[go: up one dir, main page]

CN108021812B - Method and device for safe booting of a chip - Google Patents

Method and device for safe booting of a chip Download PDF

Info

Publication number
CN108021812B
CN108021812B CN201610964249.3A CN201610964249A CN108021812B CN 108021812 B CN108021812 B CN 108021812B CN 201610964249 A CN201610964249 A CN 201610964249A CN 108021812 B CN108021812 B CN 108021812B
Authority
CN
China
Prior art keywords
type
boot
key
chip
booting
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610964249.3A
Other languages
Chinese (zh)
Other versions
CN108021812A (en
Inventor
孙福山
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sanechips Technology Co Ltd
Original Assignee
Sanechips Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sanechips Technology Co Ltd filed Critical Sanechips Technology Co Ltd
Priority to CN201610964249.3A priority Critical patent/CN108021812B/en
Priority to PCT/CN2017/082551 priority patent/WO2018076648A1/en
Publication of CN108021812A publication Critical patent/CN108021812A/en
Application granted granted Critical
Publication of CN108021812B publication Critical patent/CN108021812B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a safe starting method and a safe starting device of a chip, wherein the safe starting method comprises the following steps: determining a safe starting type; reading a first type key corresponding to the safety starting type from the electric fuse; processing security verification corresponding to the security starting type by using the first type of secret key in the process of starting a chip; the effect of customizing the personalized security chip for the target user through EFUSE curing is achieved, the development cost of the chip is saved, and the universality of the chip is improved.

Description

一种芯片的安全启动方法及装置Method and device for safe booting of a chip

技术领域technical field

本发明涉及芯片安全启动技术,尤其涉及一种芯片的安全启动方法及装置。The invention relates to a chip safe booting technology, in particular to a chip safe booting method and device.

背景技术Background technique

嵌入式芯片是嵌入式系统的核心,是控制和辅助系统运行的硬件单元。嵌入式芯片的安全启动是保障整个芯片后续工作的前提,为此,需要采用安全的方式来启动芯片。The embedded chip is the core of the embedded system and is the hardware unit that controls and assists the operation of the system. The secure startup of the embedded chip is the premise to ensure the subsequent work of the entire chip. For this reason, a safe way to start the chip is required.

目前,针对同一款芯片在设计时只支持单一的安全启动方案,这样,针对不同的安全启动需求,需要设计不同的芯片去支持相应的安全启动方案,芯片开发成较高,芯片通用性较差。At present, only a single secure boot solution is supported for the same chip in design, so different chips need to be designed to support the corresponding secure boot solution for different secure boot requirements. .

发明内容SUMMARY OF THE INVENTION

为解决上述技术问题,本发明实施例提供了一种芯片的安全启动方法及装置。In order to solve the above technical problems, embodiments of the present invention provide a method and device for safely booting a chip.

本发明实施例提供的芯片的安全启动方法,包括:The secure booting method of the chip provided by the embodiment of the present invention includes:

确定安全启动类型;Determine the type of secure boot;

从电熔丝中读取与所述安全启动类型相对应的第一类密钥;read the first type key corresponding to the secure boot type from the electrical fuse;

在启动芯片的过程中,利用所述第一类密钥处理与所述安全启动类型相对应的安全验证。In the process of booting the chip, the first type of key is used to process the security verification corresponding to the secure boot type.

本发明实施例中,确定安全启动类型之前,所述方法还包括:In this embodiment of the present invention, before determining the secure boot type, the method further includes:

在所述电熔丝中固化与不同的安全启动类型分别对应的第一类密钥;solidifying the first type of keys corresponding to different security activation types in the electric fuse;

其中,所述第一类密钥根据对应的安全启动类型在所述电熔丝中采用明文方式存放或者采用哈希方式存放。Wherein, the first type of key is stored in the electric fuse in a plaintext manner or in a hash manner according to the corresponding secure boot type.

本发明实施例中,所述在启动芯片的过程中,利用所述第一类密钥处理与所述安全启动类型相对应的安全验证,包括:In the embodiment of the present invention, in the process of booting the chip, the first type of key is used to process the security verification corresponding to the secure boot type, including:

当芯片上电后,从只读存储器中固化的代码开始依次执行指令;When the chip is powered on, the instructions are executed sequentially from the code solidified in the read-only memory;

在执行指令的过程中,利用所述第一类密钥对二级启动(BOOT)进行校验;In the process of executing the instruction, the second-level boot (BOOT) is checked by using the first-type key;

校验通过后,执行二级BOOT。After the verification is passed, the second level BOOT is executed.

本发明实施例中,所述方法还包括:In the embodiment of the present invention, the method further includes:

利用所述第一类密钥对二级BOOT的镜像头信息进行校验,校验成功后确定二级BOOT代码是否解密;Use the first type of key to verify the image header information of the secondary BOOT, and determine whether the secondary BOOT code is decrypted after the verification is successful;

当所述二级BOOT代码未解密时,依据获取到的第二类密钥对所述二级BOOT代码进行解密。When the secondary BOOT code is not decrypted, the secondary BOOT code is decrypted according to the obtained second type key.

