[go: up one dir, main page]

CN106203071A - A kind of firmware upgrade method and device - Google Patents

A kind of firmware upgrade method and device Download PDF

Info

Publication number
CN106203071A
CN106203071A CN201610509472.9A CN201610509472A CN106203071A CN 106203071 A CN106203071 A CN 106203071A CN 201610509472 A CN201610509472 A CN 201610509472A CN 106203071 A CN106203071 A CN 106203071A
Authority
CN
China
Prior art keywords
information
firmware file
target firmware
file
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610509472.9A
Other languages
Chinese (zh)
Inventor
庞伟振
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Inspur Beijing Electronic Information Industry Co Ltd
Original Assignee
Inspur Beijing Electronic Information Industry Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Inspur Beijing Electronic Information Industry Co Ltd filed Critical Inspur Beijing Electronic Information Industry Co Ltd
Priority to CN201610509472.9A priority Critical patent/CN106203071A/en
Publication of CN106203071A publication Critical patent/CN106203071A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)

Abstract

本发明公开了一种固件升级方法及装置。该方法包括以下步骤:获取用于升级固件的目标固件文件;根据目标固件文件中记录的摘要数据,确定第一摘要信息;根据预设的摘要算法,提取目标固件文件中记录的厂商固件内容的摘要,获得第二摘要信息;对比第一摘要信息和第二摘要信息;如果第一摘要信息和第二摘要信息一致,则根据目标固件文件中记录的硬件设备标识信息,使用目标固件文件对相应的硬件设备的固件进行升级。应用本发明实施例所提供的技术方案,可以避免使用不可靠的固件文件进行固件升级给内核带来的安全隐患,提升了计算机系统的安全性。

The invention discloses a firmware upgrading method and device. The method includes the following steps: obtaining a target firmware file for upgrading firmware; determining the first summary information according to the summary data recorded in the target firmware file; extracting the content of the manufacturer's firmware recorded in the target firmware file according to a preset summary algorithm summary, obtain the second summary information; compare the first summary information and the second summary information; if the first summary information and the second summary information are consistent, then use the target firmware file to match the corresponding hardware device identification information according to the target firmware file. upgrade the firmware of the hardware device. Applying the technical solutions provided by the embodiments of the present invention can avoid safety hazards caused by using unreliable firmware files for firmware upgrades to the kernel, and improve the security of the computer system.

Description

一种固件升级方法及装置A firmware upgrade method and device

技术领域technical field

本发明涉及计算机技术领域,特别是涉及一种固件升级方法及装置。The invention relates to the technical field of computers, in particular to a firmware upgrading method and device.

背景技术Background technique

在计算机中,固件,即firmware,通常存储固化在硬件设备的EEPROM(Electrically Erasable Programmable Read-Only Memory,电可擦可编程只读存储器)或者闪存FLASH芯片中,承担着硬件设备最底层、最基础的工作。In a computer, firmware, namely firmware, is usually stored and solidified in the EEPROM (Electrically Erasable Programmable Read-Only Memory) or FLASH chip of the hardware device, which bears the lowest and most basic work.

固件可以看做是对硬件设备的编程,其决定了硬件设备的工作性能。随着硬件设备的设计水平越来越高,固件也变得越来越强大、复杂。在实际应用中,固件中可能会有漏洞bug,或者因为应用场景不同需要改变相应的固件参数,这都需要通过固件的升级来解决。Firmware can be regarded as the programming of hardware devices, which determines the working performance of hardware devices. As the design level of hardware devices gets higher and higher, firmware becomes more powerful and complex. In practical applications, there may be bugs in the firmware, or the corresponding firmware parameters need to be changed due to different application scenarios, all of which need to be resolved through firmware upgrades.

在Linux系统中,内核支持固件的在线升级,通过从本机文件系统中获取并加载固件文件,直接传递给硬件设备的驱动来完成硬件设备固件的升级工作。In the Linux system, the kernel supports the online upgrade of the firmware, by obtaining and loading the firmware file from the local file system, and directly passing it to the driver of the hardware device to complete the upgrade of the firmware of the hardware device.

这种方法存在一定的缺点,内核从本机文件系统中获取到固件文件可能是经过非法人员修改、伪造的,应用该固件文件对硬件设备固件进行升级,使得计算机系统存在安全隐患。There are certain shortcomings in this method. The firmware file obtained by the kernel from the local file system may be modified or forged by illegal personnel. Using the firmware file to upgrade the firmware of the hardware device will cause a security risk in the computer system.

发明内容Contents of the invention

为解决上述技术问题,本发明提供一种固件升级方法及装置。In order to solve the above technical problems, the present invention provides a firmware upgrade method and device.

一种固件升级方法,包括:A firmware upgrade method, comprising:

获取用于升级固件的目标固件文件;Obtain the target firmware file for upgrading the firmware;

根据所述目标固件文件中记录的摘要数据,确定第一摘要信息;determining first summary information according to summary data recorded in the target firmware file;

根据预设的摘要算法,提取所述目标固件文件中记录的厂商固件内容的摘要,获得第二摘要信息;According to a preset summary algorithm, extract the summary of the manufacturer's firmware content recorded in the target firmware file, and obtain the second summary information;

对比所述第一摘要信息和所述第二摘要信息;comparing the first summary information with the second summary information;

如果所述第一摘要信息和所述第二摘要信息一致,则根据所述目标固件文件中记录的硬件设备标识信息,使用所述目标固件文件对相应的硬件设备的固件进行升级。If the first summary information is consistent with the second summary information, the target firmware file is used to upgrade the firmware of the corresponding hardware device according to the hardware device identification information recorded in the target firmware file.

在本发明的一种具体实施方式中,在所述根据所述目标固件文件中记录的摘要数据,确定第一摘要信息之前,所述方法还包括:In a specific implementation manner of the present invention, before the first summary information is determined according to the summary data recorded in the target firmware file, the method further includes:

确定所述目标固件文件中记录的当前版本信息和依赖版本信息是否符合预设的版本依赖关系,如果是,则执行所述根据所述目标固件文件中记录的摘要数据,确定第一摘要信息的操作。Determine whether the current version information and dependent version information recorded in the target firmware file conform to the preset version dependency relationship, and if so, execute the method of determining the first summary information according to the summary data recorded in the target firmware file. operate.

在本发明的一种具体实施方式中,在所述确定所述目标固件文件中记录的当前版本信息和依赖版本信息是否符合预设的版本依赖关系之前,所述方法还包括:In a specific implementation manner of the present invention, before determining whether the current version information and dependent version information recorded in the target firmware file conform to a preset version dependency relationship, the method further includes:

根据所述目标固件文件中记录的循环冗余校验标识,确定所述目标固件文件是否完整,如果是,则执行所述确定所述目标固件文件中记录的当前版本信息和依赖版本信息是否符合预设的版本依赖关系的操作。According to the cyclic redundancy check mark recorded in the target firmware file, determine whether the target firmware file is complete, if yes, perform the determination of whether the current version information recorded in the target firmware file and the dependent version information conform to Actions for preset version dependencies.

