斷時,內核空間為該中斷需要回應的驅動的TA建立一個單獨的中斷處理執行緒;內核空間保存建立的中斷處理執行緒、用戶空間中中斷處理函數和該註冊的中斷的中斷號的對應關係註冊用戶空間驅動設備通用的中斷處理函數;當有中斷產生時,內核空間調用通用的中斷處理函數,根據對應關係中與產生的中斷對應的中斷號喚醒對應的中斷處理執行緒,將驅動用戶空間中斷處理函數的入口位址傳給喚醒的中斷處理執行緒。本發明提供的實現驅動的方案中,一方面,中斷驅動程式的代碼均在用戶空間,不需要再與OS進行整合處理,完全實現了以TA的形式對用戶的驅動程式進行開發整合和管理。另一方面,中斷註冊仍可以採用調用中斷註冊API的方案,因此,用戶無需感知內部處理流程;只需利用單獨高優先順序執行緒中斷, 這樣,最大程度上保證了中斷回應的即時性。 本發明的其它特徵和優點將在隨後的說明書中闡述,並且,部分地從說明書中變得顯而易見,或者通過實施本發明而瞭解。本發明的目的和其他優點可通過在說明書、申請專利範圍以及圖式中所特別指出的結構來實現和獲得。In order to solve the above-mentioned technical problems, the present invention provides a driving system and method, which can manage the user's driving programs in a TA manner, and can greatly reduce the complexity of program development. In order to achieve the purpose of the present invention, the present invention provides a system for realizing the driver, including: user space and kernel space, wherein, the user space is provided with: the first trusted execution environment internal application programming development interface, security application, and driver program; the kernel space is provided with: a second trusted execution environment internal application programming development interface, a trusted execution environment framework, and a secure operating system; wherein, the driver is configured with attributes that drive the secure application; The internal application programming development interface of the first trusted execution environment and the internal application programming development interface of the second trusted execution environment are used to realize the interaction between the user space, the kernel space, and the user space and the kernel space calling; the trusted execution environment framework, based on the secure operating system, when loading the driver, parses the attributes of the secure application to allocate resources, register the driver, and map the physical address of the device to at least one function in the corresponding virtual address space. Optionally, the kernel space is also provided with: a user space driver framework; the trusted execution environment framework is also used for: when the interrupt driven by the user space needs to be registered, a separate driver program that needs to respond to the interrupt is established. the interrupt processing thread; the user space driver framework is used to save the corresponding relationship between the interrupt processing thread established by the trusted execution environment framework, the interrupt processing function in the user space, and the interrupt number of the interrupt, which is determined by the second executable The internal application programming development interface of the information execution environment calls the general interrupt processing function of the registered user space drive device; when an interrupt occurs, the user space drive framework calls the general interrupt processing function, according to the interrupt number corresponding to the generated interrupt in the corresponding relationship Wake up the corresponding interrupt processing thread, and pass the entry address of the user space interrupt processing function to the awakened interrupt processing thread. The present invention also provides a method for realizing the driver, including: When the kernel space loads the driver program, analyze the attributes of the driver security application to complete the allocation of resources, register the driver, and map the physical address of the device to the corresponding virtual address space At least one of the functions, wherein the attribute driving the security application is configured in user space. Optionally, the method further includes: When an interrupt driven by user space needs to be registered, the kernel space creates a separate interrupt processing execution thread for the