CN112148314A - Mirror image verification method, device, equipment and storage medium of embedded system - Google Patents
Mirror image verification method, device, equipment and storage medium of embedded system Download PDFInfo
- Publication number
- CN112148314A CN112148314A CN202010994617.5A CN202010994617A CN112148314A CN 112148314 A CN112148314 A CN 112148314A CN 202010994617 A CN202010994617 A CN 202010994617A CN 112148314 A CN112148314 A CN 112148314A
- Authority
- CN
- China
- Prior art keywords
- data
- verified
- authentication certificate
- mirror image
- abstract
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000012795 verification Methods 0.000 title claims abstract description 48
- 238000000034 method Methods 0.000 title claims abstract description 45
- 238000004422 calculation algorithm Methods 0.000 claims description 14
- 238000005192 partition Methods 0.000 claims description 9
- 238000004590 computer program Methods 0.000 claims description 6
- 238000013524 data verification Methods 0.000 claims description 4
- 230000003287 optical effect Effects 0.000 description 6
- 238000010586 diagram Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 238000004364 calculation method Methods 0.000 description 4
- 230000002159 abnormal effect Effects 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 239000013307 optical fiber Substances 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 101100217298 Mus musculus Aspm gene Proteins 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000008707 rearrangement Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/61—Installation
- G06F8/63—Image based installation; Cloning; Build to order
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention discloses a mirror image verification method, a mirror image verification device, mirror image verification equipment and a storage medium of an embedded system. Wherein, the method comprises the following steps: obtaining mirror image data to be verified and fuse configuration; the mirror image data to be verified comprises data content to be verified, a data signature and an authentication certificate, and the fuse configuration comprises an authentication certificate abstract; verifying the authentication certificate according to the authentication certificate abstract; if the authentication certificate is successfully verified, decrypting the data signature according to the authentication certificate to obtain a data abstract; verifying the data content to be verified according to the data abstract; and if the content of the data to be verified is successfully verified, determining that the mirror image data to be verified is legal, and downloading the mirror image data to be verified to a storage device to complete mirror image verification. The downloaded mirror image data is verified, error burning is avoided, and the safe starting efficiency is improved.
Description
Technical Field
The embodiment of the invention relates to computer technology, in particular to a mirror image verification method, a mirror image verification device, mirror image verification equipment and a storage medium of an embedded system.
Background
The mirror image verification of the embedded system means that when the mirror image data of the application program is downloaded to the embedded system, the correctness of the mirror image data is ensured. If the mirror image data is wrong, the situation of wrong burning occurs, and the safe starting of the system cannot be completed.
In the prior art, mirror image data to be downloaded is downloaded to a storage device for safe starting, and if the starting can be completed, the mirror image data is correct; if the startup cannot be completed, the problem of the mirror image data is shown, and the mirror image data needs to be downloaded again. The downloading process is complicated, the efficiency of safe starting of the system is influenced, whether the mirror image data is accurate or not can not be determined in advance during downloading, the stability of safe starting is low, and the time for safe starting of the system is wasted.
Disclosure of Invention
The embodiment of the invention provides a mirror image verification method, a device, equipment and a storage medium of an embedded system, which are used for improving the stability of mirror image verification when the system is safely started.
In a first aspect, an embodiment of the present invention provides a method for verifying a mirror image of an embedded system, where the method includes:
obtaining mirror image data to be verified and fuse configuration; the mirror image data to be verified comprises data content to be verified, a data signature and an authentication certificate, and the fuse configuration comprises an authentication certificate abstract;
verifying the authentication certificate according to the authentication certificate abstract;
if the authentication certificate is successfully verified, decrypting the data signature according to the authentication certificate to obtain a data abstract;
verifying the data content to be verified according to the data abstract;
and if the content of the data to be verified is successfully verified, determining that the mirror image data to be verified is legal, and downloading the mirror image data to be verified to a storage device to complete mirror image verification.
In a second aspect, an embodiment of the present invention further provides an image verification apparatus for an embedded system, where the apparatus includes:
the data acquisition module is used for acquiring mirror image data to be verified and fuse configuration; the mirror image data to be verified comprises data content to be verified, a data signature and an authentication certificate, and the fuse configuration comprises an authentication certificate abstract;
the certificate verification module is used for verifying the authentication certificate according to the authentication certificate abstract;
the signature decryption module is used for decrypting the data signature according to the authentication certificate to obtain a data abstract if the authentication certificate is successfully verified;
the data verification module is used for verifying the data content to be verified according to the data abstract;
and the data downloading module is used for determining that the mirror image data to be verified is legal if the content of the data to be verified is verified successfully, and downloading the mirror image data to be verified to the storage device so as to finish the mirror image verification.
