A secure boot system for firmware and related methods

Abstract

The application provides a secure boot system for firmware and a related method. The secure boot system for firmware comprises an electronic device and a chip. The electronic device is configured to encrypt part of data in firmware to obtain encrypted firmware, and send the encrypted firmware to the chip when the firmware in the chip meets preset download conditions. The chip is configured to receive the encrypted firmware sent by the electronic device, decrypt the encrypted firmware to obtain decrypted firmware, and start the decrypted firmware. The embodiment of the application can securely and efficiently start the firmware and avoid malicious damage to the firmware.

Description

Technical Field

[0001] This application relates to the field of terminal technology, and in particular to a secure boot system and related methods for firmware. Background Technology

[0002] During the chip's startup process, the corresponding firmware (which can be the chip's most basic operating software and can be upgraded through a specific flashing program) is usually loaded from an external electronic device. After the firmware is loaded, the chip can jump to the firmware's main function (e.g., the main function) to begin executing the firmware's running process.

[0003] However, firmware in electronic devices is currently vulnerable to malicious damage. For example, third-party programs can be implanted into the firmware to maliciously obtain user information or operating data from the chip; or the firmware's operating logic can be disrupted, causing the firmware to malfunction and the chip to fail to work properly.

[0004] Therefore, how to achieve secure and efficient boot firmware is an urgent problem to be solved. Summary of the Invention

[0005] This application provides a secure firmware boot system and related methods, which can boot firmware securely and efficiently, and prevent firmware from being maliciously damaged.

[0006] In a first aspect, embodiments of this application provide a secure boot system for firmware, the system comprising: an electronic device and a chip;

[0007] The electronic device is used to: encrypt a portion of the data in the firmware to obtain encrypted firmware; and send the encrypted firmware to the chip when the firmware in the chip meets preset download conditions.

[0008] The chip is used to: receive the encrypted firmware sent by the electronic device; decrypt the encrypted firmware to obtain the decrypted firmware; and start the decrypted firmware.

[0009] In existing technologies, firmware in electronic devices is easily susceptible to malicious damage, causing firmware malfunction, chip damage, and even data leakage. To address this, this application provides a secure firmware boot system that can securely and efficiently boot firmware, ensuring normal chip function and preventing data leakage. This secure firmware boot system includes an electronic device and a chip. Specifically, the electronic device can: encrypt a portion of the data in the firmware to obtain encrypted firmware; and send the encrypted firmware to the chip when the firmware in the chip meets preset download conditions. When the firmware in the chip meets the preset download conditions (i.e., the firmware in the chip needs to be updated, downloaded, upgraded, or burned), it can receive the encrypted firmware sent by the electronic device, decrypt the encrypted firmware, and obtain decrypted firmware; after decryption, the decrypted firmware can be booted to achieve the corresponding functions. By encrypting the firmware on the electronic device side and decrypting the encrypted firmware before chip boot, firmware security can be greatly improved, ensuring normal chip function and preventing data leakage. Furthermore, encrypting and decrypting some data in the firmware can not only help improve the speed of encryption and decryption, reduce the time of encryption and decryption, and improve the efficiency of firmware secure boot, but also increase the cost of cracking the encrypted firmware, thereby further improving the security of the firmware.

[0010] In one possible implementation, the electronic device is specifically used to: randomly sample the firmware to obtain first random data in the firmware; obtain encrypted data corresponding to the first random data based on a preset encryption rule and the first random data; and replace the first random data in the firmware with the encrypted data to obtain the encrypted firmware.

[0011] In this embodiment, the electronic device can randomly sample the firmware to obtain first random data within the firmware. This first random data can be a randomly determined portion of the data in the firmware. The electronic device can then encrypt the first random data based on a preset encryption rule to obtain encrypted data corresponding to the first random data. After encryption, the electronic device can replace the first random data in the firmware with the encrypted data to obtain the encrypted firmware. This method of determining the first random data through random sampling before encryption significantly improves the security of the encrypted firmware and reduces the probability of the firmware being launched after being implanted with other programs.

[0012] In one possible implementation, the electronic device is specifically used to: send firmware information to the chip when the firmware in the chip meets the preset download conditions, the firmware information including header information and the encrypted firmware, the header information including the location information used to indicate the location of the encrypted data in the firmware.

[0013] In this embodiment, the electronic device sends the location information indicating the position of the encrypted data in the firmware to the chip along with the encrypted firmware. This helps the chip quickly determine the encrypted data when decrypting the encrypted firmware, thereby improving the decryption speed, reducing the decryption time, and improving the efficiency of firmware secure boot.

[0014] In one possible implementation, the electronic device is specifically used to: obtain the current version information corresponding to the firmware in the chip; compare the current version information with the target version information corresponding to the firmware in the electronic device; and when the current version information is inconsistent with the latest version information, determine that the firmware meets the preset download conditions.

[0015] In this embodiment of the application, when the current version information is inconsistent with the latest version information, it indicates that the firmware in the chip needs to be updated, upgraded or downloaded. That is, the firmware meets the preset download conditions. At this time, the electronic device can send the encrypted firmware to the chip to update, upgrade or download the corresponding firmware.

[0016] In one possible implementation, the electronic device is further configured to: before encrypting a portion of the data in the firmware to obtain the encrypted firmware, obtain the first verification code corresponding to the firmware based on a preset integrity verification rule, wherein the first verification code is used to verify the integrity of the firmware.

[0017] In this embodiment of the application, in order to prevent third parties from speculating on the encryption method and the location of the encrypted data in the firmware, the firmware is subjected to integrity verification through a first verification code, so as to increase the probability of secure firmware startup and further reduce the risk of firmware being started after being damaged.

[0018] In one possible implementation, the chip is specifically used to: receive the firmware information sent by the electronic device; determine the encrypted data from the encrypted firmware based on the location information in the header information; and decrypt the encrypted firmware based on the encrypted data and the preset decryption rule to obtain the decrypted firmware.