本发明实施例中,所述方法还包括:In the embodiment of the present invention, the method further includes:

根据预置的地址,向所述电熔丝中读取所述第二类密钥。According to the preset address, the second type key is read from the electric fuse.

本发明实施例提供的芯片的安全启动装置,包括:The secure boot device for a chip provided by the embodiment of the present invention includes:

类型确定模块,用于确定安全启动类型;Type determination module, used to determine the type of secure boot;

数据读取模块,用于从电熔丝中读取与所述安全启动类型相对应的第一类密钥A data reading module for reading the first type key corresponding to the security boot type from the electric fuse

安全验证模块,用于在启动芯片的过程中,利用所述第一类密钥处理与所述安全启动类型相对应的安全验证。The security verification module is configured to use the first type of key to process security verification corresponding to the secure boot type in the process of booting the chip.

本发明实施例中,所述装置还包括:In the embodiment of the present invention, the device further includes:

数据固化模块,用于在所述电熔丝中固化与不同的安全启动类型分别对应的第一类密钥;其中,所述第一类密钥根据对应的安全启动类型在所述电熔丝中采用明文方式存放或者采用哈希方式存放。A data curing module for curing first type keys corresponding to different security boot types in the electric fuse; wherein the first type keys are stored in the electric fuse according to the corresponding security boot types It is stored in plaintext or stored in hash.

本发明实施例中,所述安全验证模块,具体用于:当芯片上电后,从只读存储器中固化的代码开始依次执行指令;在执行指令的过程中,利用所述第一类密钥对二级BOOT进行校验;校验通过后,执行二级BOOT。In the embodiment of the present invention, the security verification module is specifically used to: after the chip is powered on, execute instructions sequentially from the code solidified in the read-only memory; in the process of executing the instructions, use the first type of key Verify the second-level BOOT; after the verification is passed, execute the second-level BOOT.

本发明实施例中,所述安全验证模块,具体用于:利用所述第一类密钥对二级BOOT的镜像头信息进行校验,校验成功后确定二级BOOT代码是否解密;当所述二级BOOT代码未解密时,依据获取到的第二类密钥对所述二级BOOT代码进行解密。In the embodiment of the present invention, the security verification module is specifically configured to: verify the image header information of the secondary BOOT by using the first type key, and determine whether the secondary BOOT code is decrypted after the verification is successful; When the secondary BOOT code is not decrypted, decrypt the secondary BOOT code according to the obtained second type key.

本发明实施例中,所述数据读取模块,还用于根据预置的地址,向所述电熔丝中读取所述第二类密钥。In the embodiment of the present invention, the data reading module is further configured to read the second type key from the electric fuse according to a preset address.

本发明实施例的技术方案中,确定安全启动类型;从电熔丝中读取与所述安全启动类型相对应的第一类密钥;在启动芯片的过程中,利用所述第一类密钥处理与所述安全启动类型相对应的安全验证。采用本发明实施例的技术方案,当确定芯片市场的安全需求后,向电熔丝(EFUSE)中固化所需要的安全方案。在芯片启动后会根据EFUSE的固化值逐级判断安全方案,并按照安全方案进行相应的验签、解密等操作。达到了通过EFUSE固化为目标用户定制个性化的安全芯片的效果,节省了芯片的开发成本,提高了芯片的通用性。In the technical solution of the embodiment of the present invention, the secure boot type is determined; the first type key corresponding to the secure boot type is read from the electric fuse; in the process of starting the chip, the first type key is used The key handles the security verification corresponding to the secure boot type. By adopting the technical solutions of the embodiments of the present invention, after the security requirements of the chip market are determined, the required security solutions are solidified into the electric fuse (EFUSE). After the chip is started, the security scheme will be judged step by step according to the solidified value of EFUSE, and corresponding operations such as signature verification and decryption will be performed according to the security scheme. It achieves the effect of customizing a personalized security chip for target users through EFUSE curing, saving the development cost of the chip and improving the versatility of the chip.

附图说明Description of drawings

图1为芯片的安全启动方法的流程示意图一;FIG. 1 is a schematic flowchart 1 of a method for safely booting a chip;

图2为本发明实施例的芯片的安全启动方法的流程示意图二;2 is a second schematic flowchart of a method for safely booting a chip according to an embodiment of the present invention;

图3为本发明实施例的芯片的安全启动方法的流程示意图三;FIG. 3 is a third schematic flowchart of a method for safely booting a chip according to an embodiment of the present invention;

图4为本发明实施例的芯片的安全启动装置的结构组成示意图。FIG. 4 is a schematic structural diagram of a secure boot device for a chip according to an embodiment of the present invention.