In a third aspect, an embodiment of the present invention further provides a computer device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor executes the computer program to implement the image verification method for an embedded system according to any embodiment of the present invention.
In a fourth aspect, embodiments of the present invention further provide a storage medium containing computer-executable instructions, which when executed by a computer processor, are configured to perform the image verification method of an embedded system according to any embodiment of the present invention.
The embodiment of the invention determines whether the authentication certificate is legal or not by acquiring the authentication certificate in the mirror image data to be verified and the authentication certificate abstract in the fuse configuration. If the authentication certificate is legal, the data signature is decrypted according to the secret key in the authentication certificate, the data content to be verified is determined to be correct according to the decrypted data signature, and the safe starting of the system is completed. The problem that whether data errors exist can only be confirmed after the mirror image data to be verified is downloaded in the prior art is solved, error burning is prevented, multiple downloading is avoided, the time for safely starting the system is saved, and the efficiency for safely starting the system is improved. And the system can also prevent third party attack and the system can not be started due to downloading of wrong images, thereby improving the stability of image verification when the system is safely started.
Drawings
Fig. 1 is a schematic flowchart of a mirror image verification method for an embedded system according to a first embodiment of the present invention;
fig. 2 is a schematic flowchart of a mirror image verification method for an embedded system according to a second embodiment of the present invention;
fig. 3 is a block diagram of a mirror image verification apparatus of an embedded system according to a third embodiment of the present invention;
fig. 4 is a schematic structural diagram of a computer device in the fourth embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
Example one
Fig. 1 is a schematic flowchart of a method for verifying an image of an embedded system according to an embodiment of the present invention, where the embodiment is applicable to a case of securely booting a system, and the method can be executed by an image verifying apparatus of an embedded system. As shown in fig. 1, the method specifically includes the following steps:
When the embedded system enters a bootloader (boot program) downloading mode, the mirror image data to be verified is downloaded from the upper computer to the mirror image data to be verified in the system memory, and therefore the mirror image data to be verified can be obtained from the system memory. After the image data to be verified is legal, the image data can be downloaded to a storage device of the system. The mirror image data to be verified can comprise data content to be verified, a data signature and an authentication certificate. The data content to be verified is the specific content to be downloaded and also the protected content. The data signature is a signature obtained by calculating the content of the data to be verified by adopting a hash algorithm to obtain a hash value and then encrypting the hash value by utilizing a preset key. For example, the Hash Algorithm may be MD5(Message Digest Algorithm, fifth edition), SHA1(Secure Hash Algorithm), SHA256(Secure Hash Algorithm), or the like, and the key may be a private key in asymmetric encryption. The authentication certificate is used for authenticating the data signature, the correctness of the data signature can be determined, and the authentication certificate can comprise a decryption key corresponding to the encryption key and manufacturer information of the mirror image data to be verified. The fuse configuration can be obtained from the memory of the system or from a Central Processing Unit (CPU) that has been fused, and is information determined by the manufacturer. The Fuse is an electronic Fuse, which may be an electronic-Fuse (eFuse), and is a kind of one-time programmable memory. The fuse configuration may include configuration parameter information for secure boot and information such as an authentication certificate digest, where the authentication certificate digest may be a digest obtained by a manufacturer calculating data in an authentication certificate by using a hash algorithm before shipping mirror image data to be verified.
In this embodiment, optionally, the obtaining of the mirror image data to be verified and the fuse configuration includes: acquiring mirror image data to be verified from an embedded system memory; if the CPU is provided with a fuse, acquiring the fuse configuration from the CPU; and if the CPU is not provided with the fuse, acquiring the fuse configuration from the memory of the embedded system.
Specifically, the mirror image data to be verified is obtained from the memory of the embedded system and is transmitted to the storage device. The fuse configuration can be obtained from the memory of the embedded system or from the CPU. The fuse in the CPU may be in a fused state or in an unfused state. In the fused state, the fuse configuration is stored in the CPU, and in the unfused state, the fuse configuration is stored in the embedded system memory. In the case of no fuse, the fuse configuration in the CPU does not include the authentication certificate digest, and therefore, the fuse configuration cannot be acquired from the CPU. And the system can not enter the safe starting process under the condition of not fusing, but can verify the mirror image data, and can be safely started only under the condition of fusing. When the CPU needs to be subjected to fuse, namely when the CPU is not in a fuse state, the bootloader is in a downloading mode, and at the moment, the fuse configuration is downloaded into the memory of the embedded system through the upper computer, so that the fuse configuration can be obtained from the memory of the embedded system. The method has the advantages that the fuse configuration can be obtained under the state of no fuse or the state of a fuse, so that the mirror image data to be verified is verified, the mirror image verification of the embedded system is realized, the error burning is avoided, and the guarantee is provided for safe starting.