[0019] In this embodiment, the chip determines the encrypted data from the encrypted firmware based on the location information carried in the header information of the firmware information sent by the electronic device; then, based on the encrypted data, it decrypts the encrypted firmware. By carrying the location information of the encrypted data in the firmware information, the chip can quickly determine the encrypted data when decrypting the encrypted firmware, thereby improving the decryption speed, reducing the decryption time, and improving the efficiency of secure firmware boot.

[0020] In one possible implementation, the chip is specifically used to: decrypt the encrypted data in the encrypted firmware based on a preset decryption rule to obtain second random data; and replace the encrypted data in the encrypted firmware with the second random data to obtain the decrypted firmware.

[0021] In this embodiment, the chip can decrypt the encrypted data in the encrypted firmware based on a preset decryption rule to obtain second random data. This second random data is the data obtained after decrypting the encrypted data. The encrypted data in the encrypted firmware is then replaced with the second random data to obtain the decrypted firmware. This decryption method can improve the decryption speed, reduce the decryption time, and improve the efficiency of firmware secure boot.

[0022] In one possible implementation, the firmware information further includes the first verification code; the chip is further configured to: obtain a second verification code corresponding to the decrypted firmware based on the preset integrity verification rule; compare the first verification code and the second verification code, and start the decrypted firmware when the second verification code matches the first verification code.

[0023] In this embodiment, to prevent third parties from speculating on the encryption method and location of encrypted data within the firmware, an integrity check is performed after decryption of the firmware. This increases the probability of secure firmware startup and further reduces the risk of booting the firmware after it has been compromised. Specifically, if the second verification code matches the first verification code, it can be determined that the decrypted firmware has passed the integrity check and can be booted.

[0024] Secondly, embodiments of this application provide a secure boot method for firmware, applied to a secure boot system, the secure boot system including an electronic device and a chip; the method includes:

[0025] The electronic device encrypts a portion of the data in the firmware to obtain encrypted firmware; when the firmware in the chip meets the preset download conditions, the encrypted firmware is sent to the chip.

[0026] The chip receives the encrypted firmware sent by the electronic device; decrypts the encrypted firmware to obtain the decrypted firmware; and starts the decrypted firmware.

[0027] In one possible implementation, encrypting a portion of the data in the firmware using the electronic device to obtain encrypted firmware includes: randomly sampling the firmware using the electronic device to obtain first random data in the firmware; obtaining encrypted data corresponding to the first random data based on a preset encryption rule and the first random data; and replacing the first random data in the firmware with the encrypted data to obtain the encrypted firmware.

[0028] In one possible implementation, sending encrypted firmware to the chip when the firmware in the chip meets preset download conditions includes: sending firmware information to the chip when the firmware in the chip meets the preset download conditions, the firmware information including header information and the encrypted firmware, the header information including the location information used to indicate the location of the encrypted data in the firmware.

[0029] In one possible implementation, the method further includes: obtaining the current version information corresponding to the firmware in the chip through the electronic device; comparing the current version information with the target version information corresponding to the firmware in the electronic device; and determining that the firmware meets the preset download conditions when the current version information is inconsistent with the latest version information.

[0030] In one possible implementation, before encrypting a portion of the data in the firmware to obtain the encrypted firmware, the method further includes: obtaining the first verification code corresponding to the firmware through the electronic device based on a preset integrity verification rule, wherein the first verification code is used to verify the integrity of the firmware.

[0031] In one possible implementation, decrypting the encrypted firmware to obtain decrypted firmware includes: receiving firmware information sent by the electronic device; determining the encrypted data from the encrypted firmware based on the location information in the header information; and decrypting the encrypted firmware based on the encrypted data and the preset decryption rule to obtain the decrypted firmware.

[0032] In one possible implementation, the step of decrypting the encrypted firmware based on the encrypted data and the preset decryption rule to obtain the decrypted firmware includes: decrypting the encrypted data in the encrypted firmware based on the preset decryption rule to obtain second random data; and replacing the encrypted data in the encrypted firmware with the second random data to obtain the decrypted firmware.

[0033] In one possible implementation, the firmware information further includes the first verification code; the method further includes: obtaining a second verification code corresponding to the decrypted firmware by the chip based on the preset integrity verification rule; comparing the first verification code and the second verification code, and starting the decrypted firmware when the second verification code matches the first verification code.

[0034] Thirdly, embodiments of this application provide an encryption method for secure firmware boot, characterized in that the method includes: randomly sampling the firmware to obtain first random data in the firmware, wherein the first random data is a portion of the data in the firmware; obtaining encrypted data corresponding to the first random data based on a preset encryption rule and the first random data; and replacing the first random data in the firmware with the encrypted data to obtain encrypted firmware.

[0035] Fourthly, embodiments of this application provide a decryption method for secure firmware boot, characterized in that the method includes: obtaining encrypted firmware; determining encrypted data in the encrypted firmware; decrypting the encrypted data in the encrypted firmware based on the encrypted data and the preset decryption rule to obtain second random data; and replacing the encrypted data in the encrypted firmware with the second random data to obtain decrypted firmware.

[0036] Fifthly, embodiments of this application provide an electronic device, which includes one or more processors and one or more memories; wherein the one or more memories are coupled to the one or more processors, and the one or more memories are used to store computer program code, the computer program code including computer instructions, and when the one or more processors execute the computer instructions, the electronic device performs the encryption method for secure firmware boot as described in the third aspect above.

[0037] Sixthly, a chip, characterized in that the chip includes logic circuitry for supporting the chip in implementing the decryption method for secure firmware boot as described in the fourth aspect above.

[0038] In a seventh aspect, this application provides a computer storage medium including computer instructions that, when executed on an electronic device, cause the electronic device to perform a method as described in any possible implementation of the third or fourth aspect above.

[0039] Eighthly, this application provides a computer program product that, when run on a computer, causes the computer to perform the method in any possible implementation of the third or fourth aspect described above.