driver program that needs to respond to the interrupt; the kernel space saves the created interrupt processing Executing the corresponding relationship between the thread, the interrupt processing function in the user space, and the interrupt number of the registered interrupt, and registering the general interrupt processing function of the user space drive device; When an interrupt occurs, the kernel space calls the general The interrupt processing function wakes up the corresponding interrupt processing thread according to the interrupt number corresponding to the generated interrupt in the corresponding relationship, and transmits the entry address of the driving user space interrupt processing function to the awakened interrupt processing thread. The present invention further provides a computer-readable storage medium, which stores computer-executable instructions, and the computer-executable instructions are used to execute any of the above-mentioned methods for realizing driving. The present invention further provides a device for driving, including a memory and a processor, wherein the memory stores the following instructions that can be executed by the processor: when the driver program is loaded into the kernel space, analyze the attributes of the driving safety application , to complete at least one function of allocating resources, registering drivers, and mapping device physical addresses to corresponding virtual address spaces, wherein the attributes of the driver security application are configured in user space. Optionally, the memory also stores the following instructions that can be executed by the processor: When an interrupt driven by the user space needs to be registered, the kernel space creates a separate interrupt processing execution for the driver program that needs to respond to the interrupt thread; the corresponding relationship between the interrupt processing execution thread established in the kernel space, the interrupt processing function in the user space, and the interrupt number of the registered interrupt is registered, and the general interrupt processing function of the user space drive device is registered; when there is When an interrupt occurs, the kernel space calls a general interrupt processing function, wakes up the corresponding interrupt processing execution thread according to the interrupt number corresponding to the generated interrupt in the corresponding relationship, and passes the entry address of the interrupt processing function of the driving user space to the awakened Interrupt processing thread. The technical solution of the present invention at least includes: configuring the attributes of the driver TA in the user space; when loading the driver program in the kernel space, parsing the attributes of the driver TA to complete the allocation of resources, register the driver, and map the physical address of the device to the corresponding virtual address At least one function in space. Through the solution provided by the present invention, the codes of the driver program are all in the user space, and no further integration with the OS is required, and the development, integration and management of the user's driver program in the form of TA are fully realized. Moreover, there is no need to use sysfs to record information such as the memory mapping of the user space driver. All the driver information of the user space is only stored in the TA of the driver and the memory in which the TEE dynamically runs, so no information leakage will be caused and the driver will be guaranteed. program security. Optionally, the present invention also includes: when registering the interrupt driven by the user space, the kernel space sets up a separate interrupt processing execution thread for the TA driven by the interrupt