And 120, verifying the authentication certificate according to the authentication certificate abstract.
Wherein after obtaining the fuse configuration, obtaining an authentication certificate digest in the fuse configuration. And obtaining the authentication certificate in the mirror image data to be verified after obtaining the mirror image data to be verified. Verifying the content in the authentication certificate according to the authentication certificate abstract, wherein if the verification is successful, the authentication certificate is legal, and the content of the data to be verified can be verified according to the authentication certificate; if the verification fails, the situation that the data in the authentication certificate has errors or is tampered is indicated, the mirror image data to be verified is illegal, burning is refused, an error is returned to the upper computer or the terminal, and the mirror image data to be verified is stopped from being downloaded into the storage device.
In this embodiment, optionally, verifying the authentication certificate according to the authentication certificate digest includes: calculating certificate data in the authentication certificate by adopting a Hash algorithm to obtain a certificate data abstract; comparing the certificate data abstract with the certificate abstract; and if the certificate data abstract is consistent with the authentication certificate abstract, determining that the authentication certificate is successfully verified.
Specifically, a hash algorithm is adopted to calculate certificate data in the authentication certificate, the certificate data can be data such as manufacturer information, and the calculated hash value is a certificate data abstract. And comparing the certificate data digest with the authentication certificate digest, namely comparing the hash values of the certificate data digest and the authentication certificate digest. If the hash values of the two are consistent, the certificate data in the authentication certificate is legal, the authentication certificate is successfully verified, and the process of safe starting can be continued; if the two are not consistent, the authentication certificate fails to be verified, and an error is returned to the upper computer or the terminal. The method has the advantages that the authentication certificate is verified through the authentication certificate abstract in the fuse configuration, the mirror image data to be verified is prevented from being downloaded under the condition that the authentication certificate has errors, whether the data in the authentication certificate changes or not can be effectively checked, the situation that the downloading fails due to the fact that a secret key in the authentication certificate is tampered is avoided, the repeated trying times of safe starting are reduced, the error burning is prevented, the safety of data is improved, and the efficiency of safe starting of the embedded system is improved.
And step 130, if the authentication certificate is successfully verified, decrypting the data signature according to the authentication certificate to obtain the data abstract.
If the authentication certificate is successfully verified, the data signature is decrypted into the data abstract by using the authentication certificate, and the decryption is performed according to the encryption mode of the data signature. The data digest is a hash value obtained by calculating the content of the data to be verified by adopting a hash algorithm.
In this embodiment, optionally, if the authentication certificate is successfully verified, decrypting the data signature according to the authentication certificate to obtain the data digest includes: if the authentication certificate is successfully verified, acquiring a secret key in the authentication certificate; and decrypting the data signature according to the key to obtain the data abstract.
Specifically, the decrypted key is obtained from the authentication certificate, the data signature is decrypted according to the decrypted key, and the content obtained after decryption is the data digest. For example, if the encryption is performed by using the private key in the asymmetric encryption, the decryption is performed based on the public key. The data digest is determined by calculation in advance according to the content of the data to be verified before the secure boot, for example, the data digest may be obtained by performing hash calculation on the data to be verified. The method has the advantages that after the authentication certificate is successfully verified, the data signature is decrypted according to the authentication certificate, correctness of the encryption key and the decryption key can be guaranteed, if the key in the authentication certificate cannot decrypt the data signature, the decryption key is wrong, safe starting of the embedded system is stopped in time, the error is returned to the upper computer or the terminal, the situation that the error exists after the mirror image data to be verified is downloaded to the storage device is avoided, and the safe starting efficiency of the embedded system is improved.
And step 140, verifying the data content to be verified according to the data abstract.
The data abstract is used for verifying the correctness of the data content to be verified, and the content represented by the data abstract can be compared with the data content to be verified to determine whether the data content to be verified is tampered by people. The content of the data to be verified can be converted into a data abstract format, the data abstract is compared with the converted content of the data to be verified, whether the content of the data to be verified is tampered or not can be verified, third-party attack is prevented, the system cannot be started due to downloading of wrong images, and image verification of the system in safe starting is achieved.
In this embodiment, optionally, verifying the content of the data to be verified according to the data digest includes: calculating the content of the data to be verified by adopting a Hash algorithm to obtain a summary of the content of the data to be verified; comparing the data content abstract to be verified with the data abstract; and if the data content abstract to be verified is consistent with the data abstract, determining that the data content to be verified is verified successfully.