在本发明的一种具体实施方式中,所述摘要数据为厂商预先使用预设的所述摘要算法,提取所述目标固件文件中记录的厂商固件内容的摘要,并对该摘要进行加密处理后的数据,所述根据所述目标固件文件中记录的摘要数据,确定第一摘要信息,包括:In a specific embodiment of the present invention, the summary data is a summary of the manufacturer's firmware content recorded in the target firmware file using the summary algorithm preset by the manufacturer in advance, and the summary is encrypted. The data, the first summary information is determined according to the summary data recorded in the target firmware file, including:

在所述目标固件文件中提取所述目标固件文件对应的厂商标识信息;Extracting the vendor identification information corresponding to the target firmware file from the target firmware file;

从预先获得的可信公钥库中查找与所述厂商标识信息对应的可信公钥;Searching for a trusted public key corresponding to the vendor identification information from a pre-acquired trusted public key library;

使用所述可信公钥对所述目标固件文件中记录的摘要数据进行解密,获得第一摘要信息。Using the trusted public key to decrypt the summary data recorded in the target firmware file to obtain first summary information.

在本发明的一种具体实施方式中,所述方法还包括:In a specific embodiment of the present invention, the method also includes:

如果所述第一摘要信息和所述第二摘要信息不一致,则输出与所述目标固件文件为不可靠升级文件相关的提示信息。If the first summary information is inconsistent with the second summary information, output prompt information related to the fact that the target firmware file is an unreliable upgrade file.

一种固件升级装置,包括:A firmware upgrade device, comprising:

目标固件文件获取模块,用于获取用于升级固件的目标固件文件;The target firmware file obtaining module is used to obtain the target firmware file for upgrading the firmware;

第一摘要信息确定模块,用于根据所述目标固件文件中记录的摘要数据,确定第一摘要信息;The first summary information determining module is configured to determine the first summary information according to the summary data recorded in the target firmware file;

第二摘要信息获得模块,用于根据预设的摘要算法,提取所述目标固件文件中记录的厂商固件内容的摘要,获得第二摘要信息;The second summary information obtaining module is used to extract the summary of the manufacturer's firmware content recorded in the target firmware file according to a preset summary algorithm, and obtain the second summary information;

摘要信息对比模块,用于对比所述第一摘要信息和所述第二摘要信息;a summary information comparison module, configured to compare the first summary information with the second summary information;

固件升级模块,用于在所述第一摘要信息和所述第二摘要信息一致时,根据所述目标固件文件中记录的硬件设备标识信息,使用所述目标固件文件对相应的硬件设备的固件进行升级。A firmware upgrade module, configured to use the target firmware file to upgrade the firmware of the corresponding hardware device according to the hardware device identification information recorded in the target firmware file when the first summary information is consistent with the second summary information. to upgrade.

在本发明的一种具体实施方式中,所述装置还包括:In a specific embodiment of the present invention, the device also includes:

版本依赖关系确定模块,用于确定所述目标固件文件中记录的当前版本信息和依赖版本信息是否符合预设的版本依赖关系,如果是,则触发所述第一摘要信息确定模块。A version dependency determining module, configured to determine whether the current version information and dependent version information recorded in the target firmware file conform to a preset version dependency, and if so, trigger the first summary information determining module.

在本发明的一种具体实施方式中,所述装置还包括:In a specific embodiment of the present invention, the device also includes:

完整性确定模块,用于根据所述目标固件文件中记录的循环冗余校验标识,确定所述目标固件文件是否完整,如果是,则触发所述版本依赖关系确定模块。The integrity determination module is configured to determine whether the target firmware file is complete according to the cyclic redundancy check identifier recorded in the target firmware file, and if so, trigger the version dependency determination module.

在本发明的一种具体实施方式中,所述摘要数据为厂商预先使用预设的所述摘要算法,提取所述目标固件文件中记录的厂商固件内容的摘要,并对该摘要进行加密处理后的数据,所述第一摘要信息确定模块,具体用于:In a specific embodiment of the present invention, the summary data is a summary of the manufacturer's firmware content recorded in the target firmware file using the summary algorithm preset by the manufacturer in advance, and the summary is encrypted. data, the first summary information determination module is specifically used for:

在所述目标固件文件中提取所述目标固件文件对应的厂商标识信息;Extracting the vendor identification information corresponding to the target firmware file from the target firmware file;

从预先获得的可信公钥库中查找与所述厂商标识信息对应的可信公钥;Searching for a trusted public key corresponding to the vendor identification information from a pre-acquired trusted public key library;

使用所述可信公钥对所述目标固件文件中记录的摘要数据进行解密,获得第一摘要信息。Using the trusted public key to decrypt the summary data recorded in the target firmware file to obtain first summary information.

在本发明的一种具体实施方式中,所述装置还包括:In a specific embodiment of the present invention, the device also includes:

提示信息输出模块,用于在所述第一摘要信息和所述第二摘要信息不一致时,输出与所述目标固件文件为不可靠升级文件相关的提示信息。A prompt information output module, configured to output prompt information related to the fact that the target firmware file is an unreliable upgrade file when the first summary information is inconsistent with the second summary information.

应用本发明实施例所提供的技术方案,获取到用于升级固件的目标固件文件后,根据目标固件文件中记录的摘要数据,可以确定第一摘要信息,根据预设的摘要算法,可以提取该目标固件文件中记录的厂商固件内容的摘要,获得第二摘要信息,通过对比第一摘要信息和第二摘要信息,确定目标固件文件的可靠性,如果二者一致,则使用该目标固件文件对相应的硬件设备的固件进行升级。这样可以避免使用不可靠的固件文件进行固件升级给内核带来的安全隐患,提升了计算机系统的安全性。Applying the technical solution provided by the embodiment of the present invention, after obtaining the target firmware file for upgrading the firmware, the first summary information can be determined according to the summary data recorded in the target firmware file, and the first summary information can be extracted according to the preset summary algorithm. The summary of the manufacturer’s firmware content recorded in the target firmware file is used to obtain the second summary information. By comparing the first summary information and the second summary information, the reliability of the target firmware file is determined. If the two are consistent, the target firmware file is used to compare the The firmware of the corresponding hardware device is upgraded. In this way, the potential safety hazards brought to the kernel by using unreliable firmware files for firmware upgrade can be avoided, and the security of the computer system is improved.