that needs to respond; the kernel space saves the established interrupt processing execution thread, user space The corresponding relationship between the interrupt processing function and the interrupt number of the registered interrupt registers the general interrupt processing function of the user space drive device; when an interrupt occurs, the kernel space calls the general interrupt processing function, according to the corresponding relationship with the generated interrupt The corresponding interrupt processing thread is awakened by the corresponding interrupt number, and the entry address of the driving user space interrupt processing function is passed to the awakened interrupt processing thread. In the scheme for realizing the driver provided by the present invention, on the one hand, the codes of the interrupt driver program are all in the user space, and there is no need to integrate with the OS, which fully realizes the development, integration and management of the user's driver program in the form of TA. On the other hand, interrupt registration can still use the scheme of calling the interrupt registration API, so the user does not need to perceive the internal processing flow; only need to use a separate high-priority thread interrupt, so that the immediacy of interrupt response is guaranteed to the greatest extent. Other features and advantages of the invention will be set forth in the description which follows, and, in part, will be apparent from the description, or can be learned by practice of the invention. The objectives and other advantages of the invention can be realized and obtained by the structures particularly pointed out in the specification, claims and drawings.
為使本發明的目的、技術方案和優點更加清楚明白,下文中將結合圖式對本發明的實施例進行詳細說明。需要說明的是,在不衝突的情況下,本發明中的實施例及實施例中的特徵可以相互任意組合。 在本發明一個典型的配置中,計算設備包括一個或多個處理器(CPU)、輸入/輸出介面、網路介面和記憶體。 記憶體可能包括電腦可讀介質中的非永久性記憶體,隨機存取記憶體(RAM)和/或非揮發性記憶體等形式,如唯讀記憶體(ROM)或快閃記憶體(flash RAM)。記憶體是電腦可讀介質的示例。 電腦可讀介質包括永久性和非永久性、 可移動和非可移動媒體可以由任何方法或技術來實現資訊儲存。資訊可以是電腦可讀指令、資料結構、程式的模組或其他資料。電腦的儲存介質的例子包括,但不限於相變記憶體(PRAM)、靜態隨機存取記憶體(SRAM)、動態隨機存取記憶體(DRAM)、其他類型的隨機存取記憶體(RAM)、唯讀記憶體(ROM)、電可擦除可程式設計唯讀記憶體(EEPROM)、快閃記憶體或其他記憶體技術、唯讀光碟唯讀記憶體(CD-ROM)、數位多功能光碟(DVD)或其他光學儲存、磁盒式磁帶,磁帶磁磁片儲存或其他磁性存放裝置或任何其他非傳輸介質,可用於儲存可以被計算設備訪問的資訊。按照本文中的界定,電腦可讀介質不包括非暫存電腦可讀媒體(transitory media),如調變的資料信號和載波。 在圖式的流程圖示出的步驟可以在諸如一組電腦可執行指令的電腦系統中執行。並且,雖然在流程圖中示出了邏輯順序,但是在某些情況下,可以以不同於此處的循序執行所示出或描述的步驟。 可信執行環境(TEE)通過硬體的隔離,可確保在一個孤立、可信的環境中儲存、處理和保護敏感性資料。TEE廣泛用於各種安全應用,如支付、指紋和數位版權保護(DRM)等。TEE在用戶空間實現驅動程式,能夠滿足更高安全級別的要求,同時,用戶的驅動程式可以以運行在TEE內部的安全應用(TA, Trusted Application)的方式進行開發整合和管理。 圖1為本發明實現驅動的系統的組成示意圖,如圖1所示,包括用戶空間和內核空間,其中,用戶空間中至少設置有:第一TEE內部(Internal)應用程式設計發展介面(API, Application Programming Interface)、安全應用(TA, Trusted Application),以及驅動程式如驅動TA(Driver TA);內核空間中至少設置有:第二TEE Internal API、TEE框架(Framework),以及安全作業系統(Secure OS);其中, 第一TEE Internal API與第二TEE Internal API,用於實現用戶空間內部、內核空間內部,以及用戶空間與內核空間之間的相互調用。比如:TA 調用第一TEE Internal AP、用戶空間的第一TEE Internal API通過sysycall調用內核空間的第二TEE Internal API,這樣,第二TEE Internal API才能調用內核空間的其他模組的介面,具體實現術語本領域技術人員的公知技術,並不用於限定本發明的保護範圍。 驅動TA中配置有驅動TA的屬性,比如:驅動的名稱、需要映射的實體位址和對應的虛擬位址等。 配置方式與普通TA的屬性配置方式類似。這些屬性在編譯的時候,會被放在一個特殊的段裡。 驅動TA包括一個或一個以上,一個第三方的TA可以對應一個驅動TA。 TEE框架,基於安全OS,在載入驅動程式時,解析驅動TA的屬性,以完成分配資源、註冊驅動、將設備實體位址映射到對應的虛擬位址空間上中的至少一個功能。 本發明提供的實現驅動的架構中,驅動程式的代碼均在用戶空間的驅動TA,不需要再與OS進行整合處理,完全實現了以TA的形式對用戶的驅動程式進行開發整合和管理。而且,不需要使用sysfs記錄用戶空間驅動的記憶體映射等資訊,所有的用戶空間的驅動資訊都只在驅動的TA中和TEE動態運行的記憶體中,因此不會造成資訊洩露,保證了驅動程式的安全性。 通過本發明提供的實現驅動的架構,不需要驅動的開發者顯示的調用mmap()、驅動的註冊等相關函數,只需要簡單地配置驅動TA的屬性,而與普通TA的開發方式儘量保持了一致,這樣,減少了第三方驅動開發者的工作量;而且,也不需要sysfs的參與,實現了無驅動資訊洩漏的隱患,保證了驅動程式的安全性。第三方的驅動已TA的方式整合到TEE中,因此,實現了採用TAM的方式動態的更新,減少了驅動程式整合成本。 可選地,內核空間中還設置有:用戶空間驅動程式框架(Userspace Driver Framework);相應地, TEE框架還用於:在外部如驅動的開發者需要註冊用戶空間驅動的中斷時,為該中斷需要回應的驅動的TA建立一個單獨的中斷處理執行緒; 用戶空間驅動程式框架,用於保存TEE框架建立的中斷處理執行緒、用戶空間中中斷處理函數和該註冊的中斷的中斷號的對應關係,被TEE內核空間的第二TEE Internal API調用註冊用戶空間驅動設備通用的中斷處理函數;當有中斷產生時,先調用通用的中斷處理函數,再根據對應關係中與產生的中斷對應的中斷號喚醒對應的中斷處理執行緒,將驅動用戶空間中斷處理函數的入口位址傳給喚醒的中斷處理執行緒。 