Nothing Special   »   [go: up one dir, main page]

CN112148314A - Mirror image verification method, device, equipment and storage medium of embedded system - Google Patents

Mirror image verification method, device, equipment and storage medium of embedded system Download PDF

Info

Publication number
CN112148314A
CN112148314A CN202010994617.5A CN202010994617A CN112148314A CN 112148314 A CN112148314 A CN 112148314A CN 202010994617 A CN202010994617 A CN 202010994617A CN 112148314 A CN112148314 A CN 112148314A
Authority
CN
China
Prior art keywords
data
verified
authentication certificate
mirror image
abstract
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010994617.5A
Other languages
Chinese (zh)
Other versions
CN112148314B (en
Inventor
周围
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Longsung Technology Shanghai Co ltd
Original Assignee
Longsung Technology Shanghai Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Longsung Technology Shanghai Co ltd filed Critical Longsung Technology Shanghai Co ltd
Priority to CN202010994617.5A priority Critical patent/CN112148314B/en
Publication of CN112148314A publication Critical patent/CN112148314A/en
Application granted granted Critical
Publication of CN112148314B publication Critical patent/CN112148314B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/61Installation
    • G06F8/63Image based installation; Cloning; Build to order
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the invention discloses a mirror image verification method, a mirror image verification device, mirror image verification equipment and a storage medium of an embedded system. Wherein, the method comprises the following steps: obtaining mirror image data to be verified and fuse configuration; the mirror image data to be verified comprises data content to be verified, a data signature and an authentication certificate, and the fuse configuration comprises an authentication certificate abstract; verifying the authentication certificate according to the authentication certificate abstract; if the authentication certificate is successfully verified, decrypting the data signature according to the authentication certificate to obtain a data abstract; verifying the data content to be verified according to the data abstract; and if the content of the data to be verified is successfully verified, determining that the mirror image data to be verified is legal, and downloading the mirror image data to be verified to a storage device to complete mirror image verification. The downloaded mirror image data is verified, error burning is avoided, and the safe starting efficiency is improved.