Specifically, when the content of the data to be verified is verified according to the data digest, hash calculation may be performed on the content of the data to be verified to obtain the digest of the content of the data to be verified. The data abstract is a value obtained by performing hash calculation on the data content to be verified in advance, so that the data content abstract to be verified can be compared with the data abstract. If the summary of the data content to be verified is consistent with the data summary, the data content to be verified is not modified, the data content to be verified is successfully verified, and safe starting can be continued; if the summary of the data content to be verified is inconsistent with the summary of the data, the data content to be verified is abnormal, the data content to be verified fails to be verified, and an error is returned to the upper computer or the terminal. If the secure start of the embedded system is continued under the condition that the content verification of the data to be verified fails, the start failure occurs, and the downloading of the mirror image data to be verified needs to be carried out again. The method has the advantages that the correctness of the data content to be verified can be ensured by verifying the data content to be verified, the phenomenon that the data content to be verified is abnormal after the mirror image data to be verified is downloaded is avoided, error burning is prevented, the number of times of safe starting is reduced, and the safe starting efficiency of the embedded system is improved.
And 150, if the content of the data to be verified is successfully verified, determining that the mirror image data to be verified is legal, and downloading the mirror image data to be verified into the storage device to complete safe starting.
If the content of the data to be verified is successfully verified, it is indicated that the content of the data to be verified as protected content is not modified, the image data to be verified is legal, and the image data to be verified can be downloaded to the storage device partition to complete safe starting.
According to the technical scheme of the embodiment, whether the authentication certificate is legal or not is determined by obtaining the authentication certificate in the mirror image data to be verified and the authentication certificate abstract in the fuse configuration. If the certificate is legal, the data signature is decrypted according to the secret key in the certificate, and the data to be verified is determined to be correct according to the decrypted data signature, so that the safe starting of the system is completed. The problem of among the prior art, can only confirm whether have the data error when system start after waiting to verify the mirror image data download, prevent wrong burning, avoid downloading many times, prevent third party's attack, download wrong mirror image and lead to the system can not start is solved, the time of saving system safety start, the efficiency of improvement system safety start.
Example two
Fig. 2 is a flowchart illustrating a mirror image verification method for an embedded system according to a second embodiment of the present invention, where the present embodiment is further optimized based on the above-mentioned embodiments, and the method can be executed by a mirror image verification apparatus for an embedded system. As shown in fig. 2, the method specifically includes the following steps:
The mirror image data to be verified can include the data content to be verified and the data signature, but does not include the authentication certificate.
If the validity of the mirror image data to be verified without the certificate is verified, the certificate can be acquired from other successfully verified storage device partitions containing the mirror image data of the certificate, whether the certificate is authentic or not is verified through the certificate abstract in the fuse configuration, and then the data signature in the mirror image data to be verified without the certificate is verified through the acquired certificate. The authentication certificate is required to be kept consistent in the to-be-verified mirror image data participating in the safe starting, and at least one to-be-verified mirror image data in the multi-stage to-be-verified mirror image data participating in the safe starting contains the authentication certificate, so that the authentication certificate can be obtained to verify other to-be-verified mirror image data without the authentication certificate.
And step 230, verifying the authentication certificate according to the authentication certificate abstract.
And step 240, if the authentication certificate is successfully verified, decrypting the data signature according to the authentication certificate to obtain the data abstract.
And step 250, verifying the data content to be verified according to the data abstract.
And step 260, if the content of the data to be verified is successfully verified, determining that the mirror image data to be verified is legal, and downloading the mirror image data to be verified to the storage device to complete the mirror image verification.
If the CPU is in a fuse, downloading the mirror image data to be verified to the storage device after determining that the mirror image data to be verified is legal, and finishing the safe starting. If the CPU is not fused, the non-fused state can be converted into the fused state, and the fuse configuration information cannot be changed after the fuse.
In this embodiment, optionally, after determining that the mirror image data to be verified is legal if the content of the data to be verified is verified successfully, the method further includes: and if the CPU is not provided with the fuse, downloading the fuse configuration to a fuse configuration partition of the storage device for the CPU without the fuse to complete the fuse after restarting.