具体实施方式Detailed ways

为了能够更加详尽地了解本发明实施例的特点与技术内容,下面结合附图对本发明实施例的实现进行详细阐述,所附附图仅供参考说明之用,并非用来限定本发明实施例。In order to understand the features and technical contents of the embodiments of the present invention in more detail, the implementation of the embodiments of the present invention will be described in detail below with reference to the accompanying drawings.

芯片的安全启动一般都包括如图1所示的步骤,参照图1,芯片的安全启动流程包括如下步骤:The secure booting of the chip generally includes the steps shown in Figure 1. Referring to Figure 1, the secure booting process of the chip includes the following steps:

步骤101:向EFUSE中固化RSA密钥。Step 101: Solidify the RSA key in EFUSE.

本发明实施例将RSA密钥称为第一类密钥,将高级加密标准(AES,AdvancedEncryption Standard)或数据加密标准(DES,Data Encryption Standard)密钥称为第二类密钥。In the embodiment of the present invention, the RSA key is referred to as the first type of key, and the Advanced Encryption Standard (AES, Advanced Encryption Standard) or Data Encryption Standard (DES, Data Encryption Standard) key is referred to as the second type of key.

这里,向EFUSE中固化数据是指:在EFUSE中通过烧断的方式编程熔丝,做到在EFUSE中通过硬件方式写入数据。EFUSE与更旧的激光熔断技术相比,电子迁移特性可以用来生成小得多的熔丝结构,采用I/O电路的片上电压(通常为2.5V),一个持续200微秒的10毫安直流脉冲就足以编程单根熔丝。Here, solidifying data in EFUSE means: programming the fuse in EFUSE by blowing, so as to write data in EFUSE by hardware. EFUSE Electromigration properties can be used to create much smaller fuse structures compared to older laser fusing techniques, using the on-chip voltage of the I/O circuit (typically 2.5V), a 10 mA for 200 microseconds A DC pulse is enough to program a single fuse.

基于此,向EFUSE中固化RSA密钥是指:通过硬件方式在EFUSE中写入RSA密钥。Based on this, solidifying the RSA key in EFUSE means: writing the RSA key in EFUSE by means of hardware.

步骤102:当芯片上电以后,M0核从只读存储器(ROM,Read-Only Memory)固化的代码中开始依次执行指令;从EFUSE中读取RSA密钥,进行二级BOOT校验,校验通过后执行二级BOOT。Step 102: After the chip is powered on, the M0 core starts to execute the instructions in sequence from the code solidified in the read-only memory (ROM, Read-Only Memory); reads the RSA key from EFUSE, performs second-level BOOT verification, and checks Execute secondary BOOT after passing.

这里,并没有对二级BOOT代码进行AES或DES解密,这是因为AES或DES解密需要通过软件实现,导致固化的BOOT代码中预置密钥安全性很低,且增加了代码量,延长了启动时间。Here, there is no AES or DES decryption for the secondary BOOT code. This is because AES or DES decryption needs to be implemented through software, which leads to low security of the preset key in the solidified BOOT code, and increases the amount of code and prolongs the Start Time.

步骤103:当M0核进行二级BOOT启动后,对后面的程序(如m0_os、bl31、bl32、uboot)使用RSA密钥进行校验;并且通过软件进行AES或DES解密。Step 103 : After the M0 core starts the second-level BOOT, the following programs (such as m0_os, bl31, bl32, uboot) are verified using the RSA key; and AES or DES is decrypted by software.

这里,AES或DES密钥需要软件保存,这样,就存在黑客通过m0_os的源文件获取密钥可能,比如代码是A用户开发的,A用户通过镜像文件分析,就可以找到可能是密钥的地方,尝试进行攻击。Here, the AES or DES key needs to be saved by software, so it is possible for hackers to obtain the key through the source file of m0_os. For example, the code is developed by user A, and user A can find the place that may be the key by analyzing the image file , try to attack.

步骤104:A53核启动后,从bl31开始执行指令,启动bl32,最终跳转至uboot。Step 104: After the A53 core is started, it starts executing instructions from bl31, starts bl32, and finally jumps to uboot.

这里,当芯片不是A53时,实际上直接是m0_os跳转到uboot,没有bl31、bl32的过程。Here, when the chip is not A53, it actually jumps directly to uboot from m0_os, without the process of bl31 and bl32.

步骤105:在uboot启动完成后,使用RSA密钥校验安卓镜像。Step 105: After uboot is started, use the RSA key to verify the Android image.

本发明实施例的技术方案,当确定芯片市场的安全需求后,向EFUSE中固化所需要的安全方案。在芯片启动后会根据EFUSE的固化值逐级判断安全方案,并按照安全方案进行相应的验签、解密等操作。达到了通过EFUSE固化为目标用户定制个性化的安全芯片的效果,节省了芯片的开发成本,提高了芯片的通用性。In the technical solutions of the embodiments of the present invention, after the security requirements of the chip market are determined, the required security solutions are solidified into EFUSE. After the chip is started, the security scheme will be judged step by step according to the solidified value of EFUSE, and corresponding operations such as signature verification and decryption will be performed according to the security scheme. It achieves the effect of customizing a personalized security chip for target users through EFUSE curing, saving the development cost of the chip and improving the versatility of the chip.

