A secure and trusted boot method and system for generating random keys based on TPCM
By using the TPCM module to measure the boot process step by step and using asymmetric and symmetric keys to harden the bootloader and kernel image, the problem of embedded systems being tampered with before boot is solved, ensuring the security, trustworthiness and reliability of the system.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- NARI INFORMATION & COMM TECH
- Filing Date
- 2023-05-31
- Publication Date
- 2026-06-30
AI Technical Summary
In existing technologies, embedded systems cannot guarantee security if they are tampered with or damaged before startup. Traditional trusted computing technologies suffer from passivity and insufficient verification.
The TPCM module is used as the hardware root of trust. The boot program is measured step by step, and the boot program and kernel image are hardened with asymmetric and symmetric keys. A trust chain is used to establish a trusted environment for the entire chain, ensuring that the boot files are not tampered with.
This ensures security and trustworthiness before system startup, guarantees that system files are not tampered with or destroyed, and improves the security and reliability of embedded systems.
Smart Images

Figure CN116707885B_ABST
Abstract
Description
Technical Field
[0001] This invention relates to a secure and trusted boot method and system based on TPCM for generating random keys, belonging to the field of network security technology. Background Technology
[0002] Currently, there are various technologies used to ensure system security, such as security firewalls, system access control, and intrusion detection technologies. These technologies all share a common characteristic: they can only improve the security of the system's application layer. The prerequisite for a system to operate securely and stably is that the system itself is secure. If it is tampered with or damaged before system startup, then any security policies and mechanisms built upon that system cannot guarantee its trustworthiness. Many traditional security devices' embedded systems rarely consider the security of the system itself, posing significant security vulnerabilities. Intruders can interfere with the normal operation of the system by tampering with it, implanting viruses, and other means, potentially causing serious losses and damage to users.
[0003] Trusted computing technology is one of the important means to solve problems such as untrusted computing environments and lack of in-depth information security protection. Trusted computing provides security protection while performing operations, and can provide the system with security immunity.
[0004] Trusted 1.0 primarily focuses on enhancing system reliability through mechanisms such as backups. It adds redundancy to the system and implements fault-tolerant algorithms through a layer. Trusted 2.0, based on trusted roots such as Trusted Platform Modules (TPM), implements a passive component combining hardware and software. It provides trusted calling interfaces to system hardware, operating system, and applications, allowing the system to use these interfaces to implement specific trusted functions and perform trusted verification of remote entities.
[0005] These two trust technologies have two drawbacks: First, they are passive trust, where the trusted component is the callee, which has many limitations; second, the verification data is insufficient, and it cannot guarantee that all known and trusted entities are verified. Summary of the Invention
[0006] The purpose of this invention is to overcome the shortcomings of the prior art and provide a secure and reliable boot method and system based on TPCM to generate random keys. The method uses the COS embedded in TPCM as the hardware root of trust, measures the boot program step by step, and establishes a trusted environment for the whole chain through the transmission of trust chains between levels, ensuring that the boot file is not tampered with or destroyed, thereby ensuring the security and reliability of the entire system.
[0007] To achieve the above objectives, the present invention is implemented using the following technical solution:
[0008] On one hand, the present invention provides a secure and trusted startup method based on TPCM for generating random keys, comprising:
[0009] After the system is powered on, a reset signal is output to the CPU to clamp the CPU.
[0010] Using an asymmetric key, the boot program stored on the motherboard is read and its signature is verified; the asymmetric key is the one pre-stored during the boot program's security hardening process.
[0011] If the bootloader passes the signature verification, it outputs a release reset signal to the CPU and verifies the signature of the kernel image stored in memory; the kernel image stored in memory is read by the bootloader from the motherboard.
[0012] If the kernel image verification passes, decrypt the kernel image;
[0013] If the kernel image is successfully decrypted, the kernel image will boot into the system and run the application.
[0014] Furthermore, the system needs to be deployed before it is powered on, which includes hardening the bootloader and kernel image in sequence.
[0015] Furthermore, the bootloader is hardened to include:
[0016] The bootloader is hashed using external tools to obtain a hash value and generate a set of asymmetric keys.
[0017] The hash value of the bootstrap program is signed using an asymmetric key to obtain the signature value;
[0018] The signature value and the bootloader source file are relinked and packaged to generate a securely hardened bootloader, which is then burned into the motherboard.
[0019] Furthermore, the public key portion of the asymmetric key is embedded in the non-volatile region of the TPCM module.
[0020] Furthermore, the kernel image is hardened to include:
[0021] Randomly generate a symmetric key K1 and two asymmetric keys K2 and K3;
[0022] The kernel image is symmetrically encrypted using the symmetric key K1 to obtain ciphertext E1(A), and the actual size of the kernel image is recorded as Size(A).