Specifically, if the verification of the data content to be verified is completed in the state without the fuse, the fuse process is entered after the verification is successful. The fuse process is to download the fuse configuration to the fuse configuration partition of the storage device, the un-fused CPU performs the fuse according to the configuration information of the fuse configuration partition after the embedded system is restarted, the fuse bit in the CPU is configured according to the configuration information, and the CPU is changed from the un-fused fuse to the fused fuse. When the CPU is fused, the fuse configuration partition in the storage device may be considered to have failed, and no further information need to be read from the fuse configuration partition, at which point the fuse configuration may be read directly from the CPU. The method has the advantages that the data content to be verified is verified in the state of the non-fuse wire or the state of the fuse wire, the state of the non-fuse wire is timely switched to the state of the fuse wire, error burning is prevented, the follow-up data content to be verified is conveniently verified, and the efficiency of safe starting is improved.
The embodiment of the invention determines whether the authentication certificate is legal or not by acquiring the authentication certificate in the verified mirror image data and the authentication certificate abstract in the fuse configuration. If the authentication certificate is legal, decrypting the data signature of the mirror image data to be verified according to the secret key in the authentication certificate, determining that the data to be verified is correct according to the decrypted data signature, and finishing the safe starting of the system. The problem that whether data errors exist can be confirmed only after the mirror image data to be verified is downloaded and the system is started in the prior art is solved, error burning is prevented, multiple downloading is avoided, the time for safely starting the system is saved, third party attack is prevented, the system cannot be started due to the fact that the mirror image is downloaded in error, safe starting is achieved under the condition that the mirror image data to be verified does not contain an authentication certificate, and the efficiency of safe starting of the system is improved.
EXAMPLE III
Fig. 3 is a block diagram of a mirror image verification apparatus of an embedded system according to a third embodiment of the present invention, which is capable of executing a mirror image verification method of an embedded system according to any embodiment of the present invention, and has functional modules and beneficial effects corresponding to the execution method. As shown in fig. 3, the apparatus specifically includes:
the data acquisition module 301 is configured to acquire mirror image data to be verified and fuse configuration; the mirror image data to be verified comprises data content to be verified, a data signature and an authentication certificate, and the fuse configuration comprises an authentication certificate abstract;
a certificate verification module 302, configured to verify the authentication certificate according to the authentication certificate digest;
the signature decryption module 303 is configured to decrypt the data signature according to the authentication certificate to obtain a data digest if the authentication certificate is successfully verified;
the data verification module 304 is configured to verify the content of the data to be verified according to the data digest;
and the data downloading module 305 is configured to determine that the image data to be verified is legal if the content of the data to be verified is successfully verified, and download the image data to be verified to the storage device to complete image verification.
Optionally, the certificate verification module 302 includes:
a certificate data abstract obtaining unit, configured to calculate certificate data in the authentication certificate by using a hash algorithm to obtain a certificate data abstract;
the certificate abstract comparison unit is used for comparing the certificate data abstract with the certificate authentication abstract;
and the certificate abstract verifying unit is used for determining that the certificate verification is successful if the certificate data abstract is consistent with the certificate abstract.
Optionally, the signature decryption module 303 includes:
the key obtaining unit is used for obtaining a key in the certificate if the certificate is successfully verified;
and the data abstract obtaining unit is used for decrypting the data signature according to the key to obtain the data abstract.
Optionally, the data verification module 304 includes:
the data content abstract obtaining unit is used for calculating the data content to be verified by adopting a Hash algorithm to obtain the abstract of the data content to be verified;
the data abstract comparison unit is used for comparing the abstract of the data content to be verified with the data abstract;
and the data abstract verifying unit is used for determining that the content of the data to be verified is successfully verified if the content abstract of the data to be verified is consistent with the data abstract.
Optionally, the data obtaining module 301 is specifically configured to:
acquiring mirror image data to be verified from an embedded system memory;
if the CPU is provided with a fuse, acquiring the fuse configuration from the CPU;
and if the CPU is not provided with the fuse, acquiring the fuse configuration from the memory of the embedded system.
Optionally, the apparatus further comprises:
and the CPU fuse module is used for downloading the fuse configuration to the fuse configuration partition of the storage device if the CPU is not fused after the mirror image data to be verified is determined to be legal if the content of the data to be verified is verified successfully, so that the un-fused CPU completes the fuse after being restarted.
Optionally, the apparatus further comprises:
and the authentication certificate acquisition module is used for acquiring the authentication certificate from the verified mirror image data including the authentication certificate if the mirror image data to be verified does not include the authentication certificate after acquiring the mirror image data to be verified and the fuse configuration.