图2为本发明实施例的芯片的安全启动方法的流程示意图二,如图2所示,所述芯片的安全启动方法包括以下步骤:FIG. 2 is a second schematic flowchart of a secure booting method for a chip according to an embodiment of the present invention. As shown in FIG. 2 , the secure booting method for a chip includes the following steps:

步骤201:确定安全启动类型。Step 201: Determine the secure boot type.

本发明实施例中,确定安全启动类型之前,所述方法还包括:在所述电熔丝中固化与不同的安全启动类型分别对应的第一类密钥;In the embodiment of the present invention, before determining the secure boot type, the method further includes: solidifying the first type of keys corresponding to different secure boot types in the electric fuse;

其中,所述第一类密钥根据对应的安全启动类型在所述电熔丝中采用明文方式存放或者采用哈希方式存放。Wherein, the first type of key is stored in the electric fuse in a plaintext manner or in a hash manner according to the corresponding secure boot type.

上述方案中,第一类密钥可以是RSA密钥。In the above solution, the first type of key may be an RSA key.

步骤202:从电熔丝中读取与所述安全启动类型相对应的第一类密钥。Step 202: Read the first type key corresponding to the secure boot type from the electrical fuse.

本发明实施例中,并不是简单的从电熔丝中读取RSA密钥,而是根据安全启动类型,从电熔丝中读取与安全启动类型对应的RSA密钥。并且,RSA密钥是明文方式存放还是哈希(HASH)方式存放,可以根据安全启动类型预先设置。In the embodiment of the present invention, instead of simply reading the RSA key from the electrical fuse, the RSA key corresponding to the safe booting type is read from the electrical fuse according to the safe booting type. In addition, whether the RSA key is stored in plaintext or in hash (HASH) can be preset according to the type of secure boot.

步骤203:在启动芯片的过程中,利用所述第一类密钥处理与所述安全启动类型相对应的安全验证。Step 203: In the process of starting the chip, use the first type of key to process the security verification corresponding to the secure boot type.

本发明实施例中,所述在启动芯片的过程中,利用所述第一类密钥处理与所述安全启动类型相对应的安全验证,包括:In the embodiment of the present invention, in the process of booting the chip, the first type of key is used to process the security verification corresponding to the secure boot type, including:

当芯片上电后,从只读存储器中固化的代码开始依次执行指令;When the chip is powered on, the instructions are executed sequentially from the code solidified in the read-only memory;

在执行指令的过程中,利用所述第一类密钥对二级启动BOOT进行校验;In the process of executing the instruction, the second-level boot BOOT is verified by using the first-type key;

校验通过后,执行二级BOOT。After the verification is passed, the second level BOOT is executed.

本发明实施例中,所述在启动芯片的过程中,利用所述第一类密钥处理与所述安全启动类型相对应的安全验证,还包括:In the embodiment of the present invention, in the process of booting the chip, using the first type of key to process the security verification corresponding to the secure boot type, further comprising:

利用所述第一类密钥对二级BOOT的镜像头信息进行校验,校验成功后确定二级BOOT代码是否解密;Use the first type of key to verify the image header information of the secondary BOOT, and determine whether the secondary BOOT code is decrypted after the verification is successful;

当所述二级BOOT代码未解密时,依据获取到的第二类密钥对所述二级BOOT代码进行解密。When the secondary BOOT code is not decrypted, the secondary BOOT code is decrypted according to the obtained second type key.

这里,第二类密钥可以是AES密钥或DES密钥。Here, the second type of key may be an AES key or a DES key.

基于此以上方案,本发明实施例支持对BOOT代码进行AES解密或DES解密。具体地,通过二级BOOT镜像头信息获得是否解密的信息,由于这个头信息是需要进行RSA校验的,因此头信息黑客无法篡改。Based on the above solutions, the embodiments of the present invention support AES decryption or DES decryption of the BOOT code. Specifically, the information on whether to decrypt is obtained through the secondary BOOT image header information. Since this header information needs to be verified by RSA, the header information cannot be tampered with by hackers.

此外,第二类密钥的读取通过以下操作:根据预置的地址,向所述电熔丝中读取所述第二类密钥。可见,AES密钥或DES密钥是根据预置方案,由硬件模块直接向EFUSE中预置的地址读取,而软件只能通知硬件进行解密,但是无法获取密钥,这样,任何人都无法通过软件通路获取AES密钥或者DES密钥。In addition, the second type of key is read through the following operation: according to a preset address, the second type of key is read from the electric fuse. It can be seen that the AES key or DES key is directly read by the hardware module to the preset address in EFUSE according to the preset scheme, and the software can only notify the hardware to decrypt, but cannot obtain the key, so that no one can Obtain AES key or DES key through software channel.