這樣,中斷處理執行緒會切換到驅動用戶空間的中斷處理函數並處理中斷。 本發明提供的實現驅動的系統中,中斷驅動程式的代碼均在用戶空間的驅動TA,不需要再與OS進行整合處理,完全實現了以TA的形式對用戶的驅動程式進行開發整合和管理。 通過本發明提供的實現驅動的系統,中斷註冊仍可以採用調用中斷註冊API的方案,因此,用戶無需感知內部處理流程;當有中斷產生時,只需利用單獨高優先順序執行緒該中斷, 這樣,最大程度上保證了中斷回應的即時性。 也就是說,通過本發明提供的實現驅動的系統,不需要驅動程式的開發者感知記憶體映射、註冊驅動、用戶空間回應中斷需要等待在設備讀操作上等操作, 在本發明提供的實現驅動的系統中,記憶體的映射、驅動註冊只需簡單的配置驅動的屬性,而中斷仍採用調用中斷註冊函數的方式,與相關技術中在內核空間開發驅動的方案保持一致,這樣極大地減小了驅動開發的複雜性。 圖2為本發明實現驅動的方法的流程圖,如圖2所示,包括: 步驟200:在用戶空間配置驅動TA的屬性。 可選地,屬性包括但不限於:驅動的名稱、需要映射的實體位址和對應的虛擬位址等。 配置方式與普通TA的屬性配置方式類似。這些屬性在編譯的時候,會被放在一個特殊的段裡。 驅動TA包括一個或一個以上,一個第三方的TA可以對應一個驅動TA。 步驟201:基於安全OS,內核空間載入驅動程式時,解析驅動TA的屬性,以完成分配資源、註冊驅動、將設備實體位址映射到對應的虛擬位址空間上中的至少一個功能。 本發明提供的實現驅動的方法中,驅動程式的代碼均在用戶空間的驅動TA,不需要再與OS進行整合處理,完全實現了以TA的形式對用戶的驅動程式進行開發整合和管理。而且,不需要使用sysfs記錄用戶空間驅動的記憶體映射等資訊,所有的用戶空間的驅動資訊都只在驅動的TA中和TEE動態運行的記憶體中,因此不會造成資訊洩露,保證了驅動程式的安全性。 通過本發明提供的實現驅動的方法,不需要驅動的開發者顯示的調用mmap()、驅動的註冊等相關函數,只需要簡單地配置驅動TA的屬性,而與普通TA的開發方式儘量保持了一致,這樣,減少了第三方驅動開發者的工作量;而且,也不需要sysfs的參與,實現了無驅動資訊洩漏的隱患,保證了驅動程式的安全性。第三方的驅動已TA的方式整合到TEE中,因此,實現了採用TAM的方式動態的更新,減少了驅動程式整合成本。 本發明實現驅動的方法還包括: 在需要註冊用戶空間驅動的中斷時,內核空間為該中斷需要回應的驅動的TA建立一個單獨的中斷處理執行緒; 內核空間保存建立的中斷處理執行緒、用戶空間中中斷處理函數和該註冊的中斷的中斷號的對應關係,註冊用戶空間驅動設備通用的中斷處理函數; 當有中斷產生時,內核空間調用通用的中斷處理函數,根據對應關係中與產生的中斷對應的中斷號喚醒對應的中斷處理執行緒,將驅動用戶空間中斷處理函數的入口位址傳給喚醒的中斷處理執行緒。 這樣,中斷處理執行緒會切換到驅動用戶空間的中斷處理函數並處理中斷。 本發明提供的實現驅動的方法中,中斷驅動程式的代碼均在用戶空間的驅動TA,不需要再與OS進行整合處理,完全實現了以TA的形式對用戶的驅動程式進行開發整合和管理。 通過本發明提供的實現驅動的方法,中斷註冊仍可以採用調用中斷註冊API的方案,因此,用戶無需感知內部處理流程;當有中斷產生時,只需利用單獨高優先順序執行緒該中斷, 這樣,最大程度上保證了中斷回應的即時性。 也就是說,通過本申請提供的實現驅動的方法,不需要驅動程式的開發者感知記憶體映射、註冊驅動、使用者空間回應中斷需要等待在設備讀操作上等操作, 在本申請提供的實現驅動的架構中,記憶體的映射、驅動註冊只需簡單的配置驅動的屬性,而中斷仍採用調用中斷註冊函數的方式,與相關技術中在內核空間開發驅動的方案保持一致,這樣極大地減小了驅動開發的複雜性。 在實際的應用中,為了保證安全性,有很多的驅動程式是需要配置成只有TEE才可以訪問的,比如加密引擎,這種情況下,需要在TEE中整合這些驅動程式。利用本發明提供的實現驅動的架構及方法,在高安全級別的需求下,這些第三方的驅動程式會整合在用戶空間,這樣,第三方的驅動程式的錯誤(bug)不會導致TEE有bug而受人攻擊;驅動程式崩潰(crash)時也不會導致整個TEE崩潰,方便了驅動程式的開發者開發和調試。同時,利用本發明提供的實現驅動的架構及方法,以TA的方式整合驅動程式,既方便了驅動程式的開發整合,又方便了使用TAM進行驅動的動態安裝、刪除、更新等操作。 本發明還提供一種電腦可讀儲存介質,儲存有電腦可執行指令,所述電腦可執行指令用於執行上述任一項所述的實現驅動的方法。 本發明還提供一種用於實現驅動的裝置,包括記憶體和處理器,其中,記憶體中儲存有以下可被處理器執行的指令:內核空間載入TA時,解析驅動TA的屬性,以完成分配資源、註冊驅動、將設備實體位址映射到對應的虛擬位址空間上中的至少一個功能,其中,所述驅動安全應用的屬性在用戶空間配置。 可選地,所述記憶體中還儲存有以下可被處理器執行的指令: 在註冊用戶空間驅動的中斷時,所述內核空間為該中斷需要回應的驅動的TA建立一個單獨的中斷處理執行緒;所述內核空間保存建立的中斷處理執行緒,驅動所述用戶空間中中斷處理函數和該中斷的中斷號的對應關係,註冊所述用戶空間驅動設備通用的中斷處理函數;當有中斷產生時,所述內核空間根據中斷號喚醒對應的中斷處理執行緒,將驅動用戶空間中斷處理函數的入口位址傳給喚醒的中斷處理執行緒。 雖然本發明所揭露的實施方式如上,但所述的內容僅為便於理解本發明而採用的實施方式,並非用以限定本發明。任何本發明所屬領域內的技術人員,在不脫離本發明所揭露的精神和範圍的前提下,可以在實施的形式及細節上進行任何的修改與變化,但本發明的專利保護範圍,仍須以所附的申請專利範圍所界定的範圍為準。In order to make the purpose, technical solution and advantages of the present invention more clear, the embodiments of the present invention will be described in detail below with reference to the drawings. It should be noted that, in the case of no conflict, the embodiments of the present invention and the features in the embodiments can be combined arbitrarily with each other. In a typical configuration of the invention, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory. Memory may include non-permanent memory in computer-readable media, random access memory (RAM) and/or non-volatile memory in the form of read-only memory (ROM) or flash memory (flash RAM). The memory is an example of a computer readable medium. Computer-readable media includes permanent and non-permanent, removable and non-removable media that can be implemented by any method or technology for information storage. Information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for computers include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM) , read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technologies, compact disc read-only memory (CD-ROM), digital multifunction A compact disc (DVD) or other optical storage, magnetic cassette, tape magnetic disk storage or other magnetic storage device or any other