Description

Mirror image verification method, device, equipment and storage medium of embedded system
Technical Field
The embodiment of the invention relates to computer technology, in particular to a mirror image verification method, a mirror image verification device, mirror image verification equipment and a storage medium of an embedded system.
Background
The mirror image verification of the embedded system means that when the mirror image data of the application program is downloaded to the embedded system, the correctness of the mirror image data is ensured. If the mirror image data is wrong, the situation of wrong burning occurs, and the safe starting of the system cannot be completed.
In the prior art, mirror image data to be downloaded is downloaded to a storage device for safe starting, and if the starting can be completed, the mirror image data is correct; if the startup cannot be completed, the problem of the mirror image data is shown, and the mirror image data needs to be downloaded again. The downloading process is complicated, the efficiency of safe starting of the system is influenced, whether the mirror image data is accurate or not can not be determined in advance during downloading, the stability of safe starting is low, and the time for safe starting of the system is wasted.
Disclosure of Invention
The embodiment of the invention provides a mirror image verification method, a device, equipment and a storage medium of an embedded system, which are used for improving the stability of mirror image verification when the system is safely started.
In a first aspect, an embodiment of the present invention provides a method for verifying a mirror image of an embedded system, where the method includes:
obtaining mirror image data to be verified and fuse configuration; the mirror image data to be verified comprises data content to be verified, a data signature and an authentication certificate, and the fuse configuration comprises an authentication certificate abstract;
verifying the authentication certificate according to the authentication certificate abstract;
if the authentication certificate is successfully verified, decrypting the data signature according to the authentication certificate to obtain a data abstract;
verifying the data content to be verified according to the data abstract;
and if the content of the data to be verified is successfully verified, determining that the mirror image data to be verified is legal, and downloading the mirror image data to be verified to a storage device to complete mirror image verification.
In a second aspect, an embodiment of the present invention further provides an image verification apparatus for an embedded system, where the apparatus includes:
the data acquisition module is used for acquiring mirror image data to be verified and fuse configuration; the mirror image data to be verified comprises data content to be verified, a data signature and an authentication certificate, and the fuse configuration comprises an authentication certificate abstract;
the certificate verification module is used for verifying the authentication certificate according to the authentication certificate abstract;
the signature decryption module is used for decrypting the data signature according to the authentication certificate to obtain a data abstract if the authentication certificate is successfully verified;
the data verification module is used for verifying the data content to be verified according to the data abstract;
and the data downloading module is used for determining that the mirror image data to be verified is legal if the content of the data to be verified is verified successfully, and downloading the mirror image data to be verified to the storage device so as to finish the mirror image verification.
In a third aspect, an embodiment of the present invention further provides a computer device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor executes the computer program to implement the image verification method for an embedded system according to any embodiment of the present invention.
In a fourth aspect, embodiments of the present invention further provide a storage medium containing computer-executable instructions, which when executed by a computer processor, are configured to perform the image verification method of an embedded system according to any embodiment of the present invention.
The embodiment of the invention determines whether the authentication certificate is legal or not by acquiring the authentication certificate in the mirror image data to be verified and the authentication certificate abstract in the fuse configuration. If the authentication certificate is legal, the data signature is decrypted according to the secret key in the authentication certificate, the data content to be verified is determined to be correct according to the decrypted data signature, and the safe starting of the system is completed. The problem that whether data errors exist can only be confirmed after the mirror image data to be verified is downloaded in the prior art is solved, error burning is prevented, multiple downloading is avoided, the time for safely starting the system is saved, and the efficiency for safely starting the system is improved. And the system can also prevent third party attack and the system can not be started due to downloading of wrong images, thereby improving the stability of image verification when the system is safely started.
Drawings
Fig. 1 is a schematic flowchart of a mirror image verification method for an embedded system according to a first embodiment of the present invention;
fig. 2 is a schematic flowchart of a mirror image verification method for an embedded system according to a second embodiment of the present invention;
fig. 3 is a block diagram of a mirror image verification apparatus of an embedded system according to a third embodiment of the present invention;
fig. 4 is a schematic structural diagram of a computer device in the fourth embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
Example one
Fig. 1 is a schematic flowchart of a method for verifying an image of an embedded system according to an embodiment of the present invention, where the embodiment is applicable to a case of securely booting a system, and the method can be executed by an image verifying apparatus of an embedded system. As shown in fig. 1, the method specifically includes the following steps:
step 110, obtaining mirror image data to be verified and fuse configuration; the mirror image data to be verified comprises data content to be verified, a data signature and an authentication certificate, and the fuse configuration comprises an authentication certificate abstract.