附图说明Description of drawings

为了更清楚的说明本发明实施例或现有技术的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单的介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the embodiments of the present invention or the technical solutions of the prior art, the following will briefly introduce the accompanying drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only For some embodiments of the present invention, those skilled in the art can also obtain other drawings based on these drawings without creative work.

图1为本发明实施例中一种固件升级方法的实施流程图;Fig. 1 is the implementation flowchart of a kind of firmware upgrading method in the embodiment of the present invention;

图2为本发明实施例中一种固件升级装置的结构示意图。FIG. 2 is a schematic structural diagram of a firmware upgrade device in an embodiment of the present invention.

具体实施方式detailed description

为了使本技术领域的人员更好地理解本发明方案,下面结合附图和具体实施方式对本发明作进一步的详细说明。显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。In order to enable those skilled in the art to better understand the solution of the present invention, the present invention will be further described in detail below in conjunction with the accompanying drawings and specific embodiments. Apparently, the described embodiments are only some of the embodiments of the present invention, but not all of them. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

参见图1所示,为本发明实施例所提供的一种固件升级方法的实施流程图,该方法可以包括以下步骤:Referring to Fig. 1, it is an implementation flowchart of a firmware upgrade method provided by an embodiment of the present invention, the method may include the following steps:

S110:获取用于升级固件的目标固件文件。S110: Obtain a target firmware file for upgrading firmware.

在实际应用中,在需要对硬件设备的固件进行升级,或者在检测到有可升级的固件文件时,内核可以从本机文件系统中获取用于升级固件的目标固件文件。In practical applications, when the firmware of the hardware device needs to be upgraded, or when an upgradeable firmware file is detected, the kernel can obtain the target firmware file for upgrading the firmware from the local file system.

S120:根据目标固件文件中记录的摘要数据,确定第一摘要信息。S120: Determine first summary information according to the summary data recorded in the target firmware file.

在本发明实施例中,目标固件文件中记录有厂商固件内容和摘要数据,该摘要数据为厂商预先使用预设的摘要算法,提取厂商固件内容的摘要后得到的数据。In the embodiment of the present invention, the target firmware file records the manufacturer's firmware content and summary data, and the summary data is the data obtained after the manufacturer extracts the summary of the manufacturer's firmware content in advance using a preset summary algorithm.

根据目标固件文件中记录的摘要数据,可以确定第一摘要信息。如果目标固件文件中记录的摘要数据为非加密数据,则可以直接将目标固件文件中记录的摘要数据确定为第一摘要信息。在实际应用中,为加强固件文件的安全性,可以对摘要数据进行加密,根据目标固件文件中记录的摘要数据,可以确定第一摘要信息。According to the summary data recorded in the target firmware file, the first summary information can be determined. If the summary data recorded in the target firmware file is non-encrypted data, the summary data recorded in the target firmware file may be directly determined as the first summary information. In practical applications, in order to strengthen the security of the firmware file, the summary data can be encrypted, and the first summary information can be determined according to the summary data recorded in the target firmware file.

在本发明的一种具体实施方式中,摘要数据为厂商预先使用预设的摘要算法,提取目标固件文件中记录的固件内容的摘要,并对该摘要进行加密处理后的数据,步骤S120可以包括以下步骤:In a specific embodiment of the present invention, the digest data is the data obtained by extracting the digest of the firmware content recorded in the target firmware file using a preset digest algorithm in advance by the manufacturer, and encrypting the digest. Step S120 may include The following steps:

步骤一:在目标固件文件中提取目标固件文件对应的厂商标识信息;Step 1: extracting the vendor identification information corresponding to the target firmware file from the target firmware file;

步骤二:从预先获得的可信公钥库中查找与厂商标识信息对应的可信公钥;Step 2: Find the trusted public key corresponding to the manufacturer's identification information from the pre-acquired trusted public key library;

步骤三:使用可信公钥对目标固件文件中记录的摘要数据进行解密,获得第一摘要信息。Step 3: Use the trusted public key to decrypt the digest data recorded in the target firmware file to obtain the first digest information.

为便于描述,将上述三个步骤结合起来进行说明。For ease of description, the above three steps are combined for description.

在目标固件文件中可以记录该目标固件文件对应的厂商标识信息,即该目标固件文件是哪个厂商提供的。厂商在发布固件文件时,同时发布其用于加密摘要所使用的密钥对的公钥。The manufacturer identification information corresponding to the target firmware file can be recorded in the target firmware file, that is, which manufacturer provides the target firmware file. When the manufacturer releases the firmware file, it also releases the public key of the key pair used to encrypt the digest.

内核可以预先获得多个厂商的可信公钥,该可信公钥为厂商用于加密厂商固件内容的摘要所使用的密钥对的公钥。内核可以将获得的可信公钥存储到可信公钥库中。在可信公钥库中,每个厂商的厂商标识信息和该厂商发布的可信公钥对应存储。The kernel may obtain trusted public keys of multiple manufacturers in advance, and the trusted public key is the public key of the key pair used by the manufacturer to encrypt the digest of the manufacturer's firmware content. The kernel can store the obtained trusted public key in the trusted public key store. In the trusted public key store, the manufacturer identification information of each manufacturer is correspondingly stored with the trusted public key issued by the manufacturer.

在目标固件文件中可以提取相应的厂商标识信息,然后从预先获得的可信公钥库中查找与该厂商标识信息对应的可信公钥。The corresponding manufacturer identification information can be extracted from the target firmware file, and then the trusted public key corresponding to the manufacturer identification information can be searched from the pre-acquired trusted public key database.

在可信公钥库中查找到与厂商标识信息对应的可信公钥后,可以使用该可信公钥对目标固件文件中记录的摘要数据进行解密,解密后的摘要数据即为第一摘要信息。After the trusted public key corresponding to the manufacturer's identification information is found in the trusted public key database, the trusted public key can be used to decrypt the digest data recorded in the target firmware file, and the decrypted digest data is the first digest information.

具体使用的加解密算法可以是预先指定的加解密算法,还可以是目标固件文件中记录的加解密算法。The specific encryption and decryption algorithm used may be a pre-specified encryption and decryption algorithm, and may also be an encryption and decryption algorithm recorded in the target firmware file.

S130:根据预设的摘要算法,提取目标固件文件中记录的厂商固件内容的摘要,获得第二摘要信息。这里预设的摘要算法和步骤S120中摘要数据所对应的摘要算法一致。S130: According to a preset digest algorithm, extract the digest of the manufacturer's firmware content recorded in the target firmware file to obtain second digest information. The preset digest algorithm here is consistent with the digest algorithm corresponding to the digest data in step S120.