non-transmission medium used to store information that can be accessed by a computing device. As defined herein, computer readable media excludes non-transitory computer readable media, such as modulated data signals and carrier waves. The steps shown in the flowcharts of the drawings may be performed on a computer system, such as a set of computer-executable instructions. Also, although a logical order is shown in the flowcharts, in some cases the steps shown or described may be performed in an order different from that presented herein. The Trusted Execution Environment (TEE) can ensure the storage, processing and protection of sensitive data in an isolated and trusted environment through hardware isolation. TEE is widely used in various security applications, such as payment, fingerprint and digital rights protection (DRM). TEE implements the driver program in the user space, which can meet the requirements of a higher security level. At the same time, the user driver program can be developed, integrated and managed in the form of a secure application (TA, Trusted Application) running inside the TEE. Fig. 1 is the schematic composition diagram of the system that realizes driving of the present invention, as shown in Fig. 1, comprise user space and kernel space, wherein, be provided with at least in user space: first TEE internal (Internal) application programming development interface (API, Application Programming Interface), security applications (TA, Trusted Application), and drivers such as driver TA (Driver TA); at least in the kernel space: the second TEE Internal API, TEE framework (Framework), and secure operating system (Secure OS); Wherein, the first TEE Internal API and the second TEE Internal API are used to implement mutual calls within the user space, inside the kernel space, and between the user space and the kernel space. For example: TA calls the first TEE Internal AP, and the first TEE Internal API in user space calls the second TEE Internal API in kernel space through sysycall. In this way, the second TEE Internal API can call the interface of other modules in kernel space, and the specific implementation The terms are well-known techniques of those skilled in the art, and are not used to limit the protection scope of the present invention. The attributes of the driver TA are configured in the driver TA, such as: the name of the driver, the physical address to be mapped and the corresponding virtual address, etc. The configuration method is similar to that of common TA attributes. These attributes are placed in a special section at compile time. The driver TA includes one or more than one, and a third-party TA can correspond to a driver TA. The TEE framework, based on a secure OS, analyzes the attributes of the driver TA when loading the driver to complete at least one of the functions of allocating resources, registering the driver, and mapping the physical address of the device to the corresponding virtual address space. In the framework for realizing the driver provided by the present invention, the code of the driver program is all in the driver TA in the user space, and there is no need to integrate with the OS, and the development, integration and management of the user's driver program in the form of TA are fully realized. Moreover, there is no need to use sysfs to record information such as the memory mapping of the user space driver. All the driver information of the user space is only stored in the TA of the driver and the memory in which the TEE dynamically runs, so no information leakage will be caused and the driver will be guaranteed. program security. Through the framework for realizing the driver provided by the present invention, there is no need for the developer of the driver to explicitly call mmap(), driver registration and other