[0040] It is understood that the methods provided in the second to fourth aspects, the electronic device provided in the fifth aspect, the chip provided in the sixth aspect, the computer-readable storage medium provided in the seventh aspect, and the computer program product provided in the eighth aspect are all used to implement the secure boot system for firmware provided in the embodiments of this application. Therefore, the beneficial effects that can be achieved can be referred to the beneficial effects involved in the corresponding first aspect, and will not be repeated here. Attached Figure Description

[0041] To more clearly illustrate the technical solutions in the embodiments of this application or the background art, the accompanying drawings used in the embodiments of this application or the background art will be described below.

[0042] Figure 1 This is a set of application scenario diagrams provided in the embodiments of this application.

[0043] Figure 2 This is a schematic diagram of a secure boot system architecture for firmware provided in an embodiment of this application.

[0044] Figure 3 This is a schematic diagram illustrating the encryption of partial data in firmware provided in an embodiment of this application.

[0045] Figure 4 This is a schematic diagram of the structure of firmware information provided in an embodiment of this application.

[0046] Figure 5 This is a schematic diagram of an encryption method for secure firmware boot provided in an embodiment of this application.

[0047] Figure 6 This is a schematic diagram of a decryption method for secure firmware boot provided in an embodiment of this application. Detailed Implementation

[0048] The technical solutions in the embodiments of this application will be clearly and thoroughly described below with reference to the accompanying drawings.

[0049] The terms "first" and "second," etc., in the specification, claims, and accompanying drawings of this application are used to distinguish different objects, not to describe a specific order. Furthermore, the terms "comprising" and "having," and any variations thereof, are intended to cover non-exclusive inclusion. For example, a process, method, system, product, or apparatus that includes a series of steps or units is not limited to the listed steps or units, but may optionally include steps or units not listed, or may optionally include other steps or units inherent to such processes, methods, products, or apparatus.

[0050] It should be understood that in this application, "at least one (item)" means one or more, and "more than" means two or more. "And / or" is used to describe the relationship between related objects, indicating that three relationships can exist. For example, "A and / or B" can represent three cases: only A exists, only B exists, and both A and B exist simultaneously, where A and B can be singular or plural. The character " / " generally indicates that the preceding and following related objects are in an "or" relationship. "At least one (item) of the following" or similar expressions refer to any combination of these items, including any combination of single or plural items. For example, at least one (item) of a, b, or c can represent: a, b, c, "a and b", "a and c", "b and c", or "a and b and c", where a, b, and c can be single or multiple.

[0051] In this document, the term "embodiment" means that a particular feature, structure, or characteristic described in connection with an embodiment may be included in at least one embodiment of this application. The appearance of this phrase in various places throughout the specification does not necessarily refer to the same embodiment, nor is it a separate or alternative embodiment mutually exclusive with other embodiments. It will be explicitly and implicitly understood by those skilled in the art that the embodiments described herein can be combined with other embodiments.

[0052] As used in this specification, the terms "component," "module," "system," etc., are used to refer to computer-related entities, hardware, firmware, combinations of hardware and software, software, or software in execution. For example, a component can be, but is not limited to, a process running on a processor, a processor, an object, an executable file, an execution thread, a program, and / or a computer. As illustrated, applications running on computing devices and computing devices can both be components. One or more components may reside in a process and / or an execution thread, and components may be located on a single computer and / or distributed among two or more computers. Furthermore, these components can be executed from various computer-readable media on which various data structures are stored. Components can communicate, for example, via local and / or remote processes based on signals having one or more data packets (e.g., data from two components interacting with another component between a local system, a distributed system, and / or a network, such as the Internet interacting with other systems via signals).

[0053] To facilitate understanding of the embodiments of this application, the following detailed analysis of the application scenarios involved in the embodiments of this application, especially the scenario of securely starting the firmware when downloading or upgrading the chip firmware.

[0054] Please refer to the attached document. Figure 1 , Figure 1 This is a set of application scenario diagrams provided in the embodiments of this application.

[0055] In some application scenarios, chips can securely boot the firmware after it has been upgraded or updated. For example, current electronic devices can all contain corresponding chips that can provide data processing functions to the electronic device based on the firmware within the chip. The firmware in the chip can be updated or upgraded by the electronic device, and after the chip updates or upgrades the firmware, it can securely boot the firmware to run the corresponding functions.

[0056] For example, the electronic device may be such as Figure 1 The laptops and mobile phones shown can also be portable electronic devices (not shown), tablets, wearable electronic devices with wireless communication capabilities (such as smartwatches), etc. Exemplary embodiments of portable electronic devices include, but are not limited to, those equipped with... Alternatively, it could be a portable electronic device with another operating system. The aforementioned portable electronic device could also be other portable electronic devices, such as a laptop computer with a touch-sensitive surface or touch panel. It should also be understood that in some other embodiments, the aforementioned electronic device may not be a portable electronic device, but rather a desktop computer, in-vehicle computer, etc., with a touch-sensitive surface or touch panel.

[0057] In other application scenarios, the chip can be securely booted from the initial firmware after downloading it. For example, if the chip is positioned before the aforementioned electronic device, another electronic device is needed to program the firmware onto the chip. After programming, the firmware on the chip can be securely booted to ensure the chip's basic operational functions. The electronic device used to program the chip can be, for example,... Figure 1 The host computer or programmer shown is not specifically limited in this embodiment of the application.

[0058] In other application scenarios, the chip can securely boot from firmware stored in its internal memory. For example, the firmware obtained by the chip from the electronic device can be stored in the chip's flash memory. During operation, the chip can directly retrieve the corresponding firmware from the flash memory for secure boot.

[0059] It should be noted that the three different scenarios shown above are merely illustrative examples all involving secure boot implementation in the chip's firmware and should not be construed as limiting the embodiments of this application.

[0060] Based on the application scenarios mentioned above, and to facilitate understanding of the embodiments of this application, the following describes a secure boot system architecture for firmware on which the embodiments of this application are based.