When the embedded system enters a bootloader (boot program) downloading mode, the mirror image data to be verified is downloaded from the upper computer to the mirror image data to be verified in the system memory, and therefore the mirror image data to be verified can be obtained from the system memory. After the image data to be verified is legal, the image data can be downloaded to a storage device of the system. The mirror image data to be verified can comprise data content to be verified, a data signature and an authentication certificate. The data content to be verified is the specific content to be downloaded and also the protected content. The data signature is a signature obtained by calculating the content of the data to be verified by adopting a hash algorithm to obtain a hash value and then encrypting the hash value by utilizing a preset key. For example, the Hash Algorithm may be MD5(Message Digest Algorithm, fifth edition), SHA1(Secure Hash Algorithm), SHA256(Secure Hash Algorithm), or the like, and the key may be a private key in asymmetric encryption. The authentication certificate is used for authenticating the data signature, the correctness of the data signature can be determined, and the authentication certificate can comprise a decryption key corresponding to the encryption key and manufacturer information of the mirror image data to be verified. The fuse configuration can be obtained from the memory of the system or from a Central Processing Unit (CPU) that has been fused, and is information determined by the manufacturer. The Fuse is an electronic Fuse, which may be an electronic-Fuse (eFuse), and is a kind of one-time programmable memory. The fuse configuration may include configuration parameter information for secure boot and information such as an authentication certificate digest, where the authentication certificate digest may be a digest obtained by a manufacturer calculating data in an authentication certificate by using a hash algorithm before shipping mirror image data to be verified.
In this embodiment, optionally, the obtaining of the mirror image data to be verified and the fuse configuration includes: acquiring mirror image data to be verified from an embedded system memory; if the CPU is provided with a fuse, acquiring the fuse configuration from the CPU; and if the CPU is not provided with the fuse, acquiring the fuse configuration from the memory of the embedded system.
Specifically, the mirror image data to be verified is obtained from the memory of the embedded system and is transmitted to the storage device. The fuse configuration can be obtained from the memory of the embedded system or from the CPU. The fuse in the CPU may be in a fused state or in an unfused state. In the fused state, the fuse configuration is stored in the CPU, and in the unfused state, the fuse configuration is stored in the embedded system memory. In the case of no fuse, the fuse configuration in the CPU does not include the authentication certificate digest, and therefore, the fuse configuration cannot be acquired from the CPU. And the system can not enter the safe starting process under the condition of not fusing, but can verify the mirror image data, and can be safely started only under the condition of fusing. When the CPU needs to be subjected to fuse, namely when the CPU is not in a fuse state, the bootloader is in a downloading mode, and at the moment, the fuse configuration is downloaded into the memory of the embedded system through the upper computer, so that the fuse configuration can be obtained from the memory of the embedded system. The method has the advantages that the fuse configuration can be obtained under the state of no fuse or the state of a fuse, so that the mirror image data to be verified is verified, the mirror image verification of the embedded system is realized, the error burning is avoided, and the guarantee is provided for safe starting.
And 120, verifying the authentication certificate according to the authentication certificate abstract.
Wherein after obtaining the fuse configuration, obtaining an authentication certificate digest in the fuse configuration. And obtaining the authentication certificate in the mirror image data to be verified after obtaining the mirror image data to be verified. Verifying the content in the authentication certificate according to the authentication certificate abstract, wherein if the verification is successful, the authentication certificate is legal, and the content of the data to be verified can be verified according to the authentication certificate; if the verification fails, the situation that the data in the authentication certificate has errors or is tampered is indicated, the mirror image data to be verified is illegal, burning is refused, an error is returned to the upper computer or the terminal, and the mirror image data to be verified is stopped from being downloaded into the storage device.
In this embodiment, optionally, verifying the authentication certificate according to the authentication certificate digest includes: calculating certificate data in the authentication certificate by adopting a Hash algorithm to obtain a certificate data abstract; comparing the certificate data abstract with the certificate abstract; and if the certificate data abstract is consistent with the authentication certificate abstract, determining that the authentication certificate is successfully verified.
Specifically, a hash algorithm is adopted to calculate certificate data in the authentication certificate, the certificate data can be data such as manufacturer information, and the calculated hash value is a certificate data abstract. And comparing the certificate data digest with the authentication certificate digest, namely comparing the hash values of the certificate data digest and the authentication certificate digest. If the hash values of the two are consistent, the certificate data in the authentication certificate is legal, the authentication certificate is successfully verified, and the process of safe starting can be continued; if the two are not consistent, the authentication certificate fails to be verified, and an error is returned to the upper computer or the terminal. The method has the advantages that the authentication certificate is verified through the authentication certificate abstract in the fuse configuration, the mirror image data to be verified is prevented from being downloaded under the condition that the authentication certificate has errors, whether the data in the authentication certificate changes or not can be effectively checked, the situation that the downloading fails due to the fact that a secret key in the authentication certificate is tampered is avoided, the repeated trying times of safe starting are reduced, the error burning is prevented, the safety of data is improved, and the efficiency of safe starting of the embedded system is improved.
And step 130, if the authentication certificate is successfully verified, decrypting the data signature according to the authentication certificate to obtain the data abstract.
If the authentication certificate is successfully verified, the data signature is decrypted into the data abstract by using the authentication certificate, and the decryption is performed according to the encryption mode of the data signature. The data digest is a hash value obtained by calculating the content of the data to be verified by adopting a hash algorithm.
In this embodiment, optionally, if the authentication certificate is successfully verified, decrypting the data signature according to the authentication certificate to obtain the data digest includes: if the authentication certificate is successfully verified, acquiring a secret key in the authentication certificate; and decrypting the data signature according to the key to obtain the data abstract.