The embodiment of the invention determines whether the authentication certificate is legal or not by acquiring the authentication certificate in the mirror image data to be verified and the authentication certificate abstract in the fuse configuration. If the certificate is legal, the data signature is decrypted according to the secret key in the certificate, and the data to be verified is determined to be correct according to the decrypted data signature, so that the safe starting of the system is completed. The problem that whether data errors exist can be confirmed only after the mirror image data to be verified is downloaded and the system is started in the prior art is solved, error burning is prevented, multiple downloading is avoided, time for safely starting the system is saved, and efficiency for safely starting the system is improved.
Example four
Fig. 4 is a schematic structural diagram of a computer device according to a fourth embodiment of the present invention. FIG. 4 illustrates a block diagram of an exemplary computer device 400 suitable for use in implementing embodiments of the present invention. The computer device 400 shown in fig. 4 is only an example and should not bring any limitations to the functionality or scope of use of the embodiments of the present invention.
As shown in fig. 4, computer device 400 is in the form of a general purpose computing device. The components of computer device 400 may include, but are not limited to: one or more processors or processing units 401, a system memory 402, and a bus 403 that couples the various system components (including the system memory 402 and the processing unit 401).
The system memory 402 may include computer system readable media in the form of volatile memory, such as Random Access Memory (RAM)404 and/or cache memory 405. The computer device 400 may further include other removable/non-removable, volatile/nonvolatile computer system storage media. By way of example only, storage system 406 may be used to read from and write to non-removable, nonvolatile magnetic media (not shown in FIG. 4, and commonly referred to as a "hard drive"). Although not shown in FIG. 4, a magnetic disk drive for reading from and writing to a removable, nonvolatile magnetic disk (e.g., a "floppy disk") and an optical disk drive for reading from or writing to a removable, nonvolatile optical disk (e.g., a CD-ROM, DVD-ROM, or other optical media) may be provided. In these cases, each drive may be connected to the bus 403 by one or more data media interfaces. Memory 402 may include at least one program product having a set (e.g., at least one) of program modules that are configured to carry out the functions of embodiments of the invention.
A program/utility 408 having a set (at least one) of program modules 407 may be stored, for example, in memory 402, such program modules 407 including, but not limited to, an operating system, one or more application programs, other program modules, and program data, each of which examples or some combination thereof may comprise an implementation of a network environment. Program modules 407 generally perform the functions and/or methods of the described embodiments of the invention.
The computer device 400 may also communicate with one or more external devices 409 (e.g., keyboard, pointing device, display 410, etc.), with one or more devices that enable a user to interact with the computer device 400, and/or with any devices (e.g., network card, modem, etc.) that enable the computer device 400 to communicate with one or more other computing devices. Such communication may be through input/output (I/O) interface 411. Moreover, computer device 400 may also communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network such as the Internet) via network adapter 412. As shown in FIG. 4, network adapter 412 communicates with the other modules of computer device 400 via bus 403. It should be appreciated that although not shown in FIG. 4, other hardware and/or software modules may be used in conjunction with computer device 400, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
The processing unit 401 executes various functional applications and data processing by running the program stored in the system memory 402, for example, implementing an image verification method for an embedded system provided by the embodiment of the present invention, including:
obtaining mirror image data to be verified and fuse configuration; the mirror image data to be verified comprises data content to be verified, a data signature and an authentication certificate, and the fuse configuration comprises an authentication certificate abstract;
verifying the authentication certificate according to the authentication certificate abstract;
if the authentication certificate is successfully verified, decrypting the data signature according to the authentication certificate to obtain a data abstract;
verifying the data content to be verified according to the data abstract;
and if the content of the data to be verified is successfully verified, determining that the mirror image data to be verified is legal, and downloading the mirror image data to be verified into the storage device to complete the mirror image verification.
EXAMPLE five
The fifth embodiment of the present invention further provides a storage medium containing computer-executable instructions, where a computer program is stored on the storage medium, and when the computer program is executed by a processor, the method for verifying the mirror image of the embedded system according to the fifth embodiment of the present invention is implemented, where the method includes:
obtaining mirror image data to be verified and fuse configuration; the mirror image data to be verified comprises data content to be verified, a data signature and an authentication certificate, and the fuse configuration comprises an authentication certificate abstract;
verifying the authentication certificate according to the authentication certificate abstract;
if the authentication certificate is successfully verified, decrypting the data signature according to the authentication certificate to obtain a data abstract;
verifying the data content to be verified according to the data abstract;
and if the content of the data to be verified is successfully verified, determining that the mirror image data to be verified is legal, and downloading the mirror image data to be verified into the storage device to complete the mirror image verification.
Computer storage media for embodiments of the invention may employ any combination of one or more computer-readable media. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.