[0023] Perform a hash operation on the ciphertext E1(A) to obtain the hash value Hash(A);
[0024] The hash value Hash(A) is signed using the asymmetric key K3 to obtain the signature value Sig[Hash(A)].
[0025] Encrypting the symmetric key K1 with the asymmetric key K2 yields the ciphertext E2(K1);
[0026] Relink Size(A), Sig[Hash(A)], E2(K1), and E1(A) to generate a securely hardened kernel image, and burn it into the motherboard.
[0027] Furthermore, the kernel image stored in memory is verified, including: performing a hash operation on the ciphertext E1(A) to obtain a hash value, and using the public key part of the asymmetric key K3 to verify the hash value and the signature value Sig[Hash(A)].
[0028] Decrypting the kernel image includes: decrypting the ciphertext E2(K1) to obtain the symmetric key K1, and using the symmetric key K1 to decrypt the ciphertext E1(A) to obtain the original image.
[0029] Furthermore, this also includes updating and upgrading the bootloader and kernel image, including:
[0030] The required updated bootloader is hardened using the private key used for bootloader signing via external tools, the updated bootloader is generated, and then burned into the motherboard.
[0031] The kernel image to be updated is encrypted using a randomly generated symmetric key K1' from an external tool. The hash value of the ciphertext is calculated, and the hash value is signed using an asymmetric key K3. The public key portion of the asymmetric key K2 is used to encrypt K1'. The resulting data is then relinked to generate the updated kernel image, which is then burned into the motherboard.
[0032] On the other hand, the present invention also provides a secure and trusted boot system based on TPCM to generate random keys, for implementing the secure and trusted boot method based on TPCM to generate random keys as described in any of the above claims.
[0033] Optionally, it includes a TPCM module and a motherboard. The TPCM module communicates with the motherboard via an SPI interface and can output a reset signal to jointly control the CPU reset signal with the motherboard's reset chip.
[0034] The TPCM module integrates an algorithm engine unit, a key management unit, and a PCR register. The algorithm engine unit is used to generate random and unique keys. The key management unit is used to parse and verify the bootloader and kernel image using the keys. The PCR register is used to store the hash values of the bootloader and ciphertext.
[0035] Optionally, the bootloader can be configured with a secure user mode and a normal user mode. In the secure user mode, the bootloader and kernel image are hardened, while in the normal user mode, the hardening instructions are filtered.
[0036] Compared with the prior art, the beneficial effects achieved by the present invention are as follows:
[0037] This invention embeds a TPCM module, which, together with the motherboard, forms a secure dual-system architecture. During system deployment, the TPCM module generates a random and unique key to harden system files. During system startup, the COS embedded in the TPCM is used as the hardware root of trust, and the startup program is measured level by level. Through the transmission of trust chains between levels, a fully trusted environment is established to ensure that the startup files are not tampered with or destroyed, thereby ensuring the security and trustworthiness of the entire system.
[0038] This invention addresses the limitation of security firewalls, system access control, and intrusion detection technologies in the embedded system field, which can only improve the security of the system application layer. It can ensure the security and reliability of the system itself, detect whether system files have been tampered with or damaged before the system starts up, and further enhance system security by making the kernel encryption key random and unique. It has broad application prospects in the field of embedded system security. Attached Figure Description
[0039] Figure 1 This is a schematic diagram of a dual-system hardware architecture based on a TPCM module in one embodiment of the present invention;
[0040] Figure 2 This is a schematic diagram of the hardening process of the bootloader of a secure and trusted boot method based on TPCM to generate random keys in one embodiment of the present invention;
[0041] Figure 3 This is a schematic diagram of the kernel image hardening process of a secure and trusted boot method based on TPCM to generate random keys in one embodiment of the present invention;
[0042] Figure 4 This is a schematic diagram of the secure and reliable startup process of an embedded system in one embodiment of the present invention. Implementation
[0043] The present invention will be further described below with reference to the accompanying drawings. The following embodiments are only used to more clearly illustrate the technical solution of the present invention, and should not be used to limit the scope of protection of the present invention. Example
[0044] This invention provides a secure and trusted startup method based on TPCM to generate random keys, which is divided into a system deployment phase and a secure and trusted startup phase.
[0045] The system deployment phase includes security hardening of the bootloader and the kernel image. The specific steps are as follows:
[0046] like Figure 2 As shown, the bootloader is hardened for security:
[0047] The bootloader is hashed using external tools to obtain a hash value, and a set of asymmetric keys is generated. The public key portion of the randomly generated asymmetric key is then stored in the non-volatile area of the TPCM module.
[0048] The hash value of the bootloader is signed using an asymmetric key to obtain a signature value. This signature value is then relinked with the bootloader source files to generate a hardened bootloader.
[0049] like Figure 3 As shown, the kernel image is hardened for security:
[0050] The hardened bootloader is burned into the motherboard, and the kernel image is hardened using the TPCM module in the bootloader's secure user mode.