Specifically, the decrypted key is obtained from the authentication certificate, the data signature is decrypted according to the decrypted key, and the content obtained after decryption is the data digest. For example, if the encryption is performed by using the private key in the asymmetric encryption, the decryption is performed based on the public key. The data digest is determined by calculation in advance according to the content of the data to be verified before the secure boot, for example, the data digest may be obtained by performing hash calculation on the data to be verified. The method has the advantages that after the authentication certificate is successfully verified, the data signature is decrypted according to the authentication certificate, correctness of the encryption key and the decryption key can be guaranteed, if the key in the authentication certificate cannot decrypt the data signature, the decryption key is wrong, safe starting of the embedded system is stopped in time, the error is returned to the upper computer or the terminal, the situation that the error exists after the mirror image data to be verified is downloaded to the storage device is avoided, and the safe starting efficiency of the embedded system is improved.
And step 140, verifying the data content to be verified according to the data abstract.
The data abstract is used for verifying the correctness of the data content to be verified, and the content represented by the data abstract can be compared with the data content to be verified to determine whether the data content to be verified is tampered by people. The content of the data to be verified can be converted into a data abstract format, the data abstract is compared with the converted content of the data to be verified, whether the content of the data to be verified is tampered or not can be verified, third-party attack is prevented, the system cannot be started due to downloading of wrong images, and image verification of the system in safe starting is achieved.
In this embodiment, optionally, verifying the content of the data to be verified according to the data digest includes: calculating the content of the data to be verified by adopting a Hash algorithm to obtain a summary of the content of the data to be verified; comparing the data content abstract to be verified with the data abstract; and if the data content abstract to be verified is consistent with the data abstract, determining that the data content to be verified is verified successfully.
Specifically, when the content of the data to be verified is verified according to the data digest, hash calculation may be performed on the content of the data to be verified to obtain the digest of the content of the data to be verified. The data abstract is a value obtained by performing hash calculation on the data content to be verified in advance, so that the data content abstract to be verified can be compared with the data abstract. If the summary of the data content to be verified is consistent with the data summary, the data content to be verified is not modified, the data content to be verified is successfully verified, and safe starting can be continued; if the summary of the data content to be verified is inconsistent with the summary of the data, the data content to be verified is abnormal, the data content to be verified fails to be verified, and an error is returned to the upper computer or the terminal. If the secure start of the embedded system is continued under the condition that the content verification of the data to be verified fails, the start failure occurs, and the downloading of the mirror image data to be verified needs to be carried out again. The method has the advantages that the correctness of the data content to be verified can be ensured by verifying the data content to be verified, the phenomenon that the data content to be verified is abnormal after the mirror image data to be verified is downloaded is avoided, error burning is prevented, the number of times of safe starting is reduced, and the safe starting efficiency of the embedded system is improved.
And 150, if the content of the data to be verified is successfully verified, determining that the mirror image data to be verified is legal, and downloading the mirror image data to be verified into the storage device to complete safe starting.
If the content of the data to be verified is successfully verified, it is indicated that the content of the data to be verified as protected content is not modified, the image data to be verified is legal, and the image data to be verified can be downloaded to the storage device partition to complete safe starting.
According to the technical scheme of the embodiment, whether the authentication certificate is legal or not is determined by obtaining the authentication certificate in the mirror image data to be verified and the authentication certificate abstract in the fuse configuration. If the certificate is legal, the data signature is decrypted according to the secret key in the certificate, and the data to be verified is determined to be correct according to the decrypted data signature, so that the safe starting of the system is completed. The problem of among the prior art, can only confirm whether have the data error when system start after waiting to verify the mirror image data download, prevent wrong burning, avoid downloading many times, prevent third party's attack, download wrong mirror image and lead to the system can not start is solved, the time of saving system safety start, the efficiency of improvement system safety start.
Example two
Fig. 2 is a flowchart illustrating a mirror image verification method for an embedded system according to a second embodiment of the present invention, where the present embodiment is further optimized based on the above-mentioned embodiments, and the method can be executed by a mirror image verification apparatus for an embedded system. As shown in fig. 2, the method specifically includes the following steps:
step 210, obtaining mirror image data to be verified and fuse configuration; the mirror image data to be verified comprises data content to be verified and a data signature, and the fuse configuration comprises an authentication certificate abstract.
The mirror image data to be verified can include the data content to be verified and the data signature, but does not include the authentication certificate.
Step 220, if the mirror image data to be verified does not include the authentication certificate, obtaining the authentication certificate from the verified mirror image data including the authentication certificate.
If the validity of the mirror image data to be verified without the certificate is verified, the certificate can be acquired from other successfully verified storage device partitions containing the mirror image data of the certificate, whether the certificate is authentic or not is verified through the certificate abstract in the fuse configuration, and then the data signature in the mirror image data to be verified without the certificate is verified through the acquired certificate. The authentication certificate is required to be kept consistent in the to-be-verified mirror image data participating in the safe starting, and at least one to-be-verified mirror image data in the multi-stage to-be-verified mirror image data participating in the safe starting contains the authentication certificate, so that the authentication certificate can be obtained to verify other to-be-verified mirror image data without the authentication certificate.
And step 230, verifying the authentication certificate according to the authentication certificate abstract.
And step 240, if the authentication certificate is successfully verified, decrypting the data signature according to the authentication certificate to obtain the data abstract.