在本发明实施例中,预设的摘要算法可以是预先指定的一种摘要算法,还可以是目标固件文件中记录的摘要算法。In this embodiment of the present invention, the preset digest algorithm may be a pre-specified digest algorithm, or may be a digest algorithm recorded in the target firmware file.

根据预设的摘要算法,可以提取目标固件文件中记录的厂商固件内容的摘要,获得第二摘要信息。According to a preset digest algorithm, the digest of the manufacturer's firmware content recorded in the target firmware file can be extracted to obtain the second digest information.

需要说明的是,本发明实施例对步骤S120和步骤S130的执行顺序不做限制。It should be noted that, the embodiment of the present invention does not limit the execution sequence of step S120 and step S130.

S140:对比第一摘要信息和第二摘要信息。S140: Compare the first summary information with the second summary information.

在步骤S120,内核确定了第一摘要信息,该第一摘要信息对应的是,厂商预先按照预设的摘要算法提取的厂商固件内容的摘要。在步骤S130,内核获得了第二摘要信息,该第二摘要信息对应的是,内核根据预设的摘要算法提取的厂商固件内容的摘要。In step S120, the kernel determines the first summary information, and the first summary information corresponds to the summary of the manufacturer's firmware content extracted by the manufacturer in advance according to a preset summary algorithm. In step S130, the kernel obtains the second summary information, which corresponds to the summary of the manufacturer's firmware content extracted by the kernel according to a preset summary algorithm.

通过将第一摘要信息和第二摘要信息进行比较,可以确定该目标固件文件的可靠性。By comparing the first summary information with the second summary information, the reliability of the target firmware file can be determined.

S150:如果第一摘要信息和第二摘要信息一致,则根据目标固件文件中记录的硬件设备标识信息,使用目标固件文件对相应的硬件设备的固件进行升级。S150: If the first summary information is consistent with the second summary information, use the target firmware file to upgrade the firmware of the corresponding hardware device according to the hardware device identification information recorded in the target firmware file.

如果第一摘要信息和第二摘要信息一致,则表明该目标固件文件被篡改的可能性较小,可靠性较高,可以根据该目标固件文件中记录的硬件设备标识信息,使用该目标固件文件对相应的硬件设备的固件进行升级。具体的,内核可以将该目标固件文件传递给相应的硬件设备的驱动,以完成该硬件设备的固件的升级工作。If the first summary information is consistent with the second summary information, it indicates that the target firmware file is less likely to be tampered with and has higher reliability, and the target firmware file can be used according to the hardware device identification information recorded in the target firmware file Upgrade the firmware of the corresponding hardware device. Specifically, the kernel can transfer the target firmware file to the driver of the corresponding hardware device, so as to complete the upgrade of the firmware of the hardware device.

如果第一摘要信息和第二摘要信息不一致,则表明该目标固件文件可能已经被篡改,可靠性较小。如果使用该目标固件文件对硬件设备的固件进行升级,可能会对计算机系统产生危害。在这种情况下,可以不加载该目标固件文件。还可以输出与该目标固件文件为不可靠升级文件相关的提示信息,提示用户该目标固件文件可能已经被破坏。If the first summary information is inconsistent with the second summary information, it indicates that the target firmware file may have been tampered with, and the reliability is low. If the target firmware file is used to upgrade the firmware of the hardware device, it may cause harm to the computer system. In this case, the target firmware file may not be loaded. It is also possible to output prompt information related to the fact that the target firmware file is an unreliable upgrade file, prompting the user that the target firmware file may have been damaged.

应用本发明实施例所提供的方法,获取到用于升级固件的目标固件文件后,根据目标固件文件中记录的摘要数据,可以确定第一摘要信息,根据预设的摘要算法,可以提取该目标固件文件中记录的厂商固件内容的摘要,获得第二摘要信息,通过对比第一摘要信息和第二摘要信息,确定目标固件文件的可靠性,如果二者一致,则使用该目标固件文件对相应的硬件设备的固件进行升级。这样可以避免使用不可靠的固件文件进行固件升级给内核带来的安全隐患,提升了计算机系统的安全性。Applying the method provided by the embodiment of the present invention, after obtaining the target firmware file for upgrading the firmware, the first summary information can be determined according to the summary data recorded in the target firmware file, and the target can be extracted according to the preset summary algorithm. The summary of the manufacturer's firmware content recorded in the firmware file, obtain the second summary information, and determine the reliability of the target firmware file by comparing the first summary information and the second summary information. If the two are consistent, use the target firmware file to match the corresponding upgrade the firmware of the hardware device. In this way, the potential safety hazards brought to the kernel by using unreliable firmware files for firmware upgrade can be avoided, and the security of the computer system is improved.

在本发明的一个实施例中,在步骤S120之前,该方法还可以包括以下步骤:In one embodiment of the present invention, before step S120, the method may further include the following steps:

确定目标固件文件中记录的当前版本信息和依赖版本信息是否符合预设的版本依赖关系,如果是,则执行步骤S120的操作。It is determined whether the current version information and dependent version information recorded in the target firmware file conform to the preset version dependency relationship, and if yes, the operation of step S120 is performed.

在本发明实施例中,目标固件文件中可以记录有当前版本信息和依赖版本信息。内核获取到目标固件文件后,可以先确定该目标固件文件中记录的当前版本信息和依赖版本信息是否符合预设的版本依赖关系。预设的版本依赖关系可以根据实际情况进行设定,比如,依赖版本信息中的版本号需要小于当前版本信息中的版本号。In this embodiment of the present invention, current version information and dependent version information may be recorded in the target firmware file. After the kernel obtains the target firmware file, it may first determine whether the current version information and dependent version information recorded in the target firmware file conform to the preset version dependency relationship. The preset version dependency relationship can be set according to the actual situation, for example, the version number in the dependent version information needs to be smaller than the version number in the current version information.

如果符合,则继续执行步骤S120的操作,如果否,则该目标固件文件可能不可靠,可以不加载该目标固件文件,或者可以输出与版本不对应相关的提示信息。If yes, continue to perform the operation of step S120, if not, the target firmware file may be unreliable, the target firmware file may not be loaded, or a prompt message related to version incompatibility may be output.

在本发明的一个实施例中,在确定目标固件文件中记录的当前版本信息和依赖版本信息是否符合预设的版本依赖关系之前,该方法还可以包括以下步骤:In one embodiment of the present invention, before determining whether the current version information and dependent version information recorded in the target firmware file conform to the preset version dependency relationship, the method may also include the following steps:

根据目标固件文件中记录的循环冗余校验标识,确定目标固件文件是否完整,如果是,则执行确定目标固件文件中记录的当前版本信息和依赖版本信息是否符合预设的版本依赖关系的操作。According to the cyclic redundancy check identification recorded in the target firmware file, determine whether the target firmware file is complete, if yes, perform the operation of determining whether the current version information and dependent version information recorded in the target firmware file conform to the preset version dependency relationship .