本发明实施例中,AES解密或DES解密由硬件实现,节约了BOOT代码量,从而节约了成本(这里,因为软件固化代码成本高于硬件模块成本)。并且,通过硬件实现能够提高启动速度。In this embodiment of the present invention, AES decryption or DES decryption is implemented by hardware, which saves the amount of BOOT code and thus saves costs (here, because the cost of software-hardened code is higher than the cost of hardware modules). Also, the startup speed can be improved by hardware implementation.

此外,本发明实施例中,各个硬件可以进行联合测试工作(JTAG,JointTestAction Group)保护,硬件设置的保护手段软件无法破解,进一步增加了安全性。再者,HASH算法通过硬件来实现,在节约成本的同时,提高了芯片的启动速度。In addition, in the embodiment of the present invention, each piece of hardware can be protected by a joint test work (JTAG, JointTestAction Group), and the protection means set by the hardware cannot be cracked by software, which further increases security. Furthermore, the HASH algorithm is implemented by hardware, which improves the startup speed of the chip while saving costs.

本发明实施例的上述方案中,AES密钥和DES密钥通过硬件保存,硬件保存与软件保存的区别如下:In the above-mentioned scheme of the embodiment of the present invention, the AES key and the DES key are stored by hardware, and the difference between hardware storage and software storage is as follows:

软件保存的情况,由于m0_os本身是代码加密的,无法从源文件分析得到密钥。因为加密后的文件全是乱码,无法分析。但理论上还是存在破解的可能。In the case of software preservation, since m0_os itself is encrypted by code, the key cannot be obtained by analyzing the source file. Because the encrypted files are full of garbled characters and cannot be analyzed. But theoretically there is still a possibility of cracking.

硬件保存的情况,软件可以设置硬件通路去EFUSE地址读取密钥解析。这样软件只知道密钥在EFUSE什么地址,但是不知道密钥究竟是什么。In the case of hardware storage, the software can set the hardware path to read the key parsing from the EFUSE address. In this way, the software only knows what address the key is in EFUSE, but does not know what the key is.

本发明实施例的上述方案中,第一类密钥可以不同于第一类密钥,以实现不同开发阶段掌握不同密钥的需求。一般来讲,客户市场(比如某运营商)会控制第二类密钥。这样,即使是芯片提供商,也无法将客户芯片破解,或者在客户不知情的情况下将其他市场芯片放到客户市场使用。In the above solution of the embodiment of the present invention, the first type of key may be different from the first type of key, so as to meet the requirement of mastering different keys in different development stages. Typically, the customer market (such as an operator) controls the second type of keys. In this way, even the chip provider cannot crack the customer's chip, or put other market chips into the customer's market without the customer's knowledge.

图3为本发明实施例的芯片的安全启动方法的流程示意图三,如图3所示,所述芯片的安全启动方法包括以下步骤:FIG. 3 is a schematic flow chart 3 of a method for safely booting a chip according to an embodiment of the present invention. As shown in FIG. 3 , the method for securely booting a chip includes the following steps:

步骤301:EFUSE固化。Step 301: EFUSE is cured.

步骤302:芯片上电。Step 302: The chip is powered on.

步骤303:M0核从ROM执行指令。Step 303: The M0 core executes the instruction from the ROM.

步骤304:对安全启动类型进行判断,并根据判断结果从EFUSE中读取对应的密钥。Step 304: Judging the secure boot type, and reading the corresponding key from EFUSE according to the judgment result.

步骤305:采用密钥对二级BOOT进行验签,验签失败,则停止启动;验签成功,则执行步骤306。Step 305: Use the key to verify the signature of the secondary BOOT. If the signature verification fails, the startup is stopped; if the signature verification succeeds, step 306 is executed.

步骤306:二级BOOT执行。Step 306: Second-level BOOT execution.

步骤307:对安全启动类型进行判断,并根据判断结果从EFUSE中读取对应的密钥。Step 307: Judging the secure boot type, and reading the corresponding key from EFUSE according to the judgment result.

步骤308:利用密钥对4个镜像进行验签,验签失败,则停止启动;验签成功,则执行步骤309。Step 308: Use the key to verify the signatures of the four mirror images. If the signature verification fails, the startup is stopped; if the signature verification succeeds, step 309 is executed.

步骤309:释放A53执行。Step 309: Release A53 for execution.

步骤310:m0_os执行启动完成。Step 310: The execution and startup of m0_os are completed.

上述方案中,步骤309具体包括:In the above scheme, step 309 specifically includes:

步骤3091:A53从bl31执行。Step 3091: A53 is executed from bl31.

步骤3092:执行bl32。Step 3092: Execute bl32.