related functions, and only need to simply configure the attributes of the driver TA, while keeping as far as possible with the common TA development method In this way, the workload of third-party driver developers is reduced; moreover, the participation of sysfs is not required, so the hidden danger of no driver information leakage is realized, and the security of the driver is guaranteed. The third-party driver has been integrated into the TEE in the TA way. Therefore, the dynamic update in the TAM way is realized and the driver integration cost is reduced. Optionally, a user space driver framework (Userspace Driver Framework) is also set in the kernel space; correspondingly, the TEE framework is also used for: when an external driver needs to register an interrupt driven by the user space, for the interrupt The TA of the driver that needs to respond creates a separate interrupt processing thread; the user space driver framework is used to save the corresponding relationship between the interrupt processing thread created by the TEE framework, the interrupt processing function in the user space, and the interrupt number of the registered interrupt , is called by the second TEE Internal API of the TEE kernel space to register the general interrupt processing function of the user space drive device; when an interrupt occurs, the general interrupt processing function is called first, and then according to the interrupt number corresponding to the generated interrupt in the corresponding relationship Wake up the corresponding interrupt processing thread, and pass the entry address of the interrupt processing function driving the user space to the awakened interrupt processing thread. In this way, the interrupt handling thread will switch to the interrupt handling function driving the user space and handle the interrupt. In the driver implementation system provided by the present invention, the codes of the interrupt driver program are all in the driver TA in the user space, and there is no need to integrate with the OS, and the development, integration and management of the user's driver program in the form of TA are fully realized. Through the implementation-driven system provided by the present invention, the interrupt registration can still adopt the scheme of calling the interrupt registration API, therefore, the user does not need to perceive the internal processing flow; when an interrupt occurs, only need to use a separate high-priority order to execute the interrupt, like this , which ensures the immediacy of interrupt response to the greatest extent. That is to say, through the system for implementing the driver provided by the present invention, it is not necessary for the developer of the driver to perceive memory mapping, register the driver, and user space to respond to interrupts and wait for operations such as device read operations. In the implementation of the driver provided by the present invention In the system, the memory mapping and driver registration only need to simply configure the attributes of the driver, while the interrupt still adopts the method of calling the interrupt registration function, which is consistent with the scheme of developing the driver in the kernel space in the related technology, which greatly reduces the the complexity of driver development. Fig. 2 is a flow chart of the method for implementing the driver in the present invention, as shown in Fig. 2 , including: Step 200: Configure attributes of the driver TA in the user space. Optionally, attributes include but are not limited to: the name of the driver, the physical address to be mapped and the corresponding virtual address, etc. The configuration method is similar to that of common TA attributes. These attributes are placed in a special section at compile time. The