在本发明实施例中,目标固件文件中可以记录有循环冗余校验标识。根据该循环冗余校验标识,可以确定该目标固件文件是否完整,如果是,则继续执行版本依赖关系确定的操作或者执行摘要信息对比的操作。In this embodiment of the present invention, a cyclic redundancy check identifier may be recorded in the target firmware file. According to the cyclic redundancy check identification, it can be determined whether the target firmware file is complete, and if so, continue to perform the operation of determining the version dependency or perform the operation of comparing summary information.

在实际应用中,可以将上述各实施例结合起来,提高系统的安全性,对隐藏等伪装病毒也有较好的防范作用。In practical applications, the above embodiments can be combined to improve the security of the system, and also have a good preventive effect on camouflaged viruses such as hiding.

在本发明实施例中,目标固件文件可以具有如表1所示的预设的文件格式:In the embodiment of the present invention, the target firmware file may have a preset file format as shown in Table 1:

表1Table 1

循环冗余校验标识CRC32:用于根据该标识确定目标固件文件的完整性,避免因加载异常而导致的信息丢失;Cyclic redundancy check identification CRC32: used to determine the integrity of the target firmware file according to this identification, to avoid information loss caused by abnormal loading;

厂商标识VendorId:用于记录目标固件文件所属的厂商;Vendor ID VendorId: used to record the vendor to which the target firmware file belongs;

硬件设备标识ProductId:用于记录目标固件文件所对应的硬件设备;Hardware device identifier ProductId: used to record the hardware device corresponding to the target firmware file;

当前版本Current Version:用于记录目标固件文件当前版本信息;Current Version Current Version: used to record the current version information of the target firmware file;

依赖版本Request Version:用于记录目标固件文件当前版本对应的依赖版本信息;Dependency version Request Version: used to record the dependency version information corresponding to the current version of the target firmware file;

摘要数据Encrypt Digest:用于记录针对厂商固件内容使用摘要算法获得的摘要,并使用加解密算法及厂商私钥对该摘要进行加密后的数据;Summary data Encrypt Digest: used to record the digest obtained by using the digest algorithm for the manufacturer's firmware content, and encrypt the digest using the encryption and decryption algorithm and the manufacturer's private key;

摘要算法Digest Method:用于记录生成摘要数据所使用的摘要算法;Digest algorithm Digest Method: used to record the digest algorithm used to generate the digest data;

加解密算法Encrypt Method:用于记录摘要数据所使用的加解密算法;Encryption and decryption algorithm Encrypt Method: the encryption and decryption algorithm used to record the summary data;

大小Size:用于记录厂商固件内容的大小;Size Size: used to record the size of the manufacturer's firmware content;

厂商固件内容Vendor Firmware Content:用于记录厂商固件内容。Vendor Firmware Content: Used to record the content of the vendor firmware.

每个厂商在发布固件文件时,都可以根据上述文件格式生成具有统一文件格式的固件文件。内核获取到固件文件后,根据固件文件中记录的这些信息可以对该固件文件进行完整及安全性审查,以避免不可靠的固件文件对系统安全造成危害。Each manufacturer can generate a firmware file with a unified file format according to the above file format when releasing the firmware file. After the kernel obtains the firmware file, the completeness and safety review of the firmware file can be performed according to the information recorded in the firmware file, so as to avoid unreliable firmware files from causing harm to system security.

相应于上面的方法实施例,本发明实施例还提供了一种固件升级装置。参见图2所示,该装置可以包括以下模块:Corresponding to the above method embodiment, the embodiment of the present invention also provides a firmware upgrade device. Referring to shown in Figure 2, the device can include the following modules:

目标固件文件获取模块210,用于获取用于升级固件的目标固件文件;Target firmware file obtaining module 210, for obtaining the target firmware file for upgrading firmware;

第一摘要信息确定模块220,用于根据目标固件文件中记录的摘要数据,确定第一摘要信息;The first summary information determining module 220 is configured to determine the first summary information according to the summary data recorded in the target firmware file;

第二摘要信息获得模块230,用于根据预设的摘要算法,提取目标固件文件中记录的厂商固件内容的摘要,获得第二摘要信息;The second summary information obtaining module 230 is used to extract the summary of the manufacturer's firmware content recorded in the target firmware file according to a preset summary algorithm, and obtain the second summary information;

摘要信息对比模块240,用于对比第一摘要信息和第二摘要信息;Summary information comparison module 240, configured to compare the first summary information and the second summary information;

固件升级模块250,用于在第一摘要信息和第二摘要信息一致时,根据目标固件文件中记录的硬件设备标识信息,使用目标固件文件对相应的硬件设备的固件进行升级。The firmware upgrade module 250 is configured to use the target firmware file to upgrade the firmware of the corresponding hardware device according to the hardware device identification information recorded in the target firmware file when the first summary information is consistent with the second summary information.

应用本发明实施例所提供的装置,获取到用于升级固件的目标固件文件后,根据目标固件文件中记录的摘要数据,可以确定第一摘要信息,根据预设的摘要算法,可以提取该目标固件文件中记录的厂商固件内容的摘要,获得第二摘要信息,通过对比第一摘要信息和第二摘要信息,确定目标固件文件的可靠性,如果二者一致,则使用该目标固件文件对相应的硬件设备的固件进行升级。这样可以避免使用不可靠的固件文件进行固件升级给内核带来的安全隐患,提升了计算机系统的安全性。Applying the device provided by the embodiment of the present invention, after obtaining the target firmware file for upgrading the firmware, the first summary information can be determined according to the summary data recorded in the target firmware file, and the target can be extracted according to the preset summary algorithm. The summary of the manufacturer's firmware content recorded in the firmware file, obtain the second summary information, and determine the reliability of the target firmware file by comparing the first summary information and the second summary information. If the two are consistent, use the target firmware file to match the corresponding upgrade the firmware of the hardware device. In this way, the potential safety hazards brought to the kernel by using unreliable firmware files for firmware upgrade can be avoided, and the security of the computer system is improved.

在本发明的一个实施例中,该装置还可以包括以下模块:In one embodiment of the present invention, the device may also include the following modules:

版本依赖关系确定模块,用于确定目标固件文件中记录的当前版本信息和依赖版本信息是否符合预设的版本依赖关系,如果是,则触发第一摘要信息确定模块220。The version dependency determination module is configured to determine whether the current version information and dependent version information recorded in the target firmware file conform to the preset version dependency relationship, and if so, trigger the first summary information determination module 220 .