步骤3093:执行uboot。Step 3093: Execute uboot.

步骤3094:对安全启动类型进行判断,并根据判断结果从EFUSE中读取对应的密钥。Step 3094: Judging the secure boot type, and reading the corresponding key from EFUSE according to the judgment result.

步骤3095:利用密钥对安卓镜像进行验签,验签失败,则停止启动;验签成功,则执行步骤3096。Step 3095: Use the key to verify the signature of the Android image. If the signature verification fails, the startup will be stopped; if the signature verification is successful, step 3096 will be executed.

步骤3096:内核执行启动完成。Step 3096: The execution of the kernel execution is completed.

上述方案中,m0_os、bl31、bl32、uboot均指代程序的名称。In the above scheme, m0_os, bl31, bl32, and uboot all refer to the name of the program.

图4为本发明实施例的芯片的安全启动装置的结构组成示意图,如图4所示,所述装置包括:FIG. 4 is a schematic diagram of the structure and composition of a secure boot device for a chip according to an embodiment of the present invention. As shown in FIG. 4 , the device includes:

类型确定模块41,用于确定安全启动类型;a type determination module 41, used to determine a secure boot type;

数据读取模块42,用于从电熔丝中读取与所述安全启动类型相对应的第一类密钥The data reading module 42 is used to read the first type key corresponding to the security boot type from the electric fuse

安全验证模块43,用于在启动芯片的过程中,利用所述第一类密钥处理与所述安全启动类型相对应的安全验证。The security verification module 43 is configured to use the first type of key to process security verification corresponding to the secure boot type in the process of booting the chip.

本发明实施例中,所述装置还包括:In the embodiment of the present invention, the device further includes:

数据固化模块44,用于在所述电熔丝中固化与不同的安全启动类型分别对应的第一类密钥;其中,所述第一类密钥根据对应的安全启动类型在所述电熔丝中采用明文方式存放或者采用哈希方式存放。The data solidification module 44 is used to solidify the first type of keys corresponding to different security startup types in the electric fuse; wherein, the first type of keys are stored in the electric fuse according to the corresponding security startup type. The wire is stored in plaintext or stored in hash.

本发明实施例中,所述安全验证模块43,具体用于:当芯片上电后,从只读存储器中固化的代码开始依次执行指令;在执行指令的过程中,利用所述第一类密钥对二级BOOT进行校验;校验通过后,执行二级BOOT。In the embodiment of the present invention, the security verification module 43 is specifically configured to: when the chip is powered on, execute the instructions sequentially from the solidified code in the read-only memory; in the process of executing the instructions, use the first type of password The key is used to verify the secondary BOOT; after the verification is passed, the secondary BOOT is executed.

本发明实施例中,所述安全验证模块43,具体用于:利用所述第一类密钥对二级BOOT的镜像头信息进行校验,校验成功后确定二级BOOT代码是否解密;当所述二级BOOT代码未解密时,依据获取到的第二类密钥对所述二级BOOT代码进行解密。In the embodiment of the present invention, the security verification module 43 is specifically configured to: use the first type key to verify the image header information of the secondary BOOT, and determine whether the secondary BOOT code is decrypted after the verification is successful; When the secondary BOOT code is not decrypted, the secondary BOOT code is decrypted according to the obtained second type key.

本发明实施例中,所述数据读取模块42,还用于根据预置的地址,向所述电熔丝中读取所述第二类密钥。In the embodiment of the present invention, the data reading module 42 is further configured to read the second type key from the electric fuse according to a preset address.

本领域技术人员应当理解,图4所示的芯片的安全启动装置中的各单元的实现功能可参照前述芯片的安全启动方法的相关描述而理解。图4所示的芯片的安全启动装置中的各单元的功能可通过运行于处理器上的程序而实现,也可通过具体的逻辑电路而实现。Those skilled in the art should understand that the implementation function of each unit in the secure boot device of the chip shown in FIG. 4 can be understood by referring to the relevant description of the secure boot method of the chip. The function of each unit in the secure boot device of the chip shown in FIG. 4 can be realized by a program running on the processor, or can be realized by a specific logic circuit.

本领域内的技术人员应明白,本发明的实施例可提供为方法、系统、或计算机程序产品。因此,本发明可采用硬件实施例、软件实施例、或结合软件和硬件方面的实施例的形式。而且,本发明可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器和光学存储器等)上实施的计算机程序产品的形式。As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the invention may take the form of a hardware embodiment, a software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media having computer-usable program code embodied therein, including but not limited to disk storage, optical storage, and the like.

本发明是参照根据本发明实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block in the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to the processor of a general purpose computer, special purpose computer, embedded processor or other programmable data processing device to produce a machine such that the instructions executed by the processor of the computer or other programmable data processing device produce Means for implementing the functions specified in a flow or flow of a flowchart and/or a block or blocks of a block diagram.