[0061] Please refer to the attached document. Figure 2 , Figure 2 This is a schematic diagram of a secure boot system architecture for firmware provided in an embodiment of this application. Figure 2 As shown, a secure boot system for firmware includes electronic devices (host) and chips.

[0062] The electronic device may be one of the above-mentioned Figure 1 Any of the electronic devices shown in the embodiments. The electronic device may include one or more firmware files, each of which may run in a corresponding chip of the electronic device. For example... Figure 2 As shown, current firmware is easily susceptible to malicious damage on the electronic device side. For example, other programs could be implanted into the firmware, potentially accessing user information or operational data within the chip during runtime; or the firmware's operational logic could be disrupted, preventing it from functioning properly and causing malfunctions. Therefore, to ensure the firmware runs correctly after download, the electronic device can encrypt one or more firmware files to improve firmware startup security and reduce the risk of malicious damage.

[0063] For example, the electronic device can be used to: encrypt a portion of the data in the firmware to obtain encrypted firmware; and send the encrypted firmware to the chip if the firmware in the chip meets preset download conditions. Specifically, after encrypting the firmware, the electronic device can first store it within itself. Once it is determined that the firmware in the chip meets the preset download conditions, the encrypted firmware is sent to the chip, thereby reducing the risk of the chip running firmware that has been corrupted or maliciously injected with other code.

[0064] For example, please refer to the appendix. Figure 3 , Figure 3 This is a schematic diagram illustrating the encryption of partial data in firmware, as provided in an embodiment of this application. Figure 3 As shown, this electronic device can encrypt a portion of the data in the firmware to obtain the encrypted firmware. It is understood that this portion of data can be any part of the firmware; it can be a continuous segment or multiple scattered segments; and it can be obtained randomly or according to specific acquisition rules.

[0065] In some embodiments, this application does not specifically limit the size of the partial data or its proportion in all firmware data. For example, the partial data in the firmware may be a portion of data randomly selected from data of a preset threshold size as the encrypted portion of the firmware, as described above. Figure 3 As shown, in this firmware, a portion of the data is encrypted by randomly selecting 1 byte of data from every 1KB of data. For example, a portion of the data in the firmware could also be data of a preset size (e.g., initial data 10 bytes, intermediate data 200 bytes, final data 1KB, etc.) at a preset location within the firmware. Alternatively, a portion of the data in the firmware could be any preset percentage (e.g., 30%, 20%, etc.) of the total data in the firmware.

[0066] It should be noted that the higher the proportion and the more dispersed the partial data in the firmware is within the total data, the higher the security of the encrypted firmware, but the longer the encryption time will be. With the same proportion, the more dispersed the partial data is within the firmware, the higher the security of the encrypted firmware, but the longer the encryption time will be.

[0067] It should also be noted that encrypting only a portion of the data in the firmware is more secure than encrypting all of it. For example, if a third party obtains the encryption method of an electronic device, they can replace all the data in the firmware. However, if only a portion of the firmware data is encrypted, even if the third party obtains the encryption method, they still cannot replace or decrypt the firmware without access to that specific encrypted data.

[0068] The chip can be any type of integrated circuit capable of running firmware, such as an integrated circuit chip, a memory chip, etc. For example, when firmware needs to be updated, downloaded, upgraded, or burned, the chip can send a firmware download request to the electronic device. This download request is used to request firmware update, download, upgrade, or burning. Upon receiving the encrypted firmware sent by the electronic device, the chip decrypts the encrypted firmware to obtain the decrypted firmware. After decryption, the decrypted firmware can be started to achieve the corresponding functions.

[0069] It is understandable that when this chip decrypts the encrypted firmware, the decryption method used corresponds to the encryption method used in the electronic device. Furthermore, the chip only needs to decrypt a portion of the data in the firmware during the decryption process, which greatly reduces the time spent on firmware decryption while also ensuring the security of firmware startup, preventing maliciously damaged firmware from being successfully decrypted and run. In the event of decryption failure or error, indicating that the firmware has been maliciously damaged, the chip can choose not to run the decrypted firmware.

[0070] In some embodiments, as described above Figure 2As shown, the chip may include a logic circuit (boot), random access memory (RAM), and flash memory. The logic circuit is a hardware circuit composed of direct or indirect combinations of AND gates, NOT gates, and OR gates, used to implement corresponding operating logic or programs. For example, firmware can be understood as program code embedded within an integrated circuit, and the logic circuit is responsible for running the firmware to control and coordinate the functions of the integrated circuit. For another example, the logic circuit can decrypt and run encrypted firmware. It should be noted that the logic running in this logic circuit can also be stored in the chip's electrically erasable programmable read-only memory (EEPROM). Furthermore, flash memory is a long-lifetime, non-volatile memory (it retains stored data even when power is off), used to receive and store encrypted firmware obtained from electronic devices. For example, encrypted firmware sent by an electronic device can be stored in flash memory. The random access memory can be used to store decrypted firmware, and also to store related data after the decrypted firmware is loaded or started; this embodiment of the application does not specifically limit this.

[0071] For example, in this embodiment of the application, the logic circuit can be used to obtain the encrypted firmware sent by the electronic device from the flash memory, decrypt the encrypted firmware to obtain the decrypted firmware, and start the decrypted firmware to realize the corresponding function of the firmware.

[0072] In some embodiments, the electronic device is specifically used to: obtain the current version information corresponding to the firmware in the chip; compare the current version information with the target version information corresponding to the firmware in the electronic device; and determine that the firmware meets the preset download conditions when the current version information is inconsistent with the latest version information.

[0073] It is understood that the target version information can be the latest version information corresponding to the firmware in the electronic device. When the current version information of the firmware in the chip is inconsistent with the latest version information (i.e., the target version information), it indicates that the firmware in the chip needs to be updated, upgraded, downloaded, or burned. That is, the firmware meets the preset download conditions. At this time, the electronic device can send the encrypted firmware to the chip for updating, upgrading, downloading, or burning the corresponding firmware. The version information may include one or more of the firmware version number, firmware size, and firmware name. This application embodiment does not specifically limit this.

[0074] For example: If the current version information of the firmware in the chip is A, and the target version information of the firmware in the electronic device is B, and the two are inconsistent, it means that the firmware in the chip meets the preset download conditions, and the electronic device can send the encrypted firmware corresponding to the target version information to the chip. As another example: If the current version information of the firmware in the chip is empty (i.e., when the chip does not store the firmware, the corresponding current version information is empty), and the target version information of the firmware in the electronic device is A, and the two are inconsistent, it means that the firmware in the chip meets the preset download conditions, and the electronic device can send the encrypted firmware corresponding to the target version information to the chip.

[0075] In some embodiments, the electronic device is specifically used to: randomly sample the firmware to obtain first random data in the firmware; obtain encrypted data corresponding to the first random data based on a preset encryption rule and the first random data; replace the first random data in the firmware with the encrypted data to obtain the encrypted firmware.

[0076] In this embodiment, the electronic device can randomly sample the firmware to obtain first random data from the firmware. This first random data can be a randomly determined portion of the data in the firmware. It should be noted that the size of the first random data after random sampling or its proportion in all the firmware data is not specifically limited in this embodiment. It should also be noted that the random sampling in this embodiment can be random sampling of all data in the entire firmware, or random sampling of data in each unit of the entire firmware (e.g., randomly sampling 1KB of data from every 1MB of data). The electronic device can then encrypt the first random data based on a preset encryption rule to obtain the encrypted data corresponding to the first random data. It is understood that the preset encryption rule can be a default security encryption rule in the electronic device (e.g., SHA256 encryption), or a user-set or subsequently separately set security encryption rule (e.g., a mapping relationship encryption method). This embodiment does not specifically limit the specific encryption method. After encryption, the electronic device can replace the first random data in the firmware with the encrypted data to obtain the encrypted firmware. This method of determining the first random data through random sampling before encryption can greatly improve the security of the encrypted firmware and reduce the probability of the firmware being launched after being implanted with other programs.

[0077] In some embodiments, the chip is specifically used to: decrypt the encrypted data in the encrypted firmware based on a preset decryption rule to obtain second random data; and replace the encrypted data in the encrypted firmware with the second random data to obtain the decrypted firmware.

[0078] It is understood that the chip's preset decryption rules correspond to and match the preset encryption rules in the electronic device. The chip can decrypt the encrypted data in the encrypted firmware based on the preset decryption rules to obtain second random data. This second random data is the data obtained after decrypting the encrypted data. The encrypted data in the encrypted firmware is then replaced with the second random data to obtain the decrypted firmware. This decryption method can improve decryption speed, reduce decryption time, and improve the efficiency of secure firmware boot.

[0079] In some embodiments, the electronic device is specifically used to: send firmware information to the chip when the firmware in the chip meets the preset download conditions, the firmware information including header information and the encrypted firmware, the header information including the location information, the location information being used to indicate the location of the encrypted data in the firmware.

[0080] Please refer to the attached document. Figure 4 , Figure 4 This is a schematic diagram of the structure of firmware information provided in an embodiment of this application. For example... Figure 4 As shown, the firmware information includes header information and the encrypted firmware. The header information includes location information, which indicates the position of the encrypted data within the firmware; that is, it indicates the position of a portion of the data within the encrypted firmware. For example: Figure 4 As shown, the encrypted data comprises mKB of data. Within each nKB block of data, one byte is designated as the portion to be encrypted. The position information in the header can be used to indicate the position of this one byte within each nKB block of data. The positions of these one-byte data bytes within each nKB block of data can be the same or different; this embodiment does not impose specific limitations on this. Furthermore, carrying the position information of the encrypted data in the firmware information helps the chip quickly determine the encrypted data when decrypting the encrypted firmware, thereby improving decryption speed, reducing decryption time, and increasing the efficiency of secure firmware boot.

[0081] In some embodiments, the chip is specifically used to: receive the firmware information sent by the electronic device; determine the encrypted data from the encrypted firmware based on the header information in the firmware information; and decrypt the encrypted firmware based on the encrypted data to obtain the decrypted firmware.

[0082] Specifically, this chip is used to receive the firmware information sent by the electronic device, and based on the location information carried in the header information of the firmware information, to determine the encrypted data (as described above) from the encrypted firmware. Figure 4The encrypted firmware is decrypted based on the encrypted data (m / n bytes shown); the decrypted firmware is obtained by carrying the location information of the encrypted data in the firmware information. By carrying the location information of the encrypted data in the firmware information, the chip can quickly determine the encrypted data when decrypting the encrypted firmware, thereby improving the decryption speed, reducing the decryption time, and improving the efficiency of firmware secure boot.

[0083] In some embodiments, the electronic device is further configured to: before encrypting a portion of the data in the firmware to obtain the encrypted firmware, obtain the first verification code corresponding to the firmware based on a preset integrity verification rule, wherein the first verification code is used to verify the integrity of the firmware.

[0084] Before encrypting the firmware, the electronic device can also obtain the first verification code corresponding to the firmware based on a preset integrity verification rule. This first verification code, together with the verification code corresponding to the decrypted firmware, can jointly perform integrity verification of the firmware. To prevent third parties from speculating on the encryption method and the location of encrypted data within the firmware, the first verification code increases the probability of secure firmware startup and further reduces the risk of the firmware being started after being compromised.

[0085] In other embodiments, the firmware information further includes the first verification code; the chip is also configured to: obtain a second verification code corresponding to the decrypted firmware based on the preset integrity verification rule; compare the first verification code and the second verification code, and start the decrypted firmware when the second verification code matches the first verification code.

[0086] For example, as described above Figure 4 As shown, the firmware information also includes a first checksum for verifying firmware integrity. It is understood that, to prevent third parties from speculating on the encryption method and location of encrypted data within the firmware, this embodiment can also perform integrity verification after decrypting the firmware. For example, based on preset integrity verification rules, a second checksum corresponding to the decrypted firmware is obtained; the first checksum and the second checksum are compared, and if the second checksum matches the first checksum, the decrypted firmware is started. Performing integrity verification can increase the probability of secure firmware startup and further reduce the risk of firmware being started after being corrupted. For example, a cyclic redundancy check (CRC) can be performed.

[0087] It is understood that the chip performs integrity verification on the decrypted firmware based on the first verification code. If the verification passes, the decrypted firmware is started, i.e., it runs. If the verification fails, the decrypted firmware is not started. For example, when the second verification code matches the first verification code corresponding to the firmware before encryption, it indicates that the firmware has not been tampered with, and the firmware passes the integrity verification, allowing secure startup. When the second verification code does not match the first verification code corresponding to the firmware before encryption, it indicates that the firmware has failed the integrity verification, i.e., the firmware has been tampered with or maliciously damaged, and the startup of the decrypted firmware can be suspended to ensure the chip's operational security. This verification method, combined with the encryption of some data in the firmware in the embodiments of this application, not only reduces the probability of a third party speculating on the encryption method and the location of the encrypted data in the firmware, but also prevents a third party from tampering with the encrypted data after speculating on it. This further increases the probability of secure firmware startup and greatly reduces the risk of firmware being started after being damaged.

[0088] In existing technologies, firmware in electronic devices is easily susceptible to malicious damage, causing firmware malfunction, chip damage, and even data leakage. To address this, this application provides a secure firmware boot system that can securely and efficiently boot firmware, ensuring normal chip function and preventing data leakage. This secure firmware boot system includes an electronic device and a chip. Specifically, the electronic device can: encrypt a portion of the data in the firmware to obtain encrypted firmware; and send the encrypted firmware to the chip when the firmware in the chip meets preset download conditions. When the firmware in the chip meets the preset download conditions (i.e., the firmware in the chip needs to be updated, downloaded, upgraded, or burned), it can receive the encrypted firmware sent by the electronic device, decrypt the encrypted firmware, and obtain decrypted firmware; after decryption, the decrypted firmware can be booted to achieve the corresponding functions. By encrypting the firmware on the electronic device side and decrypting the encrypted firmware before chip boot, firmware security can be greatly improved, ensuring normal chip function and preventing data leakage. Furthermore, encrypting and decrypting some data in the firmware can not only help improve the speed of encryption and decryption, reduce the time of encryption and decryption, and improve the efficiency of firmware secure boot, but also increase the cost of cracking the encrypted firmware, thereby further improving the security of the firmware.

[0089] Next, based on the above... Figures 2-4 The system architecture for secure firmware boot is shown, and the encryption and decryption methods for secure firmware boot are illustrated, providing a specific analysis and solution to the technical problems raised in this application.

[0090] This application provides a secure boot method for firmware, applicable to the above-mentioned... Figures 2-4 The system shown is for secure firmware booting, the secure booting system including electronic devices and chips; the method includes:

[0091] The electronic device encrypts a portion of the data in the firmware to obtain encrypted firmware; when the firmware in the chip meets the preset download conditions, the encrypted firmware is sent to the chip.

[0092] The chip receives the encrypted firmware sent by the electronic device; decrypts the encrypted firmware to obtain the decrypted firmware; and starts the decrypted firmware.

[0093] In some embodiments, encrypting a portion of the data in the firmware using the electronic device to obtain encrypted firmware includes: randomly sampling the firmware using the electronic device to obtain first random data in the firmware; obtaining encrypted data corresponding to the first random data based on a preset encryption rule and the first random data; and replacing the first random data in the firmware with the encrypted data to obtain the encrypted firmware.

[0094] In some embodiments, sending encrypted firmware to the chip when the firmware in the chip meets preset download conditions includes: sending firmware information to the chip when the firmware in the chip meets the preset download conditions, the firmware information including header information and the encrypted firmware, the header information including the location information, the location information being used to indicate the location of the encrypted data in the firmware.

[0095] In some embodiments, the method further includes: obtaining current version information corresponding to the firmware in the chip through the electronic device; comparing the current version information with target version information corresponding to the firmware in the electronic device; and determining that the firmware meets the preset download conditions when the current version information is inconsistent with the latest version information.

[0096] In some embodiments, before encrypting a portion of the data in the firmware to obtain the encrypted firmware, the method further includes: obtaining the first verification code corresponding to the firmware through the electronic device based on a preset integrity verification rule, wherein the first verification code is used to verify the integrity of the firmware.

[0097] In some embodiments, decrypting the encrypted firmware to obtain decrypted firmware includes: receiving firmware information sent by the electronic device; determining the encrypted data from the encrypted firmware based on the location information in the header information; and decrypting the encrypted firmware based on the encrypted data and the preset decryption rule to obtain the decrypted firmware.

[0098] In some embodiments, the step of decrypting the encrypted firmware based on the encrypted data and the preset decryption rule to obtain the decrypted firmware includes: decrypting the encrypted data in the encrypted firmware based on the preset decryption rule to obtain second random data; and replacing the encrypted data in the encrypted firmware with the second random data to obtain the decrypted firmware.

[0099] In some embodiments, the firmware information further includes the first verification code; the method further includes: obtaining a second verification code corresponding to the decrypted firmware by the chip based on the preset integrity verification rule; comparing the first verification code and the second verification code, and starting the decrypted firmware when the second verification code matches the first verification code.

[0100] It should be noted that the implementation methods described in the embodiments of this application can be found in the above-mentioned embodiments. Figures 2-4 The descriptions of electronic devices in the system architecture embodiments shown are not repeated here in this application.

[0101] Based on the above Figures 2-4 The system architecture for secure firmware boot shown and the above-described secure firmware boot method are combined with the encryption method for secure firmware boot provided in this application.

[0102] Please see Figure 5 , Figure 5 This is a schematic flowchart of an encryption method for secure firmware boot provided in an embodiment of this application. Figure 5 The encryption method shown for secure firmware boot can be applied to the above. Figure 2 In the electronic device described herein, the specific details of each step are as follows:

[0103] Step S201: Obtain the first verification code corresponding to the firmware.

[0104] Specifically, the electronic device can be used to obtain a first verification code corresponding to the firmware based on a preset integrity verification rule (e.g., a preset verification function) before encrypting the firmware. This first verification code is used to verify the integrity of the firmware. It is understood that, to prevent third parties from speculating on the encryption method and the location of encrypted data within the firmware, this embodiment can also perform integrity verification after decrypting the firmware, thereby increasing the probability of secure firmware startup and further reducing the risk of the firmware being booted after being compromised. For example, the first verification code corresponding to the firmware can be obtained based on a Cyclic Redundancy Check (CRC) rule.

[0105] Step S202: Encrypt a portion of the data in the firmware to obtain the encrypted firmware.

[0106] Specifically, electronic devices can encrypt a portion of the data in the firmware to obtain encrypted firmware. This portion of data can be a continuous block of data or multiple scattered blocks of data. The acquisition method for this portion of data can be random or according to specific acquisition rules. Furthermore, there are no specific limitations on the size of this portion of data or its proportion within the total firmware data.

[0107] In some embodiments, the electronic device is specifically used to: randomly sample the firmware to obtain first random data in the firmware; obtain encrypted data corresponding to the first random data based on a preset encryption rule and the first random data; replace the first random data in the firmware with the encrypted data to obtain the encrypted firmware.

[0108] Step S203: If the firmware in the chip meets the preset download conditions, send the encrypted firmware to the chip.

[0109] Specifically, the electronic device can send encrypted firmware to the chip when the firmware in the chip meets preset download conditions. Decrypting the encrypted firmware before the chip starts up can greatly improve firmware security, ensure normal chip function, and prevent data leakage from the chip.

[0110] In some embodiments, the electronic device is specifically used to: send firmware information to the chip when the firmware in the chip meets preset download conditions, the firmware information including header information and the encrypted firmware, the header information including the location information, the location information being used to indicate the location of the encrypted data in the firmware.

[0111] In some embodiments, the firmware information further includes a first checksum. This first checksum can be used to verify the integrity of the firmware, thereby increasing the probability of secure firmware boot and further reducing the risk of booting the firmware after it has been corrupted.

[0112] In some embodiments, the electronic device is specifically used to: obtain the current version information corresponding to the firmware in the chip; compare the current version information with the target version information corresponding to the firmware in the electronic device; and determine that the firmware meets the preset download conditions when the current version information is inconsistent with the latest version information.

[0113] It should be noted that the descriptions of steps S201-S203 in the method embodiments described in this application can be found above. Figures 2-4 The descriptions of electronic devices in the system architecture embodiments shown are not repeated here in this application.

[0114] Based on the above Figures 2-4 The system architecture for secure firmware boot shown and the above-described secure firmware boot method are combined with the decryption method for secure firmware boot provided in this application.

[0115] Please see Figure 6 , Figure 6 This is a schematic flowchart of a decryption method for secure firmware boot provided in an embodiment of this application. Figure 6 The decryption method shown for secure firmware boot can be applied to the above. Figure 2 The specific details of each step in the chip described herein are as follows:

[0116] Step S301: Obtain the encrypted firmware.

[0117] Specifically, the chip can obtain encrypted firmware when firmware needs to be updated, downloaded, upgraded, or burned, such as receiving the encrypted firmware sent by the electronic device, so as to realize firmware update, download, upgrade, or burning.

[0118] Step S302: Decrypt the encrypted firmware to obtain the decrypted firmware.

[0119] Specifically, the encrypted data in the encrypted firmware is determined; based on the encrypted data and the preset decryption rule, the encrypted data in the encrypted firmware is decrypted to obtain second random data; the encrypted data in the encrypted firmware is replaced with the second random data to obtain the decrypted firmware.

[0120] In some embodiments, the chip is specifically used to: receive the firmware information sent by the electronic device; determine the encrypted data from the encrypted firmware based on the header information in the firmware information, wherein the position information in the header information can be used to indicate the position of the encrypted data in the encrypted firmware; and decrypt the encrypted firmware based on the encrypted data to obtain the decrypted firmware.

[0121] Step S303: Perform integrity verification on the decrypted firmware, and start the decrypted firmware after the verification is successful.

[0122] Specifically, the chip can also perform integrity verification on the decrypted firmware. If the verification passes, the decrypted firmware is started; if the verification fails, the startup of the decrypted firmware is paused. For example, the integrity of the decrypted firmware is verified based on a second verification code and a first verification code sent by the electronic device. If the second verification code matches the first verification code, the decrypted firmware is started.

[0123] It should be noted that the descriptions of steps S301-S303 in the method embodiments described in this application can be found above. Figures 2-4 The descriptions of the chips in the system architecture embodiments shown are not repeated here in this application.

[0124] This application also provides an electronic device, which includes one or more processors and one or more memories; wherein the one or more memories are coupled to the one or more processors, and the one or more memories are used to store computer program code, the computer program code including computer instructions, and when the one or more processors execute the computer instructions, the electronic device performs the above-mentioned functions. Figure 5 The method described in the illustrated embodiment.

[0125] This application embodiment also provides a chip, the chip including logic circuitry, the logic circuitry being used to support the chip in implementing the above-described... Figure 6 The method described in the illustrated embodiment.

[0126] This application also provides a computer program product containing instructions that, when run on an electronic device or chip, cause the electronic device or chip to perform the methods described in the above embodiments.

[0127] This application also provides a computer-readable storage medium including instructions that, when executed on an electronic device or chip, cause the electronic device or chip to perform the methods described in the above embodiments.

[0128] In the above embodiments, implementation can be achieved, in whole or in part, through software, hardware, firmware, or any combination thereof. When implemented in software, it can be implemented, in whole or in part, as a computer program product. The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on a computer, all or part of the processes or functions described in this application are generated. The computer can be a general-purpose computer, a special-purpose computer, a computer network, or other programmable device. The computer instructions can be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another. For example, the computer instructions can be transmitted from one website, computer, server, or data center to another website, computer, server, or data center via wired (e.g., coaxial cable, fiber optic, digital subscriber line) or wireless (e.g., infrared, wireless, microwave, etc.) means. The computer-readable storage medium can be any available medium accessible to a computer or a data storage device such as a server or data center that integrates one or more available media. The available medium can be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid-state drive).

[0129] Those skilled in the art will understand that all or part of the processes in the methods of the above embodiments can be implemented by a computer program instructing related hardware. This program can be stored in a computer-readable storage medium, and when executed, it can include the processes described in the above method embodiments. The aforementioned storage medium includes various media capable of storing program code, such as ROM or random access memory (RAM), magnetic disks, or optical disks.

[0130] In summary, the above description is merely an embodiment of the technical solution of this application and is not intended to limit the scope of protection of this application. Any modifications, equivalent substitutions, improvements, etc., made based on the disclosure of this application should be included within the scope of protection of this application.

Claims

1. A secure boot system for firmware, characterized in that, The system includes: electronic devices and chips; The electronic device is configured to: obtain a first verification code corresponding to the firmware based on a preset integrity verification rule, wherein the first verification code is used to verify the integrity of the firmware; randomly sample data of a second length from each first length of data in the firmware to obtain first random data in the firmware; encrypt the first random data based on a preset encryption rule to obtain encrypted data corresponding to the first random data; replace the first random data in the firmware with the encrypted data to obtain the encrypted firmware; wherein the first length is greater than the second length; The electronic device is also used to: store the encrypted firmware in the electronic device; The electronic device is further configured to: send firmware information to the chip when the latest version information of the firmware in the electronic device is inconsistent with the current version information of the firmware in the chip; the firmware information includes header information, the encrypted firmware and the first verification code, the header information includes position information, and the position information is used to indicate the position of the encrypted data in the data of the first length; The chip is used to: receive the firmware information sent by the electronic device; and store the firmware information in the flash memory of the chip; The chip is further configured to: during operation, obtain the firmware information from the flash memory; determine the encrypted data from the encrypted firmware based on the position information in the header information; decrypt the encrypted data in the encrypted firmware based on a preset decryption rule to obtain second random data; replace the encrypted data in the encrypted firmware with the second random data to obtain the decrypted firmware; obtain the second verification code corresponding to the decrypted firmware based on the preset integrity verification rule; compare the first verification code and the second verification code; and start the decrypted firmware when the second verification code matches the first verification code.

2. The system according to claim 1, characterized in that, The electronic device is specifically used for: If the latest version information of the firmware in the electronic device is inconsistent with the current version information of the firmware in the chip, firmware information is sent to the chip.

3. The system according to claim 1 or 2, characterized in that, The electronic device is specifically used for: Obtain the current version information corresponding to the firmware in the chip; The current version information is compared with the target version information corresponding to the firmware in the electronic device.

4. A secure boot method for firmware, characterized in that, The method is applied to a secure boot system, which includes electronic devices and chips; the method includes: The electronic device obtains the first verification code corresponding to the firmware based on a preset integrity verification rule. The first verification code is used to verify the integrity of the firmware. It then randomly samples data of a second length from each first length of data in the firmware to obtain first random data in the firmware. Based on a preset encryption rule, it encrypts the first random data to obtain encrypted data corresponding to the first random data. Finally, it replaces the first random data in the firmware with the encrypted data to obtain the encrypted firmware. The first length is greater than the second length. The electronic device stores the encrypted firmware in the electronic device; When the latest version information of the firmware in the electronic device is inconsistent with the current version information of the firmware in the chip, the electronic device sends firmware information to the chip; the firmware information includes header information, the encrypted firmware and the first verification code, the header information includes position information, the position information is used to indicate the position of the encrypted data in the data of the first length; The chip receives the encrypted firmware sent by the electronic device; and stores the firmware information in the flash memory of the chip. During operation, the chip retrieves the firmware information from the flash memory, determines the encrypted data from the encrypted firmware based on the position information in the header information, decrypts the encrypted data in the encrypted firmware according to a preset decryption rule to obtain second random data, replaces the encrypted data in the encrypted firmware with the second random data to obtain decrypted firmware, obtains a second verification code corresponding to the decrypted firmware based on the preset integrity verification rule, compares the first verification code and the second verification code, and starts the decrypted firmware when the second verification code matches the first verification code.

5. An encryption method for secure firmware boot, characterized in that, The method includes: Based on the preset integrity verification rules, the first verification code corresponding to the firmware is obtained, and the first verification code is used to verify the integrity of the firmware. For each first length of data in the firmware, a second length of data is randomly sampled to obtain the first random data in the firmware, where the first random data is a portion of the data in the firmware; the first length is greater than the second length. The first random data is encrypted based on a preset encryption rule to obtain the encrypted data corresponding to the first random data; Replace the first random data in the firmware with the encrypted data to obtain the encrypted firmware; Firmware information is stored in an electronic device. The firmware information includes header information, the encrypted firmware, and the first verification code. The header information includes position information, which is used to indicate the position of the encrypted data in data of the first length. If the latest version information of the firmware in the electronic device is inconsistent with the current version information of the firmware in the chip, the firmware information is output.

6. An electronic device, characterized in that, The electronic device includes one or more processors and one or more memories; wherein the one or more memories are coupled to the one or more processors, and the one or more memories are used to store computer program code, the computer program code including computer instructions, which, when executed by the one or more processors, cause the electronic device to perform the method as described in claim 4 or 5.

7. A chip, characterized in that, The chip includes logic circuitry, which supports the chip in implementing the method as described in claim 4.

8. A computer-readable storage medium comprising instructions, characterized in that, When the instructions are executed on an electronic device, the electronic device causes the electronic device to perform the method as described in claim 4 or 5.

9. A computer program product, characterized in that, The computer program product includes a computer program that, when executed by a computer or processor, causes the computer or processor to perform the method as described in claim 4 or 5.

Images