And step 250, verifying the data content to be verified according to the data abstract.
And step 260, if the content of the data to be verified is successfully verified, determining that the mirror image data to be verified is legal, and downloading the mirror image data to be verified to the storage device to complete the mirror image verification.
If the CPU is in a fuse, downloading the mirror image data to be verified to the storage device after determining that the mirror image data to be verified is legal, and finishing the safe starting. If the CPU is not fused, the non-fused state can be converted into the fused state, and the fuse configuration information cannot be changed after the fuse.
In this embodiment, optionally, after determining that the mirror image data to be verified is legal if the content of the data to be verified is verified successfully, the method further includes: and if the CPU is not provided with the fuse, downloading the fuse configuration to a fuse configuration partition of the storage device for the CPU without the fuse to complete the fuse after restarting.
Specifically, if the verification of the data content to be verified is completed in the state without the fuse, the fuse process is entered after the verification is successful. The fuse process is to download the fuse configuration to the fuse configuration partition of the storage device, the un-fused CPU performs the fuse according to the configuration information of the fuse configuration partition after the embedded system is restarted, the fuse bit in the CPU is configured according to the configuration information, and the CPU is changed from the un-fused fuse to the fused fuse. When the CPU is fused, the fuse configuration partition in the storage device may be considered to have failed, and no further information need to be read from the fuse configuration partition, at which point the fuse configuration may be read directly from the CPU. The method has the advantages that the data content to be verified is verified in the state of the non-fuse wire or the state of the fuse wire, the state of the non-fuse wire is timely switched to the state of the fuse wire, error burning is prevented, the follow-up data content to be verified is conveniently verified, and the efficiency of safe starting is improved.
The embodiment of the invention determines whether the authentication certificate is legal or not by acquiring the authentication certificate in the verified mirror image data and the authentication certificate abstract in the fuse configuration. If the authentication certificate is legal, decrypting the data signature of the mirror image data to be verified according to the secret key in the authentication certificate, determining that the data to be verified is correct according to the decrypted data signature, and finishing the safe starting of the system. The problem that whether data errors exist can be confirmed only after the mirror image data to be verified is downloaded and the system is started in the prior art is solved, error burning is prevented, multiple downloading is avoided, the time for safely starting the system is saved, third party attack is prevented, the system cannot be started due to the fact that the mirror image is downloaded in error, safe starting is achieved under the condition that the mirror image data to be verified does not contain an authentication certificate, and the efficiency of safe starting of the system is improved.
EXAMPLE III
Fig. 3 is a block diagram of a mirror image verification apparatus of an embedded system according to a third embodiment of the present invention, which is capable of executing a mirror image verification method of an embedded system according to any embodiment of the present invention, and has functional modules and beneficial effects corresponding to the execution method. As shown in fig. 3, the apparatus specifically includes:
the data acquisition module 301 is configured to acquire mirror image data to be verified and fuse configuration; the mirror image data to be verified comprises data content to be verified, a data signature and an authentication certificate, and the fuse configuration comprises an authentication certificate abstract;
a certificate verification module 302, configured to verify the authentication certificate according to the authentication certificate digest;
the signature decryption module 303 is configured to decrypt the data signature according to the authentication certificate to obtain a data digest if the authentication certificate is successfully verified;
the data verification module 304 is configured to verify the content of the data to be verified according to the data digest;
and the data downloading module 305 is configured to determine that the image data to be verified is legal if the content of the data to be verified is successfully verified, and download the image data to be verified to the storage device to complete image verification.
Optionally, the certificate verification module 302 includes:
a certificate data abstract obtaining unit, configured to calculate certificate data in the authentication certificate by using a hash algorithm to obtain a certificate data abstract;
the certificate abstract comparison unit is used for comparing the certificate data abstract with the certificate authentication abstract;
and the certificate abstract verifying unit is used for determining that the certificate verification is successful if the certificate data abstract is consistent with the certificate abstract.
Optionally, the signature decryption module 303 includes:
the key obtaining unit is used for obtaining a key in the certificate if the certificate is successfully verified;
and the data abstract obtaining unit is used for decrypting the data signature according to the key to obtain the data abstract.
Optionally, the data verification module 304 includes:
the data content abstract obtaining unit is used for calculating the data content to be verified by adopting a Hash algorithm to obtain the abstract of the data content to be verified;
the data abstract comparison unit is used for comparing the abstract of the data content to be verified with the data abstract;
and the data abstract verifying unit is used for determining that the content of the data to be verified is successfully verified if the content abstract of the data to be verified is consistent with the data abstract.
Optionally, the data obtaining module 301 is specifically configured to:
acquiring mirror image data to be verified from an embedded system memory;
if the CPU is provided with a fuse, acquiring the fuse configuration from the CPU;
and if the CPU is not provided with the fuse, acquiring the fuse configuration from the memory of the embedded system.
Optionally, the apparatus further comprises:
and the CPU fuse module is used for downloading the fuse configuration to the fuse configuration partition of the storage device if the CPU is not fused after the mirror image data to be verified is determined to be legal if the content of the data to be verified is verified successfully, so that the un-fused CPU completes the fuse after being restarted.
Optionally, the apparatus further comprises:
and the authentication certificate acquisition module is used for acquiring the authentication certificate from the verified mirror image data including the authentication certificate if the mirror image data to be verified does not include the authentication certificate after acquiring the mirror image data to be verified and the fuse configuration.