[0051] The TPCM module randomly generates a symmetric key K1 and two asymmetric keys K2 and K3. The public key portions of K2 and K3 are stored in an external lifecycle management system, corresponding one-to-one with each embedded system ID, for later kernel image upgrades. Since all keys used are randomly generated by the TPCM module, they are unique and different for each system, further enhancing the system's security and trustworthiness.
[0052] The kernel image (A) is symmetrically encrypted using symmetric key K1 to obtain ciphertext E1(A), and the actual size of the kernel image is recorded as Size(A). The ciphertext E1(A) is hashed using a hash algorithm to obtain Hash(A), Hash(A) is signed using asymmetric key K3 to obtain Sig[Hash(A)], and the symmetric key K1 is encrypted using asymmetric key K2 to obtain ciphertext E2(K1).
[0053] Relink Size(A), Sig[Hash(A)], E2(K1), and E1(A) to generate a new kernel image, and burn it to the motherboard storage medium.
[0054] The secure and trusted boot phase can be divided into three stages: the first stage is the TPCM module actively measuring the bootloader; the second stage is the bootloader measuring the kernel image; and the third stage is the decryption of the kernel image. The specific steps are as follows:
[0055] like Figure 4As shown, after the system is powered on, the TPCM module, as the master device, starts up before the CPU and sends a reset signal to the CPU to clamp the CPU.
[0056] Phase 1: The TPCM module reads the bootloader using the public key portion of the asymmetric key embedded in its non-volatile region, parses and verifies the signature. If the signature verification is successful, the reset signal is released, the bootloader is started, and the process proceeds to the next phase. If the signature verification fails, the system startup is stopped.
[0057] The second stage involves reading and parsing the kernel image file, using the TPCM module to perform a hash operation on the ciphertext E1(A), inputting the hash value and signature value Sig[Hash[A]] as parameters into the TPCM module, and verifying the signature using the public key portion of the asymmetric key K3. If the verification fails, the system startup is stopped.
[0058] The third stage: Use the TPCM module to decrypt E2(K1) to obtain the symmetric key K1, and use K1 to decrypt E1(A) to obtain the original image. If the decryption is successful, the kernel will be started and the system will be entered; if the decryption fails, the kernel image content will be incomplete and the system will stop booting.
[0059] After entering the system, the application is also verified according to the set security policy, but this is not within the scope of this invention. Example
[0060] Building upon implementation 1, this embodiment describes how to update the bootloader or kernel image. The specific steps are as follows:
[0061] Update the bootloader: By writing external tools, the required updated bootloader is hardened with the private key used for bootloader signing and then burned.
[0062] Updating the kernel image: An external tool is used to randomly generate a symmetric key K1', which is then used to encrypt the kernel image to be updated. Its ciphertext hash value is calculated, and K3 is used to sign the hash value. K1' is then encrypted using the public key portion of K2. The resulting data is re-linked to generate a new updated kernel image, which is then burned to update it. K1', K2, and K3 are all random and unique. Example
[0063] Based on the same inventive concept as other embodiments, this embodiment introduces a secure and reliable boot system based on TPCM to generate random keys, including a TPCM module and a motherboard. The TPCM module supports multiple interface protocols such as SPI, EMMC, and QSPI to communicate with the motherboard, and has strong adaptability.
[0064] The TPCM module and the motherboard constitute a dual-system hardware architecture based on the TPCM module. The TPCM module outputs a reset signal that, together with the motherboard's reset chip, controls the CPU reset signal.
[0065] The bootloader in the motherboard storage medium includes a secure user mode and a normal user mode. Only in secure user mode can the bootloader and kernel image be hardened, while in normal user mode all security hardening instructions are filtered out.
[0066] The TPCM module integrates an algorithm engine unit and a key management unit, providing functions such as cryptographic algorithm services and key management, supporting the verification and monitoring of the kernel, secure operating system, and applications; it also integrates a PCR register to store the hash values of related files.
[0067] In summary, the present invention adopts the Trusted 3.0 concept, with the TPCM trusted module and the motherboard forming a dual-system architecture. The TPCM hardware foundation establishes the system's root of trust, and a trust chain is established from the hardware itself, the boot program, the operating system, and the application programs. Each time an entity is started, it is ensured that the previous entity is trusted. The trustworthiness of the entire system is guaranteed through the transmission of the trust chain between these levels.
[0068] This invention utilizes a proactive measurement trust chain built upon TPCM to achieve step-by-step booting based on a hardware root of trust, reducing the risks of reverse engineering of terminal firmware and injection of malicious code, and structurally eliminating new and unknown malicious attacks faced by embedded devices.
[0069] Those skilled in the art will understand that embodiments of the present invention can be provided as methods, systems, or computer program products. Therefore, the present invention can take the form of a completely hardware embodiment, a completely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present invention can take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) containing computer-usable program code.