Claims (10)
1. A mirror image verification method of an embedded system is characterized by comprising the following steps:
obtaining mirror image data to be verified and fuse configuration; the mirror image data to be verified comprises data content to be verified, a data signature and an authentication certificate, and the fuse configuration comprises an authentication certificate abstract;
verifying the authentication certificate according to the authentication certificate abstract;
if the authentication certificate is successfully verified, decrypting the data signature according to the authentication certificate to obtain a data abstract;
verifying the data content to be verified according to the data abstract;
and if the content of the data to be verified is successfully verified, determining that the mirror image data to be verified is legal, and downloading the mirror image data to be verified to a storage device to complete mirror image verification.
2. The method of claim 1, wherein verifying the authentication certificate according to the authentication certificate digest comprises:
calculating the certificate data in the authentication certificate by adopting a Hash algorithm to obtain a certificate data abstract;
comparing the certificate data digest with the authentication certificate digest;
and if the certificate data abstract is consistent with the authentication certificate abstract, determining that the authentication certificate is successfully verified.
3. The method of claim 1, wherein if the authentication certificate is successfully verified, decrypting the data signature according to the authentication certificate to obtain a data digest comprises:
if the authentication certificate is successfully verified, acquiring a secret key in the authentication certificate;
and decrypting the data signature according to the secret key to obtain a data abstract.
4. The method of claim 1, wherein verifying the data content to be verified according to the data digest comprises:
calculating the content of the data to be verified by adopting a Hash algorithm to obtain a summary of the content of the data to be verified;
comparing the data content abstract to be verified with the data abstract;
and if the to-be-verified data content abstract is consistent with the data abstract, determining that the to-be-verified data content is verified successfully.
5. The method of claim 1, wherein obtaining the mirrored data to be verified and the fuse configuration comprises:
acquiring the mirror image data to be verified from the memory of the embedded system;
if the CPU is provided with a fuse, acquiring the fuse configuration from the CPU;
and if the CPU is not provided with the fuse, acquiring the fuse configuration from the memory of the embedded system.
6. The method according to claim 1, wherein after determining that the mirror data to be verified is legal if the content of the data to be verified is verified successfully, the method further comprises:
and if the CPU is not provided with the fuse, downloading the fuse configuration to a fuse configuration partition of the storage device for the CPU without the fuse to complete the fuse after restarting.
7. The method of claim 1, after obtaining the mirror data to be verified and the fuse configuration, further comprising:
and if the mirror image data to be verified does not comprise the authentication certificate, acquiring the authentication certificate from the verified mirror image data comprising the authentication certificate.
8. An image verification apparatus for an embedded system, comprising:
the data acquisition module is used for acquiring mirror image data to be verified and fuse configuration; the mirror image data to be verified comprises data content to be verified, a data signature and an authentication certificate, and the fuse configuration comprises an authentication certificate abstract;
the certificate verification module is used for verifying the authentication certificate according to the authentication certificate abstract;
the signature decryption module is used for decrypting the data signature according to the authentication certificate to obtain a data abstract if the authentication certificate is successfully verified;
the data verification module is used for verifying the data content to be verified according to the data abstract;
and the data downloading module is used for determining that the mirror image data to be verified is legal if the content of the data to be verified is verified successfully, and downloading the mirror image data to be verified to the storage device so as to finish the mirror image verification.
9. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the image verification method of an embedded system according to any one of claims 1 to 7 when executing the program.