The embodiment of the invention determines whether the authentication certificate is legal or not by acquiring the authentication certificate in the mirror image data to be verified and the authentication certificate abstract in the fuse configuration. If the certificate is legal, the data signature is decrypted according to the secret key in the certificate, and the data to be verified is determined to be correct according to the decrypted data signature, so that the safe starting of the system is completed. The problem that whether data errors exist can be confirmed only after the mirror image data to be verified is downloaded and the system is started in the prior art is solved, error burning is prevented, multiple downloading is avoided, time for safely starting the system is saved, and efficiency for safely starting the system is improved.
Example four
Fig. 4 is a schematic structural diagram of a computer device according to a fourth embodiment of the present invention. FIG. 4 illustrates a block diagram of an exemplary computer device 400 suitable for use in implementing embodiments of the present invention. The computer device 400 shown in fig. 4 is only an example and should not bring any limitations to the functionality or scope of use of the embodiments of the present invention.
As shown in fig. 4, computer device 400 is in the form of a general purpose computing device. The components of computer device 400 may include, but are not limited to: one or more processors or processing units 401, a system memory 402, and a bus 403 that couples the various system components (including the system memory 402 and the processing unit 401).
Bus 403 represents one or more of any of several types of bus structures, including a memory bus or memory controller, a peripheral bus, an accelerated graphics port, and a processor or local bus using any of a variety of bus architectures. By way of example, such architectures include, but are not limited to, Industry Standard Architecture (ISA) bus, micro-channel architecture (MAC) bus, enhanced ISA bus, Video Electronics Standards Association (VESA) local bus, and Peripheral Component Interconnect (PCI) bus.
Computer device 400 typically includes a variety of computer system readable media. Such media can be any available media that is accessible by computer device 400 and includes both volatile and nonvolatile media, removable and non-removable media.
The system memory 402 may include computer system readable media in the form of volatile memory, such as Random Access Memory (RAM)404 and/or cache memory 405. The computer device 400 may further include other removable/non-removable, volatile/nonvolatile computer system storage media. By way of example only, storage system 406 may be used to read from and write to non-removable, nonvolatile magnetic media (not shown in FIG. 4, and commonly referred to as a "hard drive"). Although not shown in FIG. 4, a magnetic disk drive for reading from and writing to a removable, nonvolatile magnetic disk (e.g., a "floppy disk") and an optical disk drive for reading from or writing to a removable, nonvolatile optical disk (e.g., a CD-ROM, DVD-ROM, or other optical media) may be provided. In these cases, each drive may be connected to the bus 403 by one or more data media interfaces. Memory 402 may include at least one program product having a set (e.g., at least one) of program modules that are configured to carry out the functions of embodiments of the invention.
A program/utility 408 having a set (at least one) of program modules 407 may be stored, for example, in memory 402, such program modules 407 including, but not limited to, an operating system, one or more application programs, other program modules, and program data, each of which examples or some combination thereof may comprise an implementation of a network environment. Program modules 407 generally perform the functions and/or methods of the described embodiments of the invention.
The computer device 400 may also communicate with one or more external devices 409 (e.g., keyboard, pointing device, display 410, etc.), with one or more devices that enable a user to interact with the computer device 400, and/or with any devices (e.g., network card, modem, etc.) that enable the computer device 400 to communicate with one or more other computing devices. Such communication may be through input/output (I/O) interface 411. Moreover, computer device 400 may also communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network such as the Internet) via network adapter 412. As shown in FIG. 4, network adapter 412 communicates with the other modules of computer device 400 via bus 403. It should be appreciated that although not shown in FIG. 4, other hardware and/or software modules may be used in conjunction with computer device 400, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
The processing unit 401 executes various functional applications and data processing by running the program stored in the system memory 402, for example, implementing an image verification method for an embedded system provided by the embodiment of the present invention, including:
obtaining mirror image data to be verified and fuse configuration; the mirror image data to be verified comprises data content to be verified, a data signature and an authentication certificate, and the fuse configuration comprises an authentication certificate abstract;
verifying the authentication certificate according to the authentication certificate abstract;
if the authentication certificate is successfully verified, decrypting the data signature according to the authentication certificate to obtain a data abstract;
verifying the data content to be verified according to the data abstract;
and if the content of the data to be verified is successfully verified, determining that the mirror image data to be verified is legal, and downloading the mirror image data to be verified into the storage device to complete the mirror image verification.
EXAMPLE five
The fifth embodiment of the present invention further provides a storage medium containing computer-executable instructions, where a computer program is stored on the storage medium, and when the computer program is executed by a processor, the method for verifying the mirror image of the embedded system according to the fifth embodiment of the present invention is implemented, where the method includes:
obtaining mirror image data to be verified and fuse configuration; the mirror image data to be verified comprises data content to be verified, a data signature and an authentication certificate, and the fuse configuration comprises an authentication certificate abstract;
verifying the authentication certificate according to the authentication certificate abstract;
if the authentication certificate is successfully verified, decrypting the data signature according to the authentication certificate to obtain a data abstract;
verifying the data content to be verified according to the data abstract;
and if the content of the data to be verified is successfully verified, determining that the mirror image data to be verified is legal, and downloading the mirror image data to be verified into the storage device to complete the mirror image verification.
Computer storage media for embodiments of the invention may employ any combination of one or more computer-readable media. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.