driver TA includes one or more than one, and a third-party TA can correspond to a driver TA. Step 201: Based on the secure OS, when the kernel space loads the driver program, analyze the attributes of the driver TA to complete at least one of the functions of allocating resources, registering the driver, and mapping the physical address of the device to the corresponding virtual address space. In the driving method provided by the present invention, the codes of the driver program are all in the driver TA in the user space, and there is no need to integrate with the OS, and the development, integration and management of the user's driver program in the form of TA are fully realized. Moreover, there is no need to use sysfs to record information such as the memory mapping of the user space driver. All the driver information of the user space is only stored in the TA of the driver and the memory in which the TEE dynamically runs, so no information leakage will be caused and the driver will be guaranteed. program security. Through the method for realizing the driver provided by the present invention, the developer of the driver does not need to display related functions such as calling mmap(), driver registration, etc., and only needs to simply configure the attributes of the driver TA, while keeping as much as possible with the development method of the common TA. In this way, the workload of third-party driver developers is reduced; moreover, the participation of sysfs is not required, so the hidden danger of no driver information leakage is realized, and the security of the driver is guaranteed. The third-party driver has been integrated into the TEE in the TA way. Therefore, the dynamic update in the TAM way is realized and the driver integration cost is reduced. The method for realizing the driver of the present invention also includes: When the interrupt driven by the user space needs to be registered, the kernel space establishes a separate interrupt processing execution thread for the TA of the driver that needs to respond to the interrupt; the kernel space saves the established interrupt processing execution thread, user The corresponding relationship between the interrupt processing function in the space and the interrupt number of the registered interrupt, register the general interrupt processing function of the user space drive device; when an interrupt occurs, the kernel space calls the general interrupt processing function, according to the corresponding relationship and the generated The interrupt number corresponding to the interrupt wakes up the corresponding interrupt processing thread, and transmits the entry address of the interrupt processing function driving the user space to the awakened interrupt processing thread. In this way, the interrupt handling thread will switch to the interrupt handling function driving the user space and handle the interrupt. In the driving method provided by the present invention, the code of the interrupt driver program is all in the driver TA in the user space, and there is no need to integrate with the OS, and the development, integration and management of the user's driver program in the form of TA are fully realized. Through the method for implementing the drive provided by the present invention, the interrupt registration can still adopt the scheme of calling the interrupt registration API, therefore, the user does not need to perceive the internal processing flow; when an interrupt occurs, it only needs to use a separate high-priority thread to execute the interrupt, so , which ensures the immediacy of interrupt response to the greatest extent. That is to say, through the method of implementing the driver provided by this application, the developer of the driver program does not need to perceive the memory