[0070] This invention is described with reference to flowchart illustrations and / or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each block of the flowchart illustrations and / or block diagrams, and combinations of blocks in the flowchart illustrations and / or block diagrams, can be implemented by computer program instructions. These computer program instructions can be provided to a processor of a general-purpose computer, special-purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, generate instructions for implementing the flowchart illustrations and / or block diagrams. Figure 1 One or more processes and / or boxes Figure 1 A device that provides the functions specified in one or more boxes.
[0071] These computer program instructions may also be stored in a computer-readable storage medium that can direct a computer or other programmable data processing device to function in a particular manner, such that the instructions stored in the computer-readable storage medium produce an article of manufacture including instruction means, which are implemented in a process Figure 1 One or more processes and / or boxes Figure 1 The function specified in one or more boxes.
Claims
1. A secure and trusted startup method based on TPCM for generating random keys, characterized in that, include: The system is deployed by sequentially hardening the bootloader and kernel image for security. Hardening the bootloader includes: The bootloader is hashed using external tools to obtain a hash value and generate a set of asymmetric keys. The hash value of the bootloader is signed using an asymmetric key to obtain a signature value. The public key portion of the asymmetric key is stored in the non-volatile area of the Trusted Platform Control Module (TPCM). The signature value and the bootloader source file are relinked and packaged to generate a securely hardened bootloader, which is then burned into the motherboard. Hardening the kernel image for security includes: Randomly generate a symmetric key K1 and two asymmetric keys K2 and K3; The kernel image is symmetrically encrypted using the symmetric key K1 to obtain ciphertext E1(A), and the actual size of the kernel image is recorded as Size(A). Perform a hash operation on the ciphertext E1(A) to obtain the hash value Hash(A); The hash value Hash(A) is signed using the asymmetric key K3 to obtain the signature value Sig[Hash(A)]. Encrypting the symmetric key K1 with the asymmetric key K2 yields the ciphertext E2(K1); Relink Size(A), Sig[Hash(A)], E2(K1), and E1(A) to generate a securely hardened kernel image, and burn it into the motherboard; After the system is powered on, a reset signal is output to the central processing unit (CPU) to clamp the CPU. Using an asymmetric key, the boot program stored on the motherboard is read and its signature is verified; the asymmetric key is the one pre-stored during the boot program's security hardening process. If the bootloader passes the signature verification, it outputs a release reset signal to the central processing unit (CPU) to verify the signature of the kernel image stored in memory; the kernel image stored in memory is read by the bootloader from the motherboard. If the kernel image verification passes, decrypt the kernel image; If the kernel image is successfully decrypted, the kernel image will boot into the system and run the application.
2. The secure and trusted startup method based on TPCM for generating random keys according to claim 1, characterized in that, Verify the signature of the kernel image stored in memory, including: performing a hash operation on the ciphertext E1(A) to obtain a hash value, and using the public key part of the asymmetric key K3 to verify the hash value and the signature value Sig[Hash(A)]. Decrypting the kernel image includes: decrypting the ciphertext E2(K1) to obtain the symmetric key K1, and using the symmetric key K1 to decrypt the ciphertext E1(A) to obtain the original image.
3. The secure and trusted startup method based on TPCM for generating random keys according to claim 1, characterized in that, This also includes updating and upgrading the bootloader and kernel image, including: The required updated bootloader is hardened using the private key used for bootloader signing via external tools, the updated bootloader is generated, and then burned into the motherboard. The kernel image to be updated is encrypted using a randomly generated symmetric key K1' from an external tool. The hash value of the ciphertext is calculated, and the hash value is signed using an asymmetric key K3. The public key portion of the asymmetric key K2 is used to encrypt K1'. The resulting data is then relinked to generate the updated kernel image, which is then burned into the motherboard.
4. A secure and reliable boot system based on TPCM for generating random keys, characterized in that, The system is used to implement the secure and trusted startup method based on TPCM to generate random keys as described in any one of claims 1 to 3, including a trusted platform control module TPCM and a motherboard. The trusted platform control module TPCM communicates with the motherboard through an SPI interface and can output a reset signal to prevent the central processing unit (CPU) from being reset together with the reset chip of the motherboard. The Trusted Platform Control Module (TPCM) integrates an algorithm engine unit, a key management unit, and a PCR register. The algorithm engine unit is used to generate random and unique keys, the key management unit is used to parse and verify the bootloader and kernel image using the keys, and the PCR register is used to store the hash values of the bootloader and ciphertext.
5. The secure and reliable boot system based on TPCM for generating random keys according to claim 4, characterized in that, The bootloader is configured with a secure user mode and a normal user mode. In the secure user mode, the bootloader and kernel image are hardened. In the normal user mode, the hardening instructions are filtered.