Claims (10)

1. A mirror image verification method of an embedded system is characterized by comprising the following steps:
obtaining mirror image data to be verified and fuse configuration; the mirror image data to be verified comprises data content to be verified, a data signature and an authentication certificate, and the fuse configuration comprises an authentication certificate abstract;
verifying the authentication certificate according to the authentication certificate abstract;
if the authentication certificate is successfully verified, decrypting the data signature according to the authentication certificate to obtain a data abstract;
verifying the data content to be verified according to the data abstract;
and if the content of the data to be verified is successfully verified, determining that the mirror image data to be verified is legal, and downloading the mirror image data to be verified to a storage device to complete mirror image verification.
2. The method of claim 1, wherein verifying the authentication certificate according to the authentication certificate digest comprises:
calculating the certificate data in the authentication certificate by adopting a Hash algorithm to obtain a certificate data abstract;
comparing the certificate data digest with the authentication certificate digest;
and if the certificate data abstract is consistent with the authentication certificate abstract, determining that the authentication certificate is successfully verified.
3. The method of claim 1, wherein if the authentication certificate is successfully verified, decrypting the data signature according to the authentication certificate to obtain a data digest comprises:
if the authentication certificate is successfully verified, acquiring a secret key in the authentication certificate;
and decrypting the data signature according to the secret key to obtain a data abstract.
4. The method of claim 1, wherein verifying the data content to be verified according to the data digest comprises:
calculating the content of the data to be verified by adopting a Hash algorithm to obtain a summary of the content of the data to be verified;
comparing the data content abstract to be verified with the data abstract;
and if the to-be-verified data content abstract is consistent with the data abstract, determining that the to-be-verified data content is verified successfully.
5. The method of claim 1, wherein obtaining the mirrored data to be verified and the fuse configuration comprises:
acquiring the mirror image data to be verified from the memory of the embedded system;
if the CPU is provided with a fuse, acquiring the fuse configuration from the CPU;
and if the CPU is not provided with the fuse, acquiring the fuse configuration from the memory of the embedded system.
6. The method according to claim 1, wherein after determining that the mirror data to be verified is legal if the content of the data to be verified is verified successfully, the method further comprises:
and if the CPU is not provided with the fuse, downloading the fuse configuration to a fuse configuration partition of the storage device for the CPU without the fuse to complete the fuse after restarting.
7. The method of claim 1, after obtaining the mirror data to be verified and the fuse configuration, further comprising:
and if the mirror image data to be verified does not comprise the authentication certificate, acquiring the authentication certificate from the verified mirror image data comprising the authentication certificate.
8. An image verification apparatus for an embedded system, comprising:
the data acquisition module is used for acquiring mirror image data to be verified and fuse configuration; the mirror image data to be verified comprises data content to be verified, a data signature and an authentication certificate, and the fuse configuration comprises an authentication certificate abstract;
the certificate verification module is used for verifying the authentication certificate according to the authentication certificate abstract;
the signature decryption module is used for decrypting the data signature according to the authentication certificate to obtain a data abstract if the authentication certificate is successfully verified;
the data verification module is used for verifying the data content to be verified according to the data abstract;
and the data downloading module is used for determining that the mirror image data to be verified is legal if the content of the data to be verified is verified successfully, and downloading the mirror image data to be verified to the storage device so as to finish the mirror image verification.
9. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the image verification method of an embedded system according to any one of claims 1 to 7 when executing the program.
10. A storage medium containing computer-executable instructions for performing the image verification method of an embedded system according to any one of claims 1-7 when executed by a computer processor.
CN202010994617.5A 2020-09-21 2020-09-21 Mirror image verification method, device and equipment of embedded system and storage medium Active CN112148314B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010994617.5A CN112148314B (en) 2020-09-21 2020-09-21 Mirror image verification method, device and equipment of embedded system and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010994617.5A CN112148314B (en) 2020-09-21 2020-09-21 Mirror image verification method, device and equipment of embedded system and storage medium