10. A storage medium containing computer-executable instructions for performing the image verification method of an embedded system according to any one of claims 1-7 when executed by a computer processor.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010994617.5A CN112148314B (en) | 2020-09-21 | 2020-09-21 | Mirror image verification method, device and equipment of embedded system and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010994617.5A CN112148314B (en) | 2020-09-21 | 2020-09-21 | Mirror image verification method, device and equipment of embedded system and storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN112148314A true CN112148314A (en) | 2020-12-29 |
CN112148314B CN112148314B (en) | 2024-07-12 |
Family
ID=73893486
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010994617.5A Active CN112148314B (en) | 2020-09-21 | 2020-09-21 | Mirror image verification method, device and equipment of embedded system and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112148314B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114327657A (en) * | 2021-12-28 | 2022-04-12 | 福建新大陆支付技术有限公司 | Large mirror image segmentation downloading signature checking method based on Fastboot and storage medium thereof |
CN114547630A (en) * | 2022-04-25 | 2022-05-27 | 宁波均联智行科技股份有限公司 | Vehicle-mounted multi-operating-system-based verification method and device |
WO2024044978A1 (en) * | 2022-08-30 | 2024-03-07 | 京东方科技集团股份有限公司 | Anti-counterfeiting verification method and system, and hardware apparatus, electronic device and storage medium |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101111029A (en) * | 2007-07-20 | 2008-01-23 | 华为技术有限公司 | Method and device for obtaining operating data |
US8321867B1 (en) * | 2008-01-24 | 2012-11-27 | Network Appliance, Inc. | Request processing for stateless conformance engine |
CN106407814A (en) * | 2016-08-31 | 2017-02-15 | 福建联迪商用设备有限公司 | Burnt chip mirror image signature verification method and terminal and burnt chip mirror image burning method and system |
CN109710480A (en) * | 2019-01-09 | 2019-05-03 | 郑州云海信息技术有限公司 | A kind of memory mirror card adjustment method and its system |
CN110798475A (en) * | 2019-11-05 | 2020-02-14 | 北谷电子有限公司上海分公司 | Security authentication method, device, equipment and storage medium |
-
2020
- 2020-09-21 CN CN202010994617.5A patent/CN112148314B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101111029A (en) * | 2007-07-20 | 2008-01-23 | 华为技术有限公司 | Method and device for obtaining operating data |
US8321867B1 (en) * | 2008-01-24 | 2012-11-27 | Network Appliance, Inc. | Request processing for stateless conformance engine |
CN106407814A (en) * | 2016-08-31 | 2017-02-15 | 福建联迪商用设备有限公司 | Burnt chip mirror image signature verification method and terminal and burnt chip mirror image burning method and system |
CN109710480A (en) * | 2019-01-09 | 2019-05-03 | 郑州云海信息技术有限公司 | A kind of memory mirror card adjustment method and its system |
CN110798475A (en) * | 2019-11-05 | 2020-02-14 | 北谷电子有限公司上海分公司 | Security authentication method, device, equipment and storage medium |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114327657A (en) * | 2021-12-28 | 2022-04-12 | 福建新大陆支付技术有限公司 | Large mirror image segmentation downloading signature checking method based on Fastboot and storage medium thereof |
CN114547630A (en) * | 2022-04-25 | 2022-05-27 | 宁波均联智行科技股份有限公司 | Vehicle-mounted multi-operating-system-based verification method and device |
CN114547630B (en) * | 2022-04-25 | 2022-08-09 | 宁波均联智行科技股份有限公司 | Vehicle-mounted multi-operating-system-based verification method and device |
WO2024044978A1 (en) * | 2022-08-30 | 2024-03-07 | 京东方科技集团股份有限公司 | Anti-counterfeiting verification method and system, and hardware apparatus, electronic device and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN112148314B (en) | 2024-07-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109710315B (en) | BIOS (basic input output System) flash writing method and BIOS mirror image file processing method | |
CN108810894B (en) | Terminal authorization method, device, computer equipment and storage medium | |
CN109313690B (en) | Self-contained encrypted boot policy verification | |
US10878096B2 (en) | BIOS startup method and data processing method | |
TWI667586B (en) | System and method for verifying changes to uefi authenticated variables | |
CN112148314B (en) | Mirror image verification method, device and equipment of embedded system and storage medium | |
US11423149B2 (en) | Method and computer apparatus securely executing extensible firmware application | |
WO2017133559A1 (en) | Secure boot method and device | |
WO2020037613A1 (en) | Security upgrade method, apparatus and device for embedded program, and storage medium | |
JP2016099837A (en) | Information processing apparatus, server device, information processing system, control method and computer program | |
CN108427888A (en) | File signature method, file verification method and corresponding intrument and equipment | |
CN112835628A (en) | Server operating system booting method, device, equipment and medium | |
CN114995894A (en) | Starting control method of operating system, terminal equipment and readable storage medium | |
CN112653559B (en) | Electric control unit starting method and device and storage medium | |
WO2020233044A1 (en) | Plug-in verification method and device, and server and computer-readable storage medium | |
US9064118B1 (en) | Indicating whether a system has booted up from an untrusted image | |
CN114995918A (en) | Starting method and configuration method and device of baseboard management controller and electronic equipment | |
JP5049179B2 (en) | Information processing terminal device and application program activation authentication method | |
CN111177752B (en) | Credible file storage method, device and equipment based on static measurement | |
CN108228219B (en) | Method and device for verifying BIOS validity during in-band refreshing of BIOS | |
CN110990840A (en) | Method and device for starting equipment | |
CN113966510A (en) | Trusted device and computing system | |
CN112487500B (en) | Authentication method | |
CN118611876B (en) | Encryption dog-based algorithm library authorization and encryption method, system and equipment | |
US20240152621A1 (en) | Control method and apparatus for safety boot of chip, electronic device and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |