Firmware upgrading method, firmware upgrading device and chip
By obtaining and encrypting the image file of the encrypted partition during the firmware upgrade process, the problem of insufficient data security in firmware upgrades is solved, and secure upgrades of the encrypted partition are achieved.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- BEIJING SPREADTRUM HI TECH COMM TECH CO LTD
- Filing Date
- 2026-03-13
- Publication Date
- 2026-06-05
AI Technical Summary
There is a lack of effective methods in the current technology to improve data security during the firmware upgrade process.
By obtaining the target image file of the encrypted partition of the target firmware, mounting it in the target file node, encrypting the target configuration file using the key corresponding to the encrypted partition, obtaining the encrypted configuration file, and replacing the candidate configuration file to be upgraded, a secure firmware upgrade is achieved.
The data security of the encrypted partition in the firmware has been improved, ensuring data security during the firmware upgrade process.
Smart Images

Figure CN122152337A_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of firmware technology, and in particular to a firmware upgrade method, firmware upgrade device and chip. Background Technology
[0002] With the continuous development of integrated circuits, various types of integrated circuits are gradually being applied to production and daily life. Various integrated circuits can participate in production and daily life by being configured in electronic devices, providing great convenience for production and daily life. As electronic devices are deeply involved in production and daily life, data security of electronic devices has gradually attracted attention, among which data security during firmware upgrades has also gradually attracted attention.
[0003] Currently, there is a lack of technology to protect data security during firmware upgrades, in order to improve the security of data in firmware. Summary of the Invention
[0004] Therefore, it is necessary to provide a firmware upgrade method, firmware upgrade device, and chip that can improve data security during firmware upgrades, addressing the aforementioned technical problems.
[0005] In a first aspect, this application provides a firmware upgrade method applied to a terminal device. The method includes: obtaining a target image file of the encrypted partition of the target firmware; mounting the target image file to a target file node to obtain a target configuration file, and encrypting the target configuration file according to the key corresponding to the encrypted partition to obtain an encrypted configuration file; and replacing the candidate configuration file to be upgraded in the encrypted partition with the encrypted configuration file.
[0006] In one embodiment, mounting the target image file to a target file node to obtain a target configuration file includes: determining the upgrade mode of the target image file; and, in response to the upgrade mode, deploying the target image file to the target file node to obtain the target configuration file.
[0007] In one embodiment, in response to an upgrade mode, deploying the target image file to a target file node to obtain a target configuration file includes: in response to a full package upgrade mode included in the upgrade mode, deploying the target image file to a target file node to obtain a target configuration file; or, in response to a compressed full package upgrade mode included in the upgrade mode, decompressing the target image file to obtain a decompressed image file, and deploying the decompressed image file to a target file node to obtain a target configuration file.
[0008] In one embodiment, the target configuration file is encrypted according to the key corresponding to the encrypted partition to obtain an encrypted configuration file, including: the target configuration file is divided into blocks for encryption according to the key to obtain an encrypted configuration file, the encrypted configuration file including multiple encrypted configuration file blocks.
[0009] In one embodiment, the method further includes: decrypting the encrypted configuration file included in the upgraded encrypted partition to obtain a decrypted configuration file; exporting the decrypted configuration file to a target file node, and verifying the consistency between the decrypted configuration file and the target configuration file at the target file node to obtain a verification result; determining the upgrade result based on the verification result, the upgrade result being used to characterize whether the encrypted partition has been successfully upgraded.
[0010] In one embodiment, obtaining the target image file of the encrypted partition of the target firmware includes: receiving an encrypted upgrade package of the target firmware sent by the upgrade device; and decrypting the encrypted upgrade package to obtain the target image file.
[0011] The above firmware upgrade method first obtains the target image file of the encrypted partition of the target firmware, mounts the target image file to the target file node to obtain the target configuration file, migrates the target configuration file from the target file node to the encrypted partition, encrypts the target configuration file according to the key corresponding to the encrypted partition to obtain the encrypted configuration file, and uses the encrypted configuration file to replace the candidate configuration file to be upgraded in the encrypted partition, thereby realizing a secure firmware upgrade and improving the data security of the encrypted partition in the firmware.
[0012] Secondly, this application also provides a firmware upgrade device, comprising: a file acquisition module for acquiring a target image file of an encrypted partition of a target firmware; an encryption module for mounting the target image file to a target file node to obtain a target configuration file, and encrypting the target configuration file according to the key corresponding to the encrypted partition to obtain an encrypted configuration file; and a configuration module for replacing the candidate configuration file to be upgraded in the encrypted partition with the encrypted configuration file.
[0013] Thirdly, this application provides another firmware upgrade method for upgrading devices. The method includes: sending a target image file of the encrypted partition of the target firmware to a terminal device; wherein the target image file is used to enable the terminal device to mount the target image file in the target file node to obtain the target configuration file, encrypt the target configuration file according to the key of the encrypted partition, and replace the candidate configuration file to be upgraded in the encrypted partition with the encrypted configuration file.
[0014] In one embodiment, the target image file is carried in an encrypted upgrade package. Sending the target image file of the encrypted partition of the target firmware to the terminal device includes: obtaining the upgrade command for the encrypted partition and the target image file through an interactive interface; generating a firmware upgrade package based on the target image file and the encrypted partition identifier in response to the upgrade command; encrypting the firmware upgrade package to obtain an encrypted upgrade package, and sending the encrypted upgrade package to the terminal device. The file format of the encrypted upgrade package is a full package or a compressed full package.
[0015] The aforementioned firmware upgrade method involves the upgrade device sending a target image file of the encrypted partition to the terminal device, enabling the terminal device to obtain the target image file of the encrypted partition of the target firmware. The target image file is then mounted in the target file node to obtain the target configuration file. The target configuration file is then migrated from the target file node to the encrypted partition. The target configuration file is encrypted using the key corresponding to the encrypted partition to obtain the encrypted configuration file. The encrypted configuration file is then used to replace the candidate configuration file to be upgraded in the encrypted partition, thus achieving a secure firmware upgrade and improving the data security of the encrypted partition in the firmware.
[0016] Fourthly, this application provides another firmware upgrade device, including: a file sending module, used to send a target image file of the encrypted partition of the target firmware to a terminal device; wherein, the target image file is used to enable the terminal device to mount the target image file in the target file node to obtain the target configuration file, encrypt the target configuration file according to the key of the encrypted partition, and replace the candidate configuration file to be upgraded in the encrypted partition with the encrypted configuration file.
[0017] Fifthly, this application also provides a computer device, including a memory and a processor, wherein the memory stores a computer program, and the processor executes the computer program to implement the steps of the methods provided in the first and / or third aspects.
[0018] Sixthly, this application also provides a chip, including a processor and a communication interface, wherein the processor is configured to cause the chip to perform the steps of the methods provided in the first and / or third aspects described above.
[0019] In a seventh aspect, this application also provides a chip module, including a communication module, a power module, a storage module, and a chip, wherein: the power module is used to provide electrical energy to the chip module; the storage module is used to store data and instructions; the communication module is used to perform internal communication within the chip module, or to enable communication between the chip module and external devices; and the chip is used to perform the steps of the methods provided in the first and / or third aspects.
[0020] Eighthly, this application also provides a computer-readable storage medium having a computer program stored thereon, which, when executed by a processor, implements the steps of the methods provided in the first and / or third aspects.
[0021] Ninthly, this application also provides a computer program product, including a computer program that, when executed by a processor, implements the steps of the methods provided in the first and / or third aspects described above. Attached Figure Description
[0022] To more clearly illustrate the technical solutions in the embodiments of this application or related technologies, the drawings used in the description of the embodiments of this application or related technologies will be briefly introduced below. Obviously, the drawings described below are only some embodiments of this application. For those skilled in the art, other related drawings can be obtained based on these drawings without creative effort.
[0023] Figure 1 This is a diagram illustrating the application environment of a firmware upgrade method in one embodiment.
[0024] Figure 2 This is a flowchart illustrating a firmware upgrade method in one embodiment;
[0025] Figure 3 This is a flowchart illustrating the mounting steps of a target image file in one embodiment;
[0026] Figure 4 This is a flowchart illustrating step 302 in one embodiment;
[0027] Figure 5 This is a flowchart illustrating the steps for obtaining an encrypted configuration file in one embodiment;
[0028] Figure 6 This is a flowchart illustrating the consistency verification steps in one embodiment;
[0029] Figure 7 This is a flowchart illustrating the steps of receiving an encryption upgrade package in one embodiment;
[0030] Figure 8 This is a flowchart illustrating the firmware upgrade method in another embodiment;
[0031] Figure 9 This is a flowchart illustrating another firmware upgrade method in one embodiment;
[0032] Figure 10 This is a flowchart illustrating step 901 in one embodiment;
[0033] Figure 11 This is a structural block diagram of a firmware upgrade device in one embodiment;
[0034] Figure 12 This is a structural block diagram of another firmware upgrade device in one embodiment;
[0035] Figure 13 This is an internal structural diagram of a computer device in one embodiment;
[0036] Figure 14 This is an internal structure diagram of another computer device in one embodiment;
[0037] Figure 15 This is an internal structure diagram of a chip module in one embodiment. Detailed Implementation
[0038] To make the objectives, technical solutions, and advantages of this application clearer, the following detailed description is provided in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative and not intended to limit the scope of this application.
[0039] It should be noted that the terms "first," "second," etc., used in this application can be used to describe various elements, but these elements are not limited by these terms. These terms are only used to distinguish the first element from the second element. The terms "comprising" and "having," and any variations thereof, used in this application, are intended to cover non-exclusive inclusion. The term "multiple" used in this application refers to two or more. The term "and / or" used in this application refers to one of the embodiments, or any combination of multiple embodiments.
[0040] The firmware upgrade method provided in this application embodiment can be applied to, for example, Figure 1 The application environment shown includes at least upgrade device 101 and terminal device 102.
[0041] The upgrade device 101 is used to obtain the target image file of the encrypted partition of the target firmware and send the target image file to the terminal device 102. The upgrade device 101 can be a server, which can be a standalone physical server, a server cluster or distributed system composed of multiple physical servers, or a cloud server providing cloud computing services. The upgrade device 101 can also be configured with an interactive page, through which commands can be input. Chips / chip modules can be configured in the server to implement the above functions.
[0042] Terminal device 102 receives the target image file sent by upgrade device 101, mounts the target image file to the target file node to obtain the target configuration file, encrypts the target configuration file according to the key corresponding to the encrypted partition to obtain the encrypted configuration file, and replaces the candidate configuration file to be upgraded with the encrypted configuration file to complete the firmware upgrade. Terminal device 102 can be, but is not limited to, various personal computers, laptops, smartphones, tablets, drones, low-altitude aircraft, IoT devices, and portable wearable devices. IoT devices can be smart speakers, smart TVs, smart air conditioners, smart in-vehicle devices, projection devices, etc. Portable wearable devices can be smartwatches, smart bracelets, head-mounted devices, etc. Head-mounted devices can be virtual reality (VR) devices, augmented reality (AR) devices, smart glasses, etc. Terminal device 102 can be configured with chips / chip modules to implement the above functions.
[0043] In real-world scenarios, encrypted partitions are encrypted and decrypted in flash memory at runtime; the key cannot be obtained during compilation. Therefore, differential upgrades are not possible; only full package upgrades or compressed full package upgrades are possible. For the same reason, since the encrypted partition image file downloaded in the upgrade package is plaintext rather than encrypted ciphertext, the plaintext must be encrypted before being burned into the corresponding encrypted partition in flash memory. During execution, there are two types of encrypted partitions: one encrypted during compilation and the other encrypted at runtime. Compilation-time encryption uses a plaintext key, while runtime encryption offers better security. However, differential upgrades are not possible during runtime, and the encrypted partition image must be encrypted and written to flash memory during the upgrade process.
[0044] To address this, this application mounts the decrypted partition to a file node during runtime. During the upgrade, this file node is written in plaintext, then synchronously encrypted and written to flash memory. If the flash memory is large, it can be written in blocks. During execution, this application uses either a full package upgrade or a full package compressed upgrade to upgrade the encrypted partition. During runtime, the decrypted partition is mounted to a file node, and during the upgrade, this file node is written in plaintext, then synchronously encrypted and written to flash memory. If the file to be written to flash memory is very large, it can be written in blocks. If encryption is used during compilation, differential upgrades of the encrypted partition can be performed, but due to the public key, there is a security vulnerability. This application uses runtime encryption, which is more secure. However, the upgrade package contains plaintext, and network encryption can be used during transmission to ensure security. After downloading to the device, the user partition is encrypted, so there is actually no security vulnerability in the flash memory storage.
[0045] In one exemplary embodiment, such as Figure 2 As shown, a firmware upgrade method is provided, which can be applied to... Figure 1 Terminal devices or applications Figure 1 The following steps are used as an example of a chip / chip module with data processing capabilities, including steps 201 to 203.
[0046] Step 201: Obtain the target image file of the encrypted partition of the target firmware.
[0047] In this application, the target image file is an image file used for firmware upgrades. It can be used to upgrade configuration files in the firmware partition to achieve higher version functionality. Specifically, the target image file refers to an image file for the encrypted partition, and can be a full image file or a compressed full image file.
[0048] During implementation, the terminal device obtains the target image file of the encrypted partition of the target firmware; during execution, the target image file may be sent by the upgrade device, which can generate the target image file and send it to the terminal device, and the terminal device receives the target image file of the encrypted partition of the target firmware sent by the upgrade device.
[0049] Furthermore, the target image file can be included in an encrypted upgrade package, and the upgrade device can send the encrypted upgrade package to the terminal device; the terminal device can obtain the target image file contained in the encrypted upgrade package.
[0050] Step 202: Mount the target image file to the target file node to obtain the target configuration file, and encrypt the target configuration file according to the key corresponding to the encrypted partition to obtain the encrypted configuration file.
[0051] During implementation, since the data in the encrypted partition needs to be encrypted, the image file cannot be directly overwritten and deployed in the encrypted partition. Therefore, the terminal device can first mount the target image file in the target file node to obtain the target configuration file, and then encrypt the target configuration file according to the key corresponding to the encrypted partition to obtain the encrypted configuration file. The key of the encrypted partition is used to encrypt and decrypt the encrypted partition. This key is not stored in plaintext in a location accessible to ordinary software, but is protected by security mechanisms (such as hardware root of trust, secure boot process, key encapsulation, etc.) to ensure the security of the data in the encrypted partition.
[0052] During execution, after obtaining the target image file, it can be checked whether the target image file carries an encryption identifier. If it carries an encryption identifier, it means that the target image file is for upgrading the encrypted partition. If it does not carry an encryption identifier, it means that the target image file is for normal upgrading. Then, the upgrade can be performed according to the partition indicated in the target image file. Furthermore, the target image file may contain both encrypted partition upgrades and normal partition upgrades. In this case, the encrypted partition can be upgraded for the target image file with an encryption identifier, and the normal partition can be upgraded for the target image file without an encryption identifier.
[0053] Step 203: Replace the candidate configuration file to be upgraded in the encrypted partition with the encrypted configuration file.
[0054] During the implementation process, the terminal device uses the encrypted configuration file to replace the candidate configuration file to be upgraded in the encrypted partition until the candidate configuration file is completely replaced, so as to complete the upgrade process of the encrypted partition of the target firmware.
[0055] In the above firmware upgrade method, the target image file of the encrypted partition of the target firmware is first obtained, the target image file is mounted in the target file node to obtain the target configuration file, the target configuration file is migrated from the target file node to the encrypted partition, the target configuration file is encrypted according to the key corresponding to the encrypted partition to obtain the encrypted configuration file, and the candidate configuration file to be upgraded in the encrypted partition is replaced by the encrypted configuration file, thus realizing a secure firmware upgrade and improving the data security of the encrypted partition in the firmware.
[0056] Based on the above exemplary embodiment, the following provides a firmware upgrade method in one or more exemplary embodiments, which is applied to... Figure 1 Taking the terminal device in the example, the explanation includes the following content.
[0057] During file mounting, the target image file is deployed in a preset target file node to obtain the configuration file corresponding to the target image file. The target image file can carry the upgrade mode of the target image file, and deployment can be carried out according to the upgrade mode; in one optional implementation provided in this application, such as Figure 3 As shown, the mounting steps for the target image file include steps 301 to 302:
[0058] Step 301: Determine the upgrade mode of the target image file.
[0059] During implementation, the terminal device determines the upgrade mode of the target image file based on the identification information of the target image file; the upgrade mode is used to characterize the upgrade method of the target image file, and the upgrade mode may include the whole package upgrade mode and the compressed whole package upgrade mode.
[0060] Furthermore, the terminal device can first detect the upgrade mode of the target image file. If the upgrade mode is not the full package upgrade mode and / or the compressed full package upgrade mode, it can determine that the upgrade for the encrypted partition has failed.
[0061] Step 302: In response to the upgrade mode, deploy the target image file to the target file node to obtain the target configuration file.
[0062] During implementation, the terminal device responds to the upgrade mode, deploys the target image file in the target file node, and obtains the deployed target configuration file, i.e., the high version target configuration file.
[0063] One optional implementation method provided in this application, by setting an upgrade mode, can verify whether the upgrade of the encrypted partition is correct, and can accurately perform firmware upgrades according to the upgrade mode, thereby improving the reliability of firmware upgrades.
[0064] During the deployment of the target image file, deployment can be performed in either a full package upgrade mode or a compressed full package upgrade mode; one optional implementation provided in this application is as follows: Figure 4 As shown, step 302 includes either step 401 or step 402:
[0065] Step 401: In response to the full package upgrade mode included in the upgrade mode, deploy the target image file to the target file node to obtain the target configuration file.
[0066] During implementation, the terminal device responds to the full package upgrade mode, which includes the upgrade mode, and performs full package overlay deployment, deploying the target image file to the target file node to obtain the target configuration file; wherein, the target file node can be an empty folder to avoid affecting the original configuration file.
[0067] Step 402: In response to the compressed package upgrade mode included in the upgrade mode, the target image file is decompressed to obtain a decompressed image file, and the decompressed image file is deployed in the target file node to obtain the target configuration file.
[0068] During implementation, the terminal device responds to the upgrade mode, which includes the compressed package upgrade mode, by first decompressing the target image file to obtain the decompressed image file, and then deploying the decompressed image file to the target file node to obtain the target configuration file.
[0069] One optional implementation provided in this application deploys the target image file by responding to different upgrade modes. The target image file can be created according to the characteristics of different terminal devices and different firmware, thereby improving the flexibility of firmware upgrades.
[0070] In the process of obtaining the encrypted configuration file, there is a possibility that the target configuration file is too large to be written all at once. To address this, the target configuration file can be divided into blocks for encryption, resulting in multiple encrypted configuration file blocks. One optional implementation provided in this application is as follows: Figure 5 As shown, the steps to obtain the encrypted configuration file include step 501:
[0071] Step 501: Perform block encryption on the target configuration file according to the key to obtain the encrypted configuration file.
[0072] During implementation, the terminal device uses the key of the encrypted partition to perform block encryption on the target configuration file to obtain an encrypted configuration file; the encrypted configuration file includes multiple encrypted configuration file blocks.
[0073] During execution, the terminal device can first divide the target configuration file into blocks to obtain multiple file blocks, and then encrypt each file block according to the key to obtain multiple encrypted configuration file blocks; or, the terminal can first encrypt the target configuration file to obtain an encrypted configuration file, and then divide the encrypted configuration file into blocks to obtain multiple encrypted configuration file blocks.
[0074] One optional implementation provided in this application improves the flexibility of firmware upgrades by performing block encryption on the target configuration file, which is suitable for terminal devices / firmware with small encryption partitions or small storage space.
[0075] In real-world scenarios, data loss or errors may occur during the encryption process. To address this, the encryption configuration file in the encrypted partition can be compared with the target configuration file for consistency verification, and the upgrade result can be determined based on the verification result. One optional implementation provided in this application is as follows: Figure 6 As shown, the method further includes steps 601 to 603:
[0076] Step 601: Decrypt the encrypted configuration files included in the upgraded encrypted partition to obtain the decrypted configuration files.
[0077] During implementation, the terminal device extracts the encrypted configuration file included in the upgraded encrypted partition and decrypts the encrypted configuration file to obtain the decrypted configuration file.
[0078] Step 602: Export the decrypted configuration file to the target file node, and verify the consistency between the decrypted configuration file and the target configuration file on the target file node to obtain the verification result.
[0079] During implementation, the terminal device exports the decrypted configuration file to the target file node, and verifies the consistency between the decrypted configuration file and the target configuration file at the target file node to detect whether the decrypted configuration file and the target configuration file are consistent and obtain the verification result.
[0080] Here, it is only necessary to verify the consistency between the decrypted configuration file and the target configuration file; it is not necessary to export the decrypted configuration file to the target file node and verify it on the target file node.
[0081] Step 603: Determine the upgrade result based on the verification result.
[0082] During the implementation process, if the verification results are consistent, the upgrade result is determined to be successful; if the verification results are inconsistent, the upgrade result is determined to be unsuccessful. The upgrade result is used to indicate whether the encrypted partition has been successfully upgraded.
[0083] One optional implementation provided in this application avoids data errors during the upgrade process by verifying the consistency between the encrypted configuration file and the target configuration file, thereby improving the reliability of the encrypted partition upgrade of the firmware and thus enhancing data security.
[0084] In real-world scenarios, there may be multiple target image files. To address this, the upgrade device can create a firmware upgrade package including the target image files and send the firmware upgrade package to the terminal device. Furthermore, the firmware upgrade package can be encrypted before being sent to the terminal device. In one optional implementation provided by this application, such as... Figure 7 As shown, the method further includes steps 701 to 702:
[0085] Step 701: Receive the encrypted upgrade package of the target firmware sent by the upgrade device.
[0086] During implementation, the upgrade device first generates a firmware upgrade package including the target image file, encrypts the firmware upgrade package to obtain an encrypted upgrade package, and sends the encrypted upgrade package to the terminal device; the terminal device receives the encrypted upgrade package of the target firmware sent by the upgrade device.
[0087] Step 702: Decrypt the encrypted upgrade package to obtain the target image file.
[0088] During implementation, the terminal device decrypts the encrypted upgrade package to obtain the decrypted target image file.
[0089] In one optional implementation provided by this application, the security of the target image file is ensured during the encryption process by encrypting the target image file before transmission, thereby improving the security of firmware upgrades.
[0090] It should be noted that the firmware upgrade method provided in one or more of the above embodiments can be applied to terminal devices, and the firmware upgrade method provided in one or more of the following embodiments can be applied to upgrade devices. The two can be used in conjunction with each other. Therefore, when reading the above firmware upgrade method, you can refer to another firmware upgrade method provided in the following embodiments. Correspondingly, when reading the following other firmware upgrade method, you can refer to the above firmware upgrade method.
[0091] In one embodiment, see Figure 8 The document illustrates a flowchart of a firmware upgrade method provided in an embodiment of this application, which can be applied to... Figure 1 In the terminal device shown. For example... Figure 8 As shown, the firmware upgrade method may include the following steps:
[0092] Step 801: Receive the encrypted upgrade package of the target firmware sent by the upgrade device.
[0093] Step 802: Decrypt the encrypted upgrade package to obtain the target image file.
[0094] Step 803: Determine the upgrade mode of the target image file; in response to the upgrade mode, deploy the target image file to the target file node to obtain the target configuration file.
[0095] Optionally, the upgrade modes include full package upgrade mode and compressed full package upgrade mode.
[0096] Step 804: Perform block encryption on the target configuration file according to the key to obtain the encrypted configuration file.
[0097] Optionally, the encrypted configuration file may include multiple encrypted configuration file blocks.
[0098] Step 805: Replace the candidate configuration file to be upgraded in the encrypted partition with the encrypted configuration file.
[0099] Step 806: Decrypt the encrypted configuration files included in the upgraded encrypted partition to obtain the decrypted configuration files.
[0100] Step 807: Export the decrypted configuration file to the target file node, and verify the consistency between the decrypted configuration file and the target configuration file on the target file node to obtain the verification result.
[0101] Step 808: Determine the upgrade result based on the verification result. The upgrade result is used to indicate whether the encrypted partition has been successfully upgraded.
[0102] It should be noted that any one or more of steps 801 to 808 can be combined to form a new implementation method according to the needs of implementation and deployment. Furthermore, any one or more technical features in the technical solution composed of steps 801 to 808 can also be combined to form a new implementation method according to the actual deployment needs, or technical features in one or more optional implementations provided by one or more of the above embodiments can be combined to form a new implementation method. These will not be elaborated on here.
[0103] In one exemplary embodiment, such as Figure 9 As shown, another firmware upgrade method is provided, which can be applied to Figure 1 Upgraded equipment or applications Figure 1 Taking a chip / chip module with data processing capabilities as an example, the following steps are included: 901.
[0104] Step 901: Send the target image file of the encrypted partition of the target firmware to the terminal device.
[0105] The target image file is used to enable the terminal device to mount the target image file to the target file node to obtain the target configuration file, encrypt the target configuration file according to the key of the encrypted partition, and replace the candidate configuration file to be upgraded in the encrypted partition with the encrypted configuration file.
[0106] During implementation, the upgrade device generates a target image file containing an encrypted partition of the target firmware and sends the target image file to the terminal device. During execution, the upgrade device can also package the target image file into a firmware upgrade package and send it to the terminal device.
[0107] The other firmware upgrade method described above involves the upgrade device sending a target image file of the encrypted partition to the terminal device, enabling the terminal device to obtain the target image file of the encrypted partition of the target firmware. The target image file is then mounted in the target file node to obtain the target configuration file. The target configuration file is then migrated from the target file node to the encrypted partition. The target configuration file is encrypted using the key corresponding to the encrypted partition to obtain the encrypted configuration file. The encrypted configuration file is then used to replace the candidate configuration file to be upgraded in the encrypted partition, thus achieving a secure firmware upgrade and improving the data security of the encrypted partition in the firmware.
[0108] Furthermore, during the process of sending the target image file, the upgrade device can also package the target image file into a firmware upgrade package, encrypt the firmware upgrade package to obtain an encrypted upgrade package, and send the encrypted upgrade package to the terminal device; in one optional implementation provided by this application, such as Figure 10 As shown, step 901 includes steps 1001 to 1003:
[0109] Step 1001: Obtain the upgrade instructions and target image file for the encrypted partition through the interactive interface.
[0110] During implementation, users can input upgrade instructions and target image files for the encrypted partition through the interactive page; the upgrade device can obtain the upgrade instructions and target image files for the encrypted partition input through the interactive interface.
[0111] Step 1002: In response to the upgrade command, generate a firmware upgrade package based on the target image file and the encrypted partition identifier.
[0112] During implementation, the upgrade device responds to the upgrade command and generates a firmware upgrade package based on the target image file and the encrypted partition identifier. During execution, the target image file can be written into the firmware upgrade package, and the firmware upgrade package can be marked with the encrypted partition identifier.
[0113] Step 1003: Encrypt the firmware upgrade package to obtain an encrypted upgrade package, and send the encrypted upgrade package to the terminal device.
[0114] During implementation, the upgrade device encrypts the firmware upgrade package to obtain an encrypted upgrade package, and sends the encrypted upgrade package to the terminal device; the encrypted upgrade package can be a full package or a compressed full package.
[0115] One optional implementation provided in this application is to obtain an encrypted upgrade package by encrypting the firmware upgrade package, and then send the encrypted upgrade package to the terminal device, thereby ensuring the security of the upgrade package during transmission and improving the data security of the firmware upgrade.
[0116] It should be understood that although the steps in the flowcharts of the embodiments described above are shown sequentially according to the arrows, these steps are not necessarily executed in the order indicated by the arrows. Unless explicitly stated herein, there is no strict order restriction on the execution of these steps, and they can be executed in other orders. Moreover, at least some steps in the flowcharts of the embodiments described above may include multiple steps or multiple stages. These steps or stages are not necessarily completed at the same time, but can be executed at different times. The execution order of these steps or stages is not necessarily sequential, but can be performed alternately or in turn with other steps or at least some of the steps or stages in other steps. It is understood that the steps in different embodiments can be freely combined as needed, and all non-contradictory solutions formed by such combinations are within the scope of protection of this application.
[0117] Based on the same inventive concept, this application also provides a firmware upgrade apparatus for implementing the firmware upgrade method described above. This apparatus can be applied to or integrated into a chip or chip module, for example. The solution provided by this apparatus is similar to the implementation scheme described in the above method; therefore, the specific limitations in one or more firmware upgrade apparatus embodiments provided below can be found in the limitations of the firmware upgrade method described above, and will not be repeated here.
[0118] In one exemplary embodiment, such as Figure 11 As shown, a firmware upgrade device is provided, including: a file acquisition module 1101, an encryption module 1102, and a configuration module 1103, wherein: the file acquisition module 1101 is used to acquire the target image file of the encrypted partition of the target firmware; the encryption module 1102 is used to mount the target image file to the target file node to obtain the target configuration file, and encrypt the target configuration file according to the key corresponding to the encrypted partition to obtain the encrypted configuration file; the configuration module 1103 is used to replace the candidate configuration file to be upgraded in the encrypted partition with the encrypted configuration file.
[0119] In one embodiment, the encryption module 1102 includes a first mounting unit and a second mounting unit, wherein: the first mounting unit is used to determine the upgrade mode of the target image file; and the second mounting unit is used to deploy the target image file in the target file node in response to the upgrade mode to obtain the target configuration file.
[0120] In one embodiment, the second mounting unit includes a third mounting unit or a fourth mounting unit, wherein: the third mounting unit is used to deploy the target image file to the target file node to obtain the target configuration file in response to the full package upgrade mode included in the upgrade mode; the fourth mounting unit is used to decompress the target image file to obtain a decompressed image file in response to the compressed full package upgrade mode included in the upgrade mode, and deploy the decompressed image file to the target file node to obtain the target configuration file.
[0121] In one embodiment, the encryption module 1102 further includes a block encryption unit, wherein the block encryption unit is used to perform block encryption processing on the target configuration file according to the key to obtain an encrypted configuration file, the encrypted configuration file including multiple encrypted configuration file blocks.
[0122] In one embodiment, the apparatus further includes a decryption module, a verification module, and an upgrade module, wherein: the decryption module is used to decrypt the encrypted configuration file included in the upgraded encrypted partition to obtain a decrypted configuration file; the verification module is used to export the decrypted configuration file to a target file node and verify the consistency between the decrypted configuration file and the target configuration file at the target file node to obtain a verification result; the upgrade module is used to determine the upgrade result based on the verification result, and the upgrade result is used to characterize whether the encrypted partition has been successfully upgraded.
[0123] In one embodiment, the file acquisition module includes an upgrade package acquisition unit and a file acquisition unit, wherein: the upgrade package acquisition unit is used to receive an encrypted upgrade package of the target firmware sent by the upgrade device; and the file acquisition unit is used to decrypt the encrypted upgrade package to obtain the target image file.
[0124] Based on the same inventive concept, this application also provides another firmware upgrade apparatus for implementing the aforementioned firmware upgrade method. This apparatus can be applied to or integrated into a chip or chip module, for example. The solution provided by this apparatus is similar to the implementation described in the above method; therefore, the specific limitations in one or more firmware upgrade apparatus embodiments provided below can be found in the limitations of the firmware upgrade method described above, and will not be repeated here.
[0125] In one exemplary embodiment, such as Figure 12 As shown, a firmware upgrade device is provided, including: a file sending module 1201, used to send a target image file of the encrypted partition of the target firmware to a terminal device; wherein, the target image file is used to enable the terminal device to mount the target image file in the target file node to obtain the target configuration file, encrypt the target configuration file according to the key of the encrypted partition, and replace the candidate configuration file to be upgraded in the encrypted partition with the encrypted configuration file.
[0126] In one embodiment, the file sending module 1201 includes an interaction unit, an instruction response unit, and a sending unit, wherein: the interaction unit is used to obtain the upgrade instruction for the encrypted partition and the target image file through the interactive interface; the instruction response unit is used to generate a firmware upgrade package in response to the upgrade instruction, based on the target image file and the encrypted partition identifier; the sending unit is used to encrypt the firmware upgrade package to obtain an encrypted upgrade package, and send the encrypted upgrade package to the terminal device, wherein the file format of the encrypted upgrade package is a full package or a compressed full package.
[0127] Regarding the modules / units included in the various devices and products described in the above embodiments, they can be software modules / units, hardware modules / units, or a combination of both. For example, for various devices and products applied to or integrated into a chip, all of their modules / units can be implemented using hardware methods such as circuits, or at least some modules / units can be implemented using software programs that run on a processor integrated within the chip, while the remaining (if any) modules / units can be implemented using hardware methods such as circuits; for various devices and products applied to or integrated into a chip module, all of their modules / units can be implemented using hardware methods such as circuits, and different modules / units can be located in the same component (e.g., chip, circuit module, etc.) or different components of the chip module, or at least some modules / units can be implemented using hardware methods such as circuits. The components can be implemented using software programs that run on the processor integrated within the chip module. The remaining (if any) modules / units can be implemented using hardware methods such as circuits. For various devices and products applied to or integrated into the terminal, each of its components / units can be implemented using hardware methods such as circuits. Different modules / units can be located in the same component (e.g., chip, circuit module, etc.) or in different components within the terminal. Alternatively, at least some modules / units can be implemented using software programs that run on the processor integrated within the terminal, while the remaining (if any) modules / units can be implemented using hardware methods such as circuits.
[0128] In one exemplary embodiment, a computer device is provided, which may be a terminal, and its internal structure diagram may be as follows: Figure 13As shown, the computer device includes a processor, memory, input / output interfaces, a communication interface, a display unit, and an input device. The processor, memory, and input / output interfaces are connected via a system bus, and the communication interface, display unit, and input device are also connected to the system bus via the input / output interfaces. The processor provides computing and control capabilities. The memory includes non-volatile storage media and internal memory. The non-volatile storage media stores the operating system and computer programs. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The input / output interfaces are used for exchanging information between the processor and external devices. The communication interface is used for wired or wireless communication with external terminals; wireless communication can be achieved through Wi-Fi, mobile cellular networks, Near Field Communication (NFC), or other technologies. When the computer program is executed by the processor, it implements a firmware upgrade method. The display unit is used to form a visually visible image and can be a display screen, a projection device, or a virtual reality imaging device. The display screen can be an LCD screen or an e-ink screen. The input device of the computer device can be a touch layer covering the display screen, or buttons, trackballs, or touchpads set on the casing of the computer device, or external keyboards, touchpads, or mice, etc.
[0129] Those skilled in the art will understand that Figure 13 The structure shown is merely a block diagram of a portion of the structure related to the present application and does not constitute a limitation on the computer device to which the present application is applied. Specific computer devices may include more or fewer components than those shown in the figure, or combine certain components, or have different component arrangements.
[0130] In one exemplary embodiment, a computer device is provided, including a memory and a processor. The memory stores a computer program, and the processor executes the computer program to perform the following steps: obtaining a target image file of an encrypted partition of a target firmware; mounting the target image file to a target file node to obtain a target configuration file, and encrypting the target configuration file according to the key corresponding to the encrypted partition to obtain an encrypted configuration file; and replacing the candidate configuration file to be upgraded in the encrypted partition with the encrypted configuration file.
[0131] In one embodiment, when the processor executes the computer program, it further performs the following steps: determining the upgrade mode of the target image file; and in response to the upgrade mode, deploying the target image file in the target file node to obtain the target configuration file.
[0132] In one embodiment, when the processor executes the computer program, it further performs the following steps: in response to a full package upgrade mode included in the upgrade mode, deploying the target image file to the target file node to obtain the target configuration file; or, in response to a compressed full package upgrade mode included in the upgrade mode, decompressing the target image file to obtain a decompressed image file, and deploying the decompressed image file to the target file node to obtain the target configuration file.
[0133] In one embodiment, when the processor executes the computer program, it further performs the following steps: performing block encryption on the target configuration file according to the key to obtain an encrypted configuration file, the encrypted configuration file including multiple encrypted configuration file blocks.
[0134] In one embodiment, when the processor executes the computer program, it further performs the following steps: decrypting the encrypted configuration file included in the upgraded encrypted partition to obtain a decrypted configuration file; exporting the decrypted configuration file to a target file node, and verifying the consistency between the decrypted configuration file and the target configuration file at the target file node to obtain a verification result; determining the upgrade result based on the verification result, which is used to characterize whether the encrypted partition has been successfully upgraded.
[0135] In one embodiment, when the processor executes the computer program, it further performs the following steps: receiving an encrypted upgrade package of the target firmware sent by the upgrade device; decrypting the encrypted upgrade package to obtain the target image file.
[0136] In one exemplary embodiment, another computer device is provided, which may be a server, and its internal structure diagram may be as follows: Figure 14 As shown, this computer device includes a processor, memory, input / output interfaces (I / O), and a communication interface. The processor, memory, and I / O interfaces are connected via a system bus, and the communication interface is also connected to the system bus via the I / O interfaces. The processor provides computing and control capabilities. The memory includes non-volatile storage media and internal memory. The non-volatile storage media stores the operating system, computer programs, and a database. The internal memory provides the environment for the operation of the operating system and computer programs stored in the non-volatile storage media. The database stores firmware upgrade data. The I / O interfaces are used for exchanging information between the processor and external devices. The communication interface is used for communicating with external terminals via a network connection. When the computer program is executed by the processor, it implements an alternative firmware upgrade method.
[0137] Those skilled in the art will understand that Figure 14The structure shown is merely a block diagram of a portion of the structure related to the present application and does not constitute a limitation on the computer device to which the present application is applied. Specific computer devices may include more or fewer components than those shown in the figure, or combine certain components, or have different component arrangements.
[0138] In one exemplary embodiment, a computer device is provided, including a memory and a processor. The memory stores a computer program, and the processor executes the computer program to perform the following steps: sending a target image file of an encrypted partition of a target firmware to a terminal device; wherein the target image file is used to enable the terminal device to mount the target image file in a target file node to obtain a target configuration file, encrypt the target configuration file according to the key of the encrypted partition, and replace the candidate configuration file to be upgraded in the encrypted partition with the encrypted configuration file.
[0139] In one embodiment, when the processor executes the computer program, it further performs the following steps: obtaining an upgrade instruction and a target image file for the encrypted partition through an interactive interface; generating a firmware upgrade package based on the target image file and the encrypted partition identifier in response to the upgrade instruction; encrypting the firmware upgrade package to obtain an encrypted upgrade package, and sending the encrypted upgrade package to the terminal device, wherein the encrypted upgrade package is in the form of a full package or a compressed full package.
[0140] Based on the same inventive concept, this application also provides a chip, including a processor and a communication interface; the communication interface is used to receive or send data; the processor is configured to cause the chip to perform the following steps: obtain a target image file of the encrypted partition of the target firmware; mount the target image file in the target file node to obtain a target configuration file, and encrypt the target configuration file according to the key corresponding to the encrypted partition to obtain an encrypted configuration file; replace the candidate configuration file to be upgraded in the encrypted partition with the encrypted configuration file.
[0141] In one embodiment, the processor is configured to cause the chip to perform the following steps: determine the upgrade mode of the target image file; and, in response to the upgrade mode, deploy the target image file in a target file node to obtain a target configuration file.
[0142] In one embodiment, the processor is configured to cause the chip to perform the following steps: in response to a full package upgrade mode included in the upgrade mode, deploying the target image file to a target file node to obtain a target configuration file; or, in response to a compressed full package upgrade mode included in the upgrade mode, decompressing the target image file to obtain a decompressed image file, and deploying the decompressed image file to a target file node to obtain a target configuration file.
[0143] In one embodiment, the processor is configured to cause the chip to perform the following steps: block encryption of a target configuration file according to a key to obtain an encrypted configuration file, the encrypted configuration file comprising multiple encrypted configuration file blocks.
[0144] In one embodiment, the processor is configured to cause the chip to perform the following steps: decrypting the encrypted configuration file included in the upgraded encrypted partition to obtain a decrypted configuration file; exporting the decrypted configuration file to a target file node and verifying the consistency between the decrypted configuration file and the target configuration file at the target file node to obtain a verification result; determining the upgrade result based on the verification result, the upgrade result being used to characterize whether the encrypted partition has been successfully upgraded.
[0145] In one embodiment, the processor is configured to cause the chip to perform the following steps: receiving an encrypted upgrade package of the target firmware sent by the upgrade device; and decrypting the encrypted upgrade package to obtain a target image file.
[0146] Based on the same inventive concept, this application also provides another chip, including a processor and a communication interface; the communication interface is used to receive or send data; the processor is configured to cause the chip to perform the following steps: sending a target image file of the encrypted partition of the target firmware to a terminal device; wherein, the target image file is used to enable the terminal device to mount the target image file in a target file node to obtain a target configuration file, encrypt the target configuration file according to the key of the encrypted partition, and replace the candidate configuration file to be upgraded in the encrypted partition with the encrypted configuration file.
[0147] In one embodiment, the processor is configured to cause the chip to perform the following steps: obtaining an upgrade instruction and a target image file for the encrypted partition through an interactive interface; generating a firmware upgrade package based on the target image file and the encrypted partition identifier in response to the upgrade instruction; encrypting the firmware upgrade package to obtain an encrypted upgrade package, and sending the encrypted upgrade package to the terminal device, wherein the encrypted upgrade package is in the form of a full package or a compressed full package.
[0148] It is understood that the chip involved in the embodiments of this application may be a field-programmable gate array (FPGA), may be an application-specific integrated circuit (ASIC), may be a system on chip (SoC), may be a central processor unit (CPU), may be a network processor (NP), may be a digital signal processor (DSP), may be a microcontroller unit (MCU), may be a programmable logic device (PLD), or other integrated chips, etc.
[0149] Based on the same inventive concept, this application also provides a chip module, such as... Figure 15 As shown, the chip module includes a communication module, a power module, a storage module, and a chip. Among them:
[0150] The power module is used to provide power to the chip module; the storage module is used to store data and instructions; the communication module is used for internal communication within the chip module, or for communication between the chip module and external devices; this chip corresponds to the chip in the above chip embodiment.
[0151] The implementation method of this chip module can be found in the relevant content of the above chip embodiment, and will not be repeated here.
[0152] In one embodiment, a computer-readable storage medium is provided, on which a computer program is stored. When the computer program is executed by a processor, it performs the following steps: obtaining a target image file of the encrypted partition of the target firmware; mounting the target image file to a target file node to obtain a target configuration file, and encrypting the target configuration file according to the key corresponding to the encrypted partition to obtain an encrypted configuration file; and replacing the candidate configuration file to be upgraded in the encrypted partition with the encrypted configuration file.
[0153] In one embodiment, when the processor executes the computer program, it further performs the following steps: determining the upgrade mode of the target image file; and in response to the upgrade mode, deploying the target image file in the target file node to obtain the target configuration file.
[0154] In one embodiment, when the processor executes the computer program, it further performs the following steps: in response to a full package upgrade mode included in the upgrade mode, deploying the target image file to the target file node to obtain the target configuration file; or, in response to a compressed full package upgrade mode included in the upgrade mode, decompressing the target image file to obtain a decompressed image file, and deploying the decompressed image file to the target file node to obtain the target configuration file.
[0155] In one embodiment, when the processor executes the computer program, it further performs the following steps: performing block encryption on the target configuration file according to the key to obtain an encrypted configuration file, the encrypted configuration file including multiple encrypted configuration file blocks.
[0156] In one embodiment, when the processor executes the computer program, it further performs the following steps: decrypting the encrypted configuration file included in the upgraded encrypted partition to obtain a decrypted configuration file; exporting the decrypted configuration file to a target file node, and verifying the consistency between the decrypted configuration file and the target configuration file at the target file node to obtain a verification result; determining the upgrade result based on the verification result, which is used to characterize whether the encrypted partition has been successfully upgraded.
[0157] In one embodiment, when the processor executes the computer program, it further performs the following steps: receiving an encrypted upgrade package of the target firmware sent by the upgrade device; decrypting the encrypted upgrade package to obtain the target image file.
[0158] In one embodiment, another computer-readable storage medium is provided, on which a computer program is stored. When the computer program is executed by a processor, it performs the following steps: sending a target image file of the encrypted partition of the target firmware to a terminal device; wherein the target image file is used to enable the terminal device to mount the target image file in a target file node to obtain a target configuration file, encrypt the target configuration file according to the key of the encrypted partition, and replace the candidate configuration file to be upgraded in the encrypted partition with the encrypted configuration file.
[0159] In one embodiment, when the processor executes the computer program, it further performs the following steps: obtaining an upgrade instruction and a target image file for the encrypted partition through an interactive interface; generating a firmware upgrade package based on the target image file and the encrypted partition identifier in response to the upgrade instruction; encrypting the firmware upgrade package to obtain an encrypted upgrade package, and sending the encrypted upgrade package to the terminal device, wherein the encrypted upgrade package is in the form of a full package or a compressed full package.
[0160] In one embodiment, a computer program product is provided, including a computer program that, when executed by a processor, performs the following steps: obtaining a target image file of an encrypted partition of a target firmware; mounting the target image file to a target file node to obtain a target configuration file, and encrypting the target configuration file according to the key corresponding to the encrypted partition to obtain an encrypted configuration file; and replacing the candidate configuration file to be upgraded in the encrypted partition with the encrypted configuration file.
[0161] In one embodiment, when the processor executes the computer program, it further performs the following steps: determining the upgrade mode of the target image file; and in response to the upgrade mode, deploying the target image file in the target file node to obtain the target configuration file.
[0162] In one embodiment, when the processor executes the computer program, it further performs the following steps: in response to a full package upgrade mode included in the upgrade mode, deploying the target image file to the target file node to obtain the target configuration file; or, in response to a compressed full package upgrade mode included in the upgrade mode, decompressing the target image file to obtain a decompressed image file, and deploying the decompressed image file to the target file node to obtain the target configuration file.
[0163] In one embodiment, when the processor executes the computer program, it further performs the following steps: performing block encryption on the target configuration file according to the key to obtain an encrypted configuration file, the encrypted configuration file including multiple encrypted configuration file blocks.
[0164] In one embodiment, when the processor executes the computer program, it further performs the following steps: decrypting the encrypted configuration file included in the upgraded encrypted partition to obtain a decrypted configuration file; exporting the decrypted configuration file to a target file node, and verifying the consistency between the decrypted configuration file and the target configuration file at the target file node to obtain a verification result; determining the upgrade result based on the verification result, which is used to characterize whether the encrypted partition has been successfully upgraded.
[0165] In one embodiment, when the processor executes the computer program, it further performs the following steps: receiving an encrypted upgrade package of the target firmware sent by the upgrade device; decrypting the encrypted upgrade package to obtain the target image file.
[0166] In one embodiment, another computer program product is provided, including a computer program that, when executed by a processor, performs the following steps: sending a target image file of an encrypted partition of a target firmware to a terminal device; wherein the target image file is used to enable the terminal device to mount the target image file in a target file node to obtain a target configuration file, encrypt the target configuration file according to the key of the encrypted partition, and replace the candidate configuration file to be upgraded in the encrypted partition with the encrypted configuration file.
[0167] In one embodiment, when the processor executes the computer program, it further performs the following steps: obtaining an upgrade instruction and a target image file for the encrypted partition through an interactive interface; generating a firmware upgrade package based on the target image file and the encrypted partition identifier in response to the upgrade instruction; encrypting the firmware upgrade package to obtain an encrypted upgrade package, and sending the encrypted upgrade package to the terminal device, wherein the encrypted upgrade package is in the form of a full package or a compressed full package.
[0168] It should be noted that the user information (including but not limited to user device information, user personal information, etc.) and data (including but not limited to data used for analysis, data stored, data displayed, etc.) involved in this application are all information and data authorized by the user or fully authorized by all parties, and the collection, use and processing of the relevant data must comply with relevant regulations.
[0169] Those skilled in the art will understand that all or part of the processes in the methods of the above embodiments can be implemented by a computer program instructing related hardware. The computer program can be stored in a non-volatile computer-readable storage medium, and when executed, it can include the processes of the embodiments of the above methods. Any references to memory, databases, or other media used in the embodiments provided in this application can include at least one of non-volatile memory and volatile memory. Non-volatile memory can include read-only memory (ROM), magnetic tape, floppy disk, flash memory, optical memory, high-density embedded non-volatile memory, resistive random access memory (ReRAM), magnetic random access memory (MRAM), ferroelectric random access memory (FRAM), phase change memory (PCM), graphene memory, etc. Volatile memory can include random access memory (RAM) or external cache memory, etc. By way of illustration and not limitation, RAM can take many forms, such as Static Random Access Memory (SRAM) or Dynamic Random Access Memory (DRAM). The databases involved in the embodiments provided in this application may include at least one type of relational database and non-relational database. Non-relational databases may include, but are not limited to, blockchain-based distributed databases. The processors involved in the embodiments provided in this application may be general-purpose processors, central processing units, graphics processing units, digital signal processors, programmable logic devices, quantum computing-based data processing logic devices, artificial intelligence (AI) processors, etc., and are not limited to these.
[0170] The technical features of the above embodiments can be combined in any way. For the sake of brevity, not all possible combinations of the technical features in the above embodiments are described. However, as long as there is no contradiction in the combination of these technical features, they should be considered to be within the scope of this application.
[0171] The embodiments described above are merely illustrative of several implementation methods of this application, and while the descriptions are specific and detailed, they should not be construed as limiting the scope of this patent application. It should be noted that those skilled in the art can make various modifications and improvements without departing from the concept of this application, and these all fall within the protection scope of this application. Therefore, the protection scope of this application should be determined by the appended claims.
Claims
1. A firmware upgrade method, characterized in that, Applied to a terminal device, the method includes: Obtain the target image file of the encrypted partition of the target firmware; The target image file is mounted into the target file node to obtain the target configuration file, and the target configuration file is encrypted according to the key corresponding to the encrypted partition to obtain the encrypted configuration file; Replace the candidate configuration file to be upgraded in the encrypted partition with the encrypted configuration file.
2. The method according to claim 1, characterized in that, The step of mounting the target image file into the target file node to obtain the target configuration file includes: Determine the upgrade mode of the target image file; In response to the upgrade mode, the target image file is deployed in the target file node to obtain the target configuration file.
3. The method according to claim 2, characterized in that, In response to the upgrade mode, the target image file is deployed to the target file node to obtain the target configuration file, including: In response to the full package upgrade mode included in the upgrade mode, the target image file is deployed on the target file node to obtain the target configuration file; Alternatively, in response to the compressed package upgrade mode included in the upgrade mode, the target image file is decompressed to obtain a decompressed image file, and the decompressed image file is deployed in the target file node to obtain the target configuration file.
4. The method according to claim 1, characterized in that, The step of encrypting the target configuration file according to the key corresponding to the encrypted partition to obtain an encrypted configuration file includes: The target configuration file is encrypted in blocks according to the key to obtain the encrypted configuration file, which includes multiple encrypted configuration file blocks.
5. The method according to any one of claims 1 to 4, characterized in that, The method further includes: The encrypted configuration file included in the upgraded encrypted partition is decrypted to obtain the decrypted configuration file; The decrypted configuration file is exported to the target file node, and the consistency between the decrypted configuration file and the target configuration file is verified at the target file node to obtain the verification result; The upgrade result is determined based on the verification result, which is used to indicate whether the encrypted partition has been successfully upgraded.
6. The method according to any one of claims 1 to 4, characterized in that, The target image file for obtaining the encrypted partition of the target firmware includes: Receive the encrypted upgrade package of the target firmware sent by the upgrade device; The encrypted upgrade package is decrypted to obtain the target image file.
7. A firmware upgrade method, characterized in that, Applied to upgrading equipment, the method includes: Send the target image file of the encrypted partition of the target firmware to the terminal device; The target image file is used to enable the terminal device to mount the target image file to the target file node to obtain the target configuration file, encrypt the target configuration file according to the key of the encrypted partition, and replace the candidate configuration file to be upgraded in the encrypted partition with the encrypted configuration file.
8. The method according to claim 7, characterized in that, The target image file is carried in the encrypted upgrade package, and the step of sending the target image file of the encrypted partition of the target firmware to the terminal device includes: The upgrade instructions for the encrypted partition and the target image file are obtained through the interactive interface; In response to the upgrade command, a firmware upgrade package is generated based on the target image file and the encrypted partition identifier; The firmware upgrade package is encrypted to obtain an encrypted upgrade package, and the encrypted upgrade package is sent to the terminal device. The encrypted upgrade package can be in the form of a full package or a compressed full package.
9. A firmware upgrade device, characterized in that, The apparatus includes a memory and a processor, the memory storing a computer program, and the processor executing the computer program to implement the steps of the method according to any one of claims 1 to 8.
10. A chip, characterized in that, The device includes a processor and a communication interface, the processor being configured to cause the chip to perform the steps of the method described in any one of claims 1 to 8.