在本发明的一个实施例中,该装置还可以包括以下模块:In one embodiment of the present invention, the device may also include the following modules:

完整性确定模块,用于根据目标固件文件中记录的循环冗余校验标识,确定目标固件文件是否完整,如果是,则触发版本依赖关系确定模块。The integrity determination module is configured to determine whether the target firmware file is complete according to the cyclic redundancy check identifier recorded in the target firmware file, and if so, trigger the version dependency determination module.

在本发明的一种具体实施方式中,摘要数据为厂商预先使用预设的摘要算法,提取目标固件文件中记录的厂商固件内容的摘要,并对该摘要进行加密处理后的数据,第一摘要信息确定模块220,具体用于:In a specific implementation of the present invention, the summary data is the data obtained by extracting the summary of the manufacturer's firmware content recorded in the target firmware file using a preset summary algorithm in advance by the manufacturer, and encrypting the summary. The first summary The information determination module 220 is specifically used for:

在目标固件文件中提取目标固件文件对应的厂商标识信息;Extracting the vendor identification information corresponding to the target firmware file from the target firmware file;

从预先获得的可信公钥库中查找与厂商标识信息对应的可信公钥;Find the trusted public key corresponding to the manufacturer's identification information from the pre-acquired trusted public key library;

使用可信公钥对目标固件文件中记录的摘要数据进行解密,获得第一摘要信息。The digest data recorded in the target firmware file is decrypted by using the trusted public key to obtain the first digest information.

在本发明的一个实施例中,该装置还可以包括以下模块:In one embodiment of the present invention, the device may also include the following modules:

提示信息输出模块,用于在第一摘要信息和第二摘要信息不一致时,输出与目标固件文件为不可靠升级文件相关的提示信息。The prompt information output module is configured to output prompt information related to the target firmware file being an unreliable upgrade file when the first summary information is inconsistent with the second summary information.

本说明书中各个实施例采用递进的方式描述,每个实施例重点说明的都是与其它实施例的不同之处,各个实施例之间相同或相似部分互相参见即可。对于实施例公开的装置而言,由于其与实施例公开的方法相对应,所以描述的比较简单,相关之处参见方法部分说明即可。Each embodiment in this specification is described in a progressive manner, each embodiment focuses on the difference from other embodiments, and the same or similar parts of each embodiment can be referred to each other. As for the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and for the related part, please refer to the description of the method part.

专业人员还可以进一步意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、计算机软件或者二者的结合来实现,为了清楚地说明硬件和软件的可互换性,在上述说明中已经按照功能一般性地描述了各示例的组成及步骤。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本发明的范围。Professionals can further realize that the units and algorithm steps of the examples described in conjunction with the embodiments disclosed herein can be implemented by electronic hardware, computer software or a combination of the two. In order to clearly illustrate the possible For interchangeability, in the above description, the composition and steps of each example have been generally described according to their functions. Whether these functions are executed by hardware or software depends on the specific application and design constraints of the technical solution. Those skilled in the art may use different methods to implement the described functions for each specific application, but such implementation should not be regarded as exceeding the scope of the present invention.

结合本文中所公开的实施例描述的方法或算法的步骤可以直接用硬件、处理器执行的软件模块,或者二者的结合来实施。软件模块可以置于随机存储器(RAM)、内存、只读存储器(ROM)、电可编程ROM、电可擦除可编程ROM、寄存器、硬盘、可移动磁盘、CD-ROM、或技术领域内所公知的任意其它形式的存储介质中。The steps of the methods or algorithms described in conjunction with the embodiments disclosed herein may be directly implemented by hardware, software modules executed by a processor, or a combination of both. Software modules can be placed in random access memory (RAM), internal memory, read-only memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, removable disk, CD-ROM, or any other Any other known storage medium.

以上对本发明所提供的一种固件升级方法及装置进行了详细介绍。本文中应用了具体个例对本发明的原理及实施方式进行了阐述,以上实施例的说明只是用于帮助理解本发明的方法及其核心思想。应当指出,对于本技术领域的普通技术人员来说,在不脱离本发明原理的前提下,还可以对本发明进行若干改进和修饰,这些改进和修饰也落入本发明权利要求的保护范围内。A firmware upgrade method and device provided by the present invention have been introduced in detail above. In this paper, specific examples are used to illustrate the principle and implementation of the present invention, and the descriptions of the above embodiments are only used to help understand the method and core idea of the present invention. It should be pointed out that for those skilled in the art, without departing from the principle of the present invention, some improvements and modifications can be made to the present invention, and these improvements and modifications also fall within the protection scope of the claims of the present invention.

Claims (10)

1.一种固件升级方法,其特征在于,包括:1. A firmware upgrade method, characterized in that, comprising: 获取用于升级固件的目标固件文件;Obtain the target firmware file for upgrading the firmware; 根据所述目标固件文件中记录的摘要数据,确定第一摘要信息;determining first summary information according to summary data recorded in the target firmware file; 根据预设的摘要算法,提取所述目标固件文件中记录的厂商固件内容的摘要,获得第二摘要信息;According to a preset summary algorithm, extract the summary of the manufacturer's firmware content recorded in the target firmware file, and obtain the second summary information; 对比所述第一摘要信息和所述第二摘要信息;comparing the first summary information with the second summary information; 如果所述第一摘要信息和所述第二摘要信息一致,则根据所述目标固件文件中记录的硬件设备标识信息,使用所述目标固件文件对相应的硬件设备的固件进行升级。If the first summary information is consistent with the second summary information, the target firmware file is used to upgrade the firmware of the corresponding hardware device according to the hardware device identification information recorded in the target firmware file. 2.根据权利要求1所述的方法,其特征在于,在所述根据所述目标固件文件中记录的摘要数据,确定第一摘要信息之前,所述方法还包括:2. The method according to claim 1, wherein, before determining the first summary information according to the summary data recorded in the target firmware file, the method further comprises: 确定所述目标固件文件中记录的当前版本信息和依赖版本信息是否符合预设的版本依赖关系,如果是,则执行所述根据所述目标固件文件中记录的摘要数据,确定第一摘要信息的操作。Determine whether the current version information and dependent version information recorded in the target firmware file conform to the preset version dependency relationship, and if so, execute the method of determining the first summary information according to the summary data recorded in the target firmware file. operate. 3.根据权利要求2所述的方法,其特征在于,在所述确定所述目标固件文件中记录的当前版本信息和依赖版本信息是否符合预设的版本依赖关系之前,所述方法还包括:3. The method according to claim 2, wherein before determining whether the current version information recorded in the target firmware file and the dependent version information conform to the preset version dependency relationship, the method further comprises: 根据所述目标固件文件中记录的循环冗余校验标识,确定所述目标固件文件是否完整,如果是,则执行所述确定所述目标固件文件中记录的当前版本信息和依赖版本信息是否符合预设的版本依赖关系的操作。According to the cyclic redundancy check mark recorded in the target firmware file, determine whether the target firmware file is complete, if yes, perform the determination of whether the current version information recorded in the target firmware file and the dependent version information conform to Actions for preset version dependencies. 4.根据权利要求1至3任一项所述的方法,其特征在于,所述摘要数据为厂商预先使用预设的所述摘要算法,提取所述目标固件文件中记录的厂商固件内容的摘要,并对该摘要进行加密处理后的数据,所述根据所述目标固件文件中记录的摘要数据,确定第一摘要信息,包括:4. The method according to any one of claims 1 to 3, wherein the summary data is a summary of the manufacturer's firmware content recorded in the target firmware file using the summary algorithm preset by the manufacturer in advance , and the digest is encrypted to the data, and the first digest information is determined according to the digest data recorded in the target firmware file, including: 在所述目标固件文件中提取所述目标固件文件对应的厂商标识信息;Extracting the vendor identification information corresponding to the target firmware file from the target firmware file; 从预先获得的可信公钥库中查找与所述厂商标识信息对应的可信公钥;Searching for a trusted public key corresponding to the vendor identification information from a pre-acquired trusted public key library; 使用所述可信公钥对所述目标固件文件中记录的摘要数据进行解密,获得第一摘要信息。Using the trusted public key to decrypt the summary data recorded in the target firmware file to obtain first summary information. 5.根据权利要求4所述的方法,其特征在于,所述方法还包括:5. method according to claim 4, is characterized in that, described method also comprises: 如果所述第一摘要信息和所述第二摘要信息不一致,则输出与所述目标固件文件为不可靠升级文件相关的提示信息。If the first summary information is inconsistent with the second summary information, output prompt information related to the fact that the target firmware file is an unreliable upgrade file. 6.一种固件升级装置,其特征在于,包括:6. A firmware upgrade device, characterized in that, comprising: 目标固件文件获取模块,用于获取用于升级固件的目标固件文件;The target firmware file obtaining module is used to obtain the target firmware file for upgrading the firmware; 第一摘要信息确定模块,用于根据所述目标固件文件中记录的摘要数据,确定第一摘要信息;The first summary information determining module is configured to determine the first summary information according to the summary data recorded in the target firmware file; 第二摘要信息获得模块,用于根据预设的摘要算法,提取所述目标固件文件中记录的厂商固件内容的摘要,获得第二摘要信息;The second summary information obtaining module is used to extract the summary of the manufacturer's firmware content recorded in the target firmware file according to a preset summary algorithm, and obtain the second summary information; 摘要信息对比模块,用于对比所述第一摘要信息和所述第二摘要信息;a summary information comparison module, configured to compare the first summary information with the second summary information; 固件升级模块,用于在所述第一摘要信息和所述第二摘要信息一致时,根据所述目标固件文件中记录的硬件设备标识信息,使用所述目标固件文件对相应的硬件设备的固件进行升级。A firmware upgrade module, configured to use the target firmware file to upgrade the firmware of the corresponding hardware device according to the hardware device identification information recorded in the target firmware file when the first summary information is consistent with the second summary information. to upgrade. 7.根据权利要求6所述的装置,其特征在于,所述装置还包括:7. The device according to claim 6, further comprising: 版本依赖关系确定模块,用于确定所述目标固件文件中记录的当前版本信息和依赖版本信息是否符合预设的版本依赖关系,如果是,则触发所述第一摘要信息确定模块。A version dependency determining module, configured to determine whether the current version information and dependent version information recorded in the target firmware file conform to a preset version dependency, and if so, trigger the first summary information determining module. 8.根据权利要求7所述的装置,其特征在于,所述装置还包括:8. The device according to claim 7, further comprising: 完整性确定模块,用于根据所述目标固件文件中记录的循环冗余校验标识,确定所述目标固件文件是否完整,如果是,则触发所述版本依赖关系确定模块。The integrity determination module is configured to determine whether the target firmware file is complete according to the cyclic redundancy check identifier recorded in the target firmware file, and if so, trigger the version dependency determination module. 9.根据权利要求6至8任一项所述的装置,其特征在于,所述摘要数据为厂商预先使用预设的所述摘要算法,提取所述目标固件文件中记录的厂商固件内容的摘要,并对该摘要进行加密处理后的数据,所述第一摘要信息确定模块,具体用于:9. The device according to any one of claims 6 to 8, wherein the summary data is a summary of the manufacturer's firmware content recorded in the target firmware file using the summary algorithm preset by the manufacturer in advance , and encrypt the digested data, the first digest information determination module is specifically used for: 在所述目标固件文件中提取所述目标固件文件对应的厂商标识信息;Extracting the vendor identification information corresponding to the target firmware file from the target firmware file; 从预先获得的可信公钥库中查找与所述厂商标识信息对应的可信公钥;Searching for a trusted public key corresponding to the vendor identification information from a pre-acquired trusted public key library; 使用所述可信公钥对所述目标固件文件中记录的摘要数据进行解密,获得第一摘要信息。Using the trusted public key to decrypt the summary data recorded in the target firmware file to obtain first summary information. 10.根据权利要求9所述的装置,其特征在于,所述装置还包括:10. The device according to claim 9, further comprising: 提示信息输出模块,用于在所述第一摘要信息和所述第二摘要信息不一致时,输出与所述目标固件文件为不可靠升级文件相关的提示信息。A prompt information output module, configured to output prompt information related to the fact that the target firmware file is an unreliable upgrade file when the first summary information is inconsistent with the second summary information.
CN201610509472.9A 2016-06-30 2016-06-30 A kind of firmware upgrade method and device Pending CN106203071A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610509472.9A CN106203071A (en) 2016-06-30 2016-06-30 A kind of firmware upgrade method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610509472.9A CN106203071A (en) 2016-06-30 2016-06-30 A kind of firmware upgrade method and device

Publications (1)

Publication Number Publication Date
CN106203071A true CN106203071A (en) 2016-12-07

Family

ID=57464446

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610509472.9A Pending CN106203071A (en) 2016-06-30 2016-06-30 A kind of firmware upgrade method and device

Country Status (1)