这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory result in an article of manufacture comprising instruction means, the instructions The apparatus implements the functions specified in the flow or flow of the flowcharts and/or the block or blocks of the block diagrams.

这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded on a computer or other programmable data processing device to cause a series of operational steps to be performed on the computer or other programmable device to produce a computer-implemented process such that The instructions provide steps for implementing the functions specified in the flow or blocks of the flowcharts and/or the block or blocks of the block diagrams.

以上所述,仅为本发明的较佳实施例而已,并非用于限定本发明的保护范围。The above descriptions are merely preferred embodiments of the present invention, and are not intended to limit the protection scope of the present invention.

Claims (10)

1.一种芯片的安全启动方法,其特征在于,所述方法包括:1. A method for safely booting a chip, wherein the method comprises: 确定安全启动类型;Determine the type of secure boot; 从电熔丝中读取与所述安全启动类型相对应的第一类密钥,其中,所述电熔丝中固化有与不同的安全启动类型分别对应的第一类密钥;Read the first type key corresponding to the secure boot type from the electric fuse, wherein the first type key corresponding to different secure boot types is solidified in the electric fuse; 在启动芯片的过程中,利用所述第一类密钥处理与所述安全启动类型相对应的安全验证。In the process of booting the chip, the first type of key is used to process the security verification corresponding to the secure boot type. 2.根据权利要求1所述的芯片的安全启动方法,其特征在于,确定安全启动类型之前,所述方法还包括:2. The method for secure booting of a chip according to claim 1, wherein before determining the secure booting type, the method further comprises: 在所述电熔丝中固化与不同的安全启动类型分别对应的第一类密钥;solidifying the first type of keys corresponding to different security activation types in the electric fuse; 其中,所述第一类密钥根据对应的安全启动类型在所述电熔丝中采用明文方式存放或者采用哈希方式存放。Wherein, the first type of key is stored in the electric fuse in a plaintext manner or in a hash manner according to the corresponding secure boot type. 3.根据权利要求1所述的芯片的安全启动方法,其特征在于,所述在启动芯片的过程中,利用所述第一类密钥处理与所述安全启动类型相对应的安全验证,包括:3 . The method for secure booting of a chip according to claim 1 , wherein, in the process of booting the chip, the first type of key is used to process the security verification corresponding to the secure boot type, comprising: 3 . : 当芯片上电后,从只读存储器中固化的代码开始依次执行指令;When the chip is powered on, the instructions are executed sequentially from the code solidified in the read-only memory; 在执行指令的过程中,利用所述第一类密钥对二级启动BOOT进行校验;In the process of executing the instruction, the second-level boot BOOT is verified by using the first-type key; 校验通过后,执行二级BOOT。After the verification is passed, the second level BOOT is executed. 4.根据权利要求3所述的芯片的安全启动方法,其特征在于,所述方法还包括:4. The method for safely booting a chip according to claim 3, wherein the method further comprises: 利用所述第一类密钥对二级BOOT的镜像头信息进行校验,校验成功后确定二级BOOT代码是否解密;Use the first type of key to verify the image header information of the secondary BOOT, and determine whether the secondary BOOT code is decrypted after the verification is successful; 当所述二级BOOT代码未解密时,依据获取到的第二类密钥对所述二级BOOT代码进行解密。When the secondary BOOT code is not decrypted, the secondary BOOT code is decrypted according to the obtained second type key. 5.根据权利要求4所述的芯片的安全启动方法,其特征在于,所述方法还包括:5. The method for safely booting a chip according to claim 4, wherein the method further comprises: 根据预置的地址,向所述电熔丝中读取所述第二类密钥。According to the preset address, the second type key is read from the electric fuse. 6.一种芯片的安全启动装置,其特征在于,所述装置包括:6. A device for safe booting of a chip, wherein the device comprises: 类型确定模块,用于确定安全启动类型;Type determination module, used to determine the type of secure boot; 数据读取模块,用于从电熔丝中读取与所述安全启动类型相对应的第一类密钥,其中,所述电熔丝中固化有与不同的安全启动类型分别对应的第一类密钥;A data reading module, used to read the first type key corresponding to the safe boot type from the electrical fuse, wherein the electrical fuse is solidified with the first key corresponding to the different safe boot type respectively class key; 安全验证模块,用于在启动芯片的过程中,利用所述第一类密钥处理与所述安全启动类型相对应的安全验证。The security verification module is configured to use the first type of key to process security verification corresponding to the secure boot type in the process of booting the chip. 7.根据权利要求6所述的芯片的安全启动装置,其特征在于,所述装置还包括:7. The secure boot device for a chip according to claim 6, wherein the device further comprises: 数据固化模块,用于在所述电熔丝中固化与不同的安全启动类型分别对应的第一类密钥;其中,所述第一类密钥根据对应的安全启动类型在所述电熔丝中采用明文方式存放或者采用哈希方式存放。A data curing module for curing first type keys corresponding to different security boot types in the electric fuse; wherein the first type keys are stored in the electric fuse according to the corresponding security boot types It is stored in plaintext or stored in hash. 8.根据权利要求6所述的芯片的安全启动装置,其特征在于,所述安全验证模块,具体用于:当芯片上电后,从只读存储器中固化的代码开始依次执行指令;在执行指令的过程中,利用所述第一类密钥对二级BOOT进行校验;校验通过后,执行二级BOOT。8. The safe booting device of a chip according to claim 6, wherein the safety verification module is specifically used for: when the chip is powered on, start executing instructions sequentially from the solidified code in the read-only memory; During the instruction process, the second-level BOOT is verified by using the first-type key; after the verification is passed, the second-level BOOT is executed. 9.根据权利要求8所述的芯片的安全启动装置,其特征在于,所述安全验证模块,具体用于:利用所述第一类密钥对二级BOOT的镜像头信息进行校验,校验成功后确定二级BOOT代码是否解密;当所述二级BOOT代码未解密时,依据获取到的第二类密钥对所述二级BOOT代码进行解密。9. The secure boot device of a chip according to claim 8, wherein the security verification module is specifically used for: using the first type key to verify the mirror header information of the secondary BOOT, verifying the After the verification is successful, it is determined whether the secondary BOOT code is decrypted; when the secondary BOOT code is not decrypted, the secondary BOOT code is decrypted according to the obtained second type key. 10.根据权利要求9所述的芯片的安全启动装置,其特征在于,所述数据读取模块,还用于根据预置的地址,向所述电熔丝中读取所述第二类密钥。10 . The secure boot device for a chip according to claim 9 , wherein the data reading module is further configured to read the second type of password from the electric fuse according to a preset address. 11 . key.
CN201610964249.3A 2016-10-28 2016-10-28 Method and device for safe booting of a chip Active CN108021812B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201610964249.3A CN108021812B (en) 2016-10-28 2016-10-28 Method and device for safe booting of a chip
PCT/CN2017/082551 WO2018076648A1 (en) 2016-10-28 2017-04-28 Secure enabling method and device for chip, and computer storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610964249.3A CN108021812B (en) 2016-10-28 2016-10-28 Method and device for safe booting of a chip