Publications (2)

Publication Number Publication Date
CN112148314A true CN112148314A (en) 2020-12-29
CN112148314B CN112148314B (en) 2024-07-12

Family

ID=73893486

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010994617.5A Active CN112148314B (en) 2020-09-21 2020-09-21 Mirror image verification method, device and equipment of embedded system and storage medium

Country Status (1)

Country Link
CN (1) CN112148314B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114327657A (en) * 2021-12-28 2022-04-12 福建新大陆支付技术有限公司 Large mirror image segmentation downloading signature checking method based on Fastboot and storage medium thereof
CN114547630A (en) * 2022-04-25 2022-05-27 宁波均联智行科技股份有限公司 Vehicle-mounted multi-operating-system-based verification method and device
WO2024044978A1 (en) * 2022-08-30 2024-03-07 京东方科技集团股份有限公司 Anti-counterfeiting verification method and system, and hardware apparatus, electronic device and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101111029A (en) * 2007-07-20 2008-01-23 华为技术有限公司 Method and device for obtaining operating data
US8321867B1 (en) * 2008-01-24 2012-11-27 Network Appliance, Inc. Request processing for stateless conformance engine
CN106407814A (en) * 2016-08-31 2017-02-15 福建联迪商用设备有限公司 Burnt chip mirror image signature verification method and terminal and burnt chip mirror image burning method and system
CN109710480A (en) * 2019-01-09 2019-05-03 郑州云海信息技术有限公司 A kind of memory mirror card adjustment method and its system
CN110798475A (en) * 2019-11-05 2020-02-14 北谷电子有限公司上海分公司 Security authentication method, device, equipment and storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101111029A (en) * 2007-07-20 2008-01-23 华为技术有限公司 Method and device for obtaining operating data
US8321867B1 (en) * 2008-01-24 2012-11-27 Network Appliance, Inc. Request processing for stateless conformance engine
CN106407814A (en) * 2016-08-31 2017-02-15 福建联迪商用设备有限公司 Burnt chip mirror image signature verification method and terminal and burnt chip mirror image burning method and system
CN109710480A (en) * 2019-01-09 2019-05-03 郑州云海信息技术有限公司 A kind of memory mirror card adjustment method and its system
CN110798475A (en) * 2019-11-05 2020-02-14 北谷电子有限公司上海分公司 Security authentication method, device, equipment and storage medium

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114327657A (en) * 2021-12-28 2022-04-12 福建新大陆支付技术有限公司 Large mirror image segmentation downloading signature checking method based on Fastboot and storage medium thereof
CN114547630A (en) * 2022-04-25 2022-05-27 宁波均联智行科技股份有限公司 Vehicle-mounted multi-operating-system-based verification method and device
CN114547630B (en) * 2022-04-25 2022-08-09 宁波均联智行科技股份有限公司 Vehicle-mounted multi-operating-system-based verification method and device
WO2024044978A1 (en) * 2022-08-30 2024-03-07 京东方科技集团股份有限公司 Anti-counterfeiting verification method and system, and hardware apparatus, electronic device and storage medium

Also Published As

Publication number Publication date
CN112148314B (en) 2024-07-12

Similar Documents

Publication Publication Date Title
CN109710315B (en) BIOS (basic input output System) flash writing method and BIOS mirror image file processing method
CN108810894B (en) Terminal authorization method, device, computer equipment and storage medium
CN109313690B (en) Self-contained encrypted boot policy verification
US10878096B2 (en) BIOS startup method and data processing method
TWI667586B (en) System and method for verifying changes to uefi authenticated variables
CN112148314B (en) Mirror image verification method, device and equipment of embedded system and storage medium
US11423149B2 (en) Method and computer apparatus securely executing extensible firmware application
WO2017133559A1 (en) Secure boot method and device
WO2020037613A1 (en) Security upgrade method, apparatus and device for embedded program, and storage medium
JP2016099837A (en) Information processing apparatus, server device, information processing system, control method and computer program
CN108427888A (en) File signature method, file verification method and corresponding intrument and equipment
CN112835628A (en) Server operating system booting method, device, equipment and medium
CN114995894A (en) Starting control method of operating system, terminal equipment and readable storage medium
CN112653559B (en) Electric control unit starting method and device and storage medium
WO2020233044A1 (en) Plug-in verification method and device, and server and computer-readable storage medium
US9064118B1 (en) Indicating whether a system has booted up from an untrusted image
CN114995918A (en) Starting method and configuration method and device of baseboard management controller and electronic equipment
JP5049179B2 (en) Information processing terminal device and application program activation authentication method
CN111177752B (en) Credible file storage method, device and equipment based on static measurement
CN108228219B (en) Method and device for verifying BIOS validity during in-band refreshing of BIOS
CN110990840A (en) Method and device for starting equipment
CN113966510A (en) Trusted device and computing system
CN112487500B (en) Authentication method
CN118611876B (en) Encryption dog-based algorithm library authorization and encryption method, system and equipment
US20240152621A1 (en) Control method and apparatus for safety boot of chip, electronic device and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant