Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method, device, device and medium for secure booting of embedded devices

An embedded device, secure boot technology, applied in program control devices, program loading/starting, platform integrity maintenance, etc., can solve the problems of unrenewable digital certificates, limited application scope, unstable embedded devices, etc.

Active Publication Date: 2020-04-03
ZHEJIANG DAHUA TECH CO LTD
View PDF8 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] The present invention provides a method, device and equipment for securely starting an embedded device, which are used to solve the limitations in the scope of application of the method for securely starting an embedded device in the prior art, unstable embedded devices, and digital certificates except for returning to the factory. non-renewable problem

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method, device, device and medium for secure booting of embedded devices
  • Method, device, device and medium for secure booting of embedded devices
  • Method, device, device and medium for secure booting of embedded devices

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0065] Figure 4 It is a flow chart of the embedded device security startup proposed by the embodiment of the present invention, and its specific processing procedure is as follows:

[0066] S401: The processor starts to acquire the latest version of the digital certificate.

[0067] The embedded device includes a processor and a FLASH, wherein a storage area of ​​a device startup code (Bootloader) and a storage area of ​​a digital certificate are set in the FLASH, the storage area of ​​the device startup code is stored with a device startup code, and the storage area of ​​the digital certificate is stored with a digital certificate. Certificate.

[0068] In the embodiment of the present invention, after the embedded device is powered on, the processor is started, the processor executes the Bootloader, and enters an update process. The update process includes: obtaining the latest version of the digital certificate. In addition, the update process may also include: acquirin...

Embodiment 2

[0097] On the basis of the foregoing embodiments, in the embodiments of the present invention:

[0098] The acquisition of the latest version of the digital certificate and Bootloader includes:

[0099] Judging whether the first digital certificate and the first Bootloader currently stored in the FLASH are the latest version of the digital certificate and the Bootloader;

[0100] If the first digital certificate and / or the first Bootloader are not digital certificates and Bootloaders of the latest version, then the first digital certificate and / or the first Bootloader stored in the FLASH are updated to the latest version of the digital certificate and / or Bootloader;

[0101] If both are the latest version, the first digital certificate and the first Bootloader currently stored in the FLASH are used as the latest version of the digital certificate and the Bootloader.

[0102] Specifically, when the processor is started, it executes the Bootloader currently stored in the FLASH ...

Embodiment 3

[0116] In order to further ensure the safe startup of the embedded device, on the basis of the above-mentioned embodiments, in the embodiment of the present invention, the first digital certificate and / or the first Bootloader stored in the FLASH are updated to the latest version Before digital certificate and / or Bootloader, described method also comprises:

[0117] Verify whether the latest version of the digital certificate and / or Bootloader is legal, and if so, proceed to the next step.

[0118] If the processor determines that the first digital certificate stored in the FLASH is not the digital certificate of the latest version, when obtaining the digital certificate of the latest version, for example, the second digital certificate in the above embodiment, in order to further ensure secure startup, the processor can The latest version of the digital certificate is verified to verify whether the latest version of the digital certificate is legal, and only when it is legal c...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a secure embedded equipment starting method and device, equipment and a medium, and aims at solving the problem that digital certificates in existing secure embedded equipmentstarting methods cannot be updated unless returning to factories. The secure starting method comprises the following steps of: starting a processor to obtain a digital certificate in a latest version;taking a storage area of the digital certificate and an equipment starting code in FLASH as a FLASH writing protection area, and triggering a self-lock circuit to lock the FLASH writing protection area; validating whether a kernel and an application of an operation system are integrated or not by adoption of the digital certificate in the FLASH writing protection area; and if both the kernel andthe application are integrated, starting embedded equipment. According to the method, the digital certification in the latest version is obtained after the processor is started, so that the problem that the digital certificate cannot be updated unless returning the factories; and the FLASH writing protection area is locked by utilizing the self-lock circuit, so that the aims of upgrading the digital certificate and preventing tamper are achieved and the starting security of the embedded equipment is improved.

Description

technical field [0001] The present invention relates to the technical field of secure boot, in particular to a secure boot method, device, device and medium for embedded devices. Background technique [0002] In the prior art, solutions related to secure booting of embedded devices include: [0003] Option 1: If figure 1 As shown, a processor (System-on-a-chip, SOC) includes a processor core and a security sub-module, and an external FLASH chip stores a device startup code (Bootloader), an operating system kernel, and a root file system. Its secure boot process is: when the processor is powered on, the processor core does not directly execute the Bootloader on the FLASH chip, but runs the security sub-module first; the security sub-module acts as the root of trust and verifies the root file through the digital signature algorithm System and operating system kernel; when the verification is passed, the processor core executes the Bootloader to start the embedded device, oth...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/57G06F21/64G06F9/445
Inventor 邵培杰
Owner ZHEJIANG DAHUA TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com