mapping, register the driver, and the user space responds to interrupts and waits for the device read operation. The implementation provided by this application In the driver architecture, memory mapping and driver registration only need to simply configure the attributes of the driver, while interrupts still use the method of calling interrupt registration functions, which is consistent with the scheme of developing drivers in the kernel space in related technologies, which greatly reduces Reduce the complexity of driver development. In practical applications, in order to ensure security, many drivers need to be configured so that only the TEE can access them, such as the encryption engine. In this case, these drivers need to be integrated in the TEE. Utilizing the framework and method for realizing the driver provided by the present invention, these third-party drivers will be integrated in the user space under the requirement of high security level, so that the error (bug) of the third-party driver will not cause the TEE to have bugs And it is attacked by people; when the driver program crashes (crash), it will not cause the entire TEE to crash, which is convenient for the developer of the driver program to develop and debug. At the same time, using the framework and method for realizing the driver provided by the present invention, the driver program is integrated in the form of TA, which not only facilitates the development and integration of the driver program, but also facilitates operations such as dynamic installation, deletion, and update of the driver using TAM. The present invention also provides a computer-readable storage medium, which stores computer-executable instructions, and the computer-executable instructions are used to execute the driving method described in any one of the above. The present invention also provides a device for implementing a driver, including a memory and a processor, wherein the memory stores the following instructions that can be executed by the processor: when the kernel space loads the TA, analyze the attributes of the driver TA to complete At least one function of allocating resources, registering drivers, and mapping device physical addresses to corresponding virtual address spaces, wherein the attributes of the driver security application are configured in user space. Optionally, the memory also stores the following instructions that can be executed by the processor: When registering an interrupt driven by the user space, the kernel space establishes a separate interrupt processing execution for the TA of the driver that needs to respond to the interrupt thread; the kernel space saves the established interrupt processing execution thread, drives the corresponding relationship between the interrupt processing function in the user space and the interrupt number of the interrupt, and registers the general interrupt processing function of the user space driver device; when an interrupt occurs At this time, the kernel space wakes up the corresponding interrupt processing thread according to the interrupt number, and transmits the entry address of the interrupt processing function driving the user space to the awakened interrupt processing thread. Although the embodiments disclosed in the present invention are as above, the described content is only an embodiment adopted for understanding the present invention, and is not intended to limit the present invention. Anyone skilled in the field of the present invention can make any modifications and changes in the form and details of the implementation without departing from the spirit and scope disclosed by the present invention, but the scope of patent protection of the present invention must still be The scope defined in the appended scope of patent application shall prevail.
