Unlock instant, AI-driven research and patent intelligence for your innovation.

A kind of heat patch method and heat patch device

A hot patch and patch file technology, applied in the direction of software deployment, platform integrity maintenance, etc., can solve the problems of increasing the security risk of patch files, unable to verify the signature of patch files, and unable to guarantee the security of patch files, etc.

Active Publication Date: 2021-05-18
HUAWEI DEVICE CO LTD
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Malicious code can also bypass the integrity measurement operation of the patch file by attacking the REE-side operating system, so that the REE-side operating system cannot perform signature verification on the patch file, and thus cannot guarantee the security of the patch file, thus increasing the risk of introducing patch files. security risk

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A kind of heat patch method and heat patch device
  • A kind of heat patch method and heat patch device
  • A kind of heat patch method and heat patch device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0051] Embodiment one, such as figure 2 As shown, an embodiment of the hot patch method of the present application includes:

[0052] 201. The security side executes the signature of the environment verification patch file.

[0053] The execution environment on the security side (for example, the trusted execution environment TEE above) uses the private key to check the signature of the patch file to verify whether the issuer of the patch file is credible. If the patch file passes the signature verification, it is determined that the patch file If the issuer of the patch file is a trusted issuer, the execution environment of the security side executes step 202; if the signature verification fails, it is determined that the issuer of the patch file is an untrusted issuer, and the execution environment of the security side stops loading the patch file. In addition, the patch file is used to repair security vulnerabilities of codes in the execution environment of the non-secure ...

Embodiment 2

[0069] Embodiment 2, as shown in Figure 3 (a), another embodiment of the hot patch method of the present application includes:

[0070] 301. The execution environment on the non-secure side sends the patch file to the secure executable environment.

[0071] When the code in the execution environment of the non-secure side has a security vulnerability that needs to be repaired, the execution environment of the non-security side sends the patch file for repairing the above-mentioned security hole to the executable environment of the security side, so that the execution environment of the security side executes loading of the patch file operate. Specifically, the Rich OS sends the patch file from the REE to the TEE.

[0072] 302. The security side executes the signature of the environment verification patch file.

[0073] 303. If the signature verification of the patch file passes, the security side execution environment analyzes the patch file to obtain the old code location a...

Embodiment 3

[0098] Embodiment three, such as Figure 4 Shown, an embodiment of hot patch device among the present application, comprises:

[0099] Integrity measurement unit 401, used to verify the signature of the patch file;

[0100] The parsing unit 402 is configured to parse the patch file to obtain the old code location and the new code if the signature verification of the above patch file is verified;

[0101] The modifying unit 403 is configured to modify the code of the non-secure execution environment according to the position of the old code, so that when the non-secure execution environment executes to the position of the old code, it jumps to execute the new code.

[0102] In one example, such as Figure 5 As shown, the above hot patch device also includes:

[0103] The configuration unit 504 is configured to configure the physical memory of the update code to be non-writable in a non-secure state.

[0104] In one example, such as Figure 5 As shown, the above system also...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A hot patch method and a hot patch device are used to improve the security of patch files, prevent malicious code attacks, and reduce the security risk of introducing patch files. The application method includes: the security side execution environment verifies the signature of the patch file; if the signature of the patch file passes the verification, the security side execution environment analyzes the patch file to obtain the old code location and new code; The secure execution environment modifies the code of the non-secure execution environment according to the old code location, so that the non-secure execution environment jumps to execute the new code when executing to the old code location.

Description

technical field [0001] The present application relates to the field of computer software, in particular to a hot patch method and a hot patch device. Background technique [0002] In the communication system, in order to ensure the continuity of the communication service, the program providing the communication service should be restarted less and not interrupt the service, so as to achieve uninterrupted operation as much as possible. But when there is a bug (error) in the service program, when it needs to be repaired, the traditional method is to replace the original program file with the repaired program file to execute, so that restarting and service interruption will inevitably occur. Using the hot patch technology can effectively avoid the above problems. The hot patch technology is to compile the bug-correcting code into a patch file, and then let the service program load the patch file without interrupting the service, so as to replace the patch file with the code of ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56G06F21/53G06F8/65
Inventor 陈海波王楠李彬尹永宏
Owner HUAWEI DEVICE CO LTD