Country Link
CN (1) CN106203071A (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106685653A (en) * 2016-12-29 2017-05-17 同济大学 A vehicle remote firmware update method and device based on information security technology
CN106815050A (en) * 2016-12-30 2017-06-09 深圳怡化电脑股份有限公司 A kind of firmware management method and device of embedded device
CN107491328A (en) * 2017-08-02 2017-12-19 广东美的暖通设备有限公司 Updating firmware program method, system and electric equipment
CN108446133A (en) * 2018-03-29 2018-08-24 广东美的暖通设备有限公司 Firmware upgrade control method, firmware upgrade control system and electric appliance
CN108848094A (en) * 2018-06-22 2018-11-20 平安科技(深圳)有限公司 Data security validation method, device, system, computer equipment and storage medium
CN109117168A (en) * 2018-08-29 2019-01-01 拓攻(南京)机器人有限公司 Unmanned plane firmware update, device, unmanned plane and storage medium
CN109214168A (en) * 2018-08-27 2019-01-15 阿里巴巴集团控股有限公司 firmware upgrading method and device
CN109240721A (en) * 2018-08-24 2019-01-18 江苏恒宝智能系统技术有限公司 A kind of method of MCU online upgrading
CN109977674A (en) * 2017-12-28 2019-07-05 航天信息股份有限公司 The method for upgrading software and device of embedded device
CN110764811A (en) * 2019-09-05 2020-02-07 深圳优地科技有限公司 Firmware upgrading method and device
CN112699345A (en) * 2020-12-30 2021-04-23 合肥市芯海电子科技有限公司 Method, system, equipment and storage medium for safe operation of firmware

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101436141A (en) * 2008-11-21 2009-05-20 深圳创维数字技术股份有限公司 Firmware upgrading and encapsulating method and device based on digital signing
CN102141940A (en) * 2010-12-29 2011-08-03 Tcl集团股份有限公司 Device, method and system for recovering firmware update
CN102981881A (en) * 2012-12-10 2013-03-20 中兴通讯股份有限公司 Method and system for preventing mobile terminal from being updated to illegal firmware version
CN104166565A (en) * 2014-08-11 2014-11-26 成都瑞博慧窗信息技术有限公司 Intelligent display terminal firmware updating method
US20150199518A1 (en) * 2014-01-10 2015-07-16 Canon Kabushiki Kaisha Image forming apparatus that performs update of firmware, and control method therefor

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101436141A (en) * 2008-11-21 2009-05-20 深圳创维数字技术股份有限公司 Firmware upgrading and encapsulating method and device based on digital signing
CN102141940A (en) * 2010-12-29 2011-08-03 Tcl集团股份有限公司 Device, method and system for recovering firmware update
CN102981881A (en) * 2012-12-10 2013-03-20 中兴通讯股份有限公司 Method and system for preventing mobile terminal from being updated to illegal firmware version
US20150199518A1 (en) * 2014-01-10 2015-07-16 Canon Kabushiki Kaisha Image forming apparatus that performs update of firmware, and control method therefor
CN104166565A (en) * 2014-08-11 2014-11-26 成都瑞博慧窗信息技术有限公司 Intelligent display terminal firmware updating method

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
中国信息安全产品测评认证中心编著: "《信息安全理论与技术》", 30 September 2003 *
廖滨华: "《网络知识与应用》", 31 March 2014 *

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106685653A (en) * 2016-12-29 2017-05-17 同济大学 A vehicle remote firmware update method and device based on information security technology
CN106685653B (en) * 2016-12-29 2020-07-07 同济大学 Vehicle remote firmware updating method and device based on information security technology
CN106815050B (en) * 2016-12-30 2020-06-09 深圳怡化电脑股份有限公司 Firmware management method and device of embedded equipment
CN106815050A (en) * 2016-12-30 2017-06-09 深圳怡化电脑股份有限公司 A kind of firmware management method and device of embedded device
CN107491328A (en) * 2017-08-02 2017-12-19 广东美的暖通设备有限公司 Updating firmware program method, system and electric equipment
CN109977674A (en) * 2017-12-28 2019-07-05 航天信息股份有限公司 The method for upgrading software and device of embedded device
CN108446133A (en) * 2018-03-29 2018-08-24 广东美的暖通设备有限公司 Firmware upgrade control method, firmware upgrade control system and electric appliance
CN108848094A (en) * 2018-06-22 2018-11-20 平安科技(深圳)有限公司 Data security validation method, device, system, computer equipment and storage medium
CN108848094B (en) * 2018-06-22 2021-04-16 平安科技(深圳)有限公司 Data security verification method, device, system, computer equipment and storage medium
CN109240721A (en) * 2018-08-24 2019-01-18 江苏恒宝智能系统技术有限公司 A kind of method of MCU online upgrading
CN109214168A (en) * 2018-08-27 2019-01-15 阿里巴巴集团控股有限公司 firmware upgrading method and device
CN109117168A (en) * 2018-08-29 2019-01-01 拓攻(南京)机器人有限公司 Unmanned plane firmware update, device, unmanned plane and storage medium
CN110764811A (en) * 2019-09-05 2020-02-07 深圳优地科技有限公司 Firmware upgrading method and device
CN112699345A (en) * 2020-12-30 2021-04-23 合肥市芯海电子科技有限公司 Method, system, equipment and storage medium for safe operation of firmware
CN112699345B (en) * 2020-12-30 2022-12-09 合肥市芯海电子科技有限公司 Method, system, equipment and storage medium for safe operation of firmware

Similar Documents

Publication Publication Date Title
CN106203071A (en) A kind of firmware upgrade method and device
US10931451B2 (en) Securely recovering a computing device
EP3458999B1 (en) Self-contained cryptographic boot policy validation
US8254568B2 (en) Secure booting a computing device
TWI598814B (en) System and method for managing and diagnosing a computing device equipped with unified extensible firmware interface (uefi)-compliant firmware
CN111723383B (en) Data storage and verification method and device
CN101231622B (en) Data storage method and equipment base on flash memory, as well as data fetch method and apparatu
US20120166781A1 (en) Single security model in booting a computing device
CN102841992B (en) The method of the encryption key being used for shielded digital data object is generated for computer based current component
CN103765429B (en) Platform Secrets Related to Digital Signature Authority
US8099789B2 (en) Apparatus and method for enabling applications on a security processor
CN105391717A (en) APK signature authentication method and APK signature authentication system
US20210243030A1 (en) Systems And Methods To Cryptographically Verify An Identity Of An Information Handling System
CN111143869A (en) Application package processing method, device, electronic device and storage medium
CN105993018A (en) Encryption of content items on mobile devices
US20090327755A1 (en) Information-processing device and information management program
CN103348354B (en) Security verification equipment and security verification method
TW200414734A (en) Software protection method and device
WO2016188134A1 (en) Application reinforcing implementation method and apparatus
CN120353489A (en) Firmware updating method, device and storage medium
WO2020062233A1 (en) Method and apparatus for processing and deploying application program, and computer-readable medium
US10796004B1 (en) Split boot for computing devices with secure and insecure states
US20230315865A1 (en) Storage data deletion management system and apparatus
CN101324914A (en) A method and device for anti-piracy
TWI682296B (en) Image file packaging method and image file packaging system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20161207

RJ01 Rejection of invention patent application after publication