Publications (2)

Publication Number Publication Date
CN108021812A CN108021812A (en) 2018-05-11
CN108021812B true CN108021812B (en) 2020-08-18

Family

ID=62024291

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610964249.3A Active CN108021812B (en) 2016-10-28 2016-10-28 Method and device for safe booting of a chip

Country Status (2)

Country Link
CN (1) CN108021812B (en)
WO (1) WO2018076648A1 (en)

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109542518B (en) * 2018-10-09 2020-12-22 华为技术有限公司 Chip and method of starting the chip
CN111400725A (en) * 2019-01-03 2020-07-10 西安中车永电捷通电气有限公司 Method for preventing chip from locking, chip and storage medium
CN110096909B (en) * 2019-04-19 2021-04-20 深圳忆联信息系统有限公司 Method and system for ensuring stability of EFUSE key
CN110888766B (en) * 2019-11-18 2023-08-01 珠海泰芯半导体有限公司 Chip starting method
CN111143854B (en) * 2019-12-25 2021-11-30 眸芯科技(上海)有限公司 Safe starting device, system and method of chip
CN111475815A (en) * 2020-04-08 2020-07-31 上海汉枫电子科技有限公司 A code protection method for chips
CN114238926A (en) * 2021-12-03 2022-03-25 上海宏英智能科技股份有限公司 Mirror image package file verification method, device, equipment and computer storage medium
CN114880048B (en) * 2022-07-08 2022-11-29 摩尔线程智能科技(北京)有限责任公司 Safe starting method and device, electronic equipment and storage medium
CN115130114B (en) * 2022-08-31 2022-12-23 杭州云动智能汽车技术有限公司 Gateway secure starting method and device, electronic equipment and storage medium
CN119760696B (en) * 2023-09-28 2026-01-13 荣耀终端股份有限公司 Key control methods and chip boot methods
CN119987879A (en) * 2025-02-21 2025-05-13 山东云海国创云计算装备产业创新中心有限公司 A secure boot verification method, device, equipment and medium
CN120705854A (en) * 2025-08-26 2025-09-26 浪潮电子信息产业股份有限公司 Device verification method, device, storage medium and computer program product

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105278974A (en) * 2014-06-30 2016-01-27 深圳市中兴微电子技术有限公司 Chip starting method and device

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6760441B1 (en) * 2000-03-31 2004-07-06 Intel Corporation Generating a key hieararchy for use in an isolated execution environment
KR20090037712A (en) * 2007-10-12 2009-04-16 삼성전자주식회사 Secure boot-up electronic device, its hash value calculation method and boot-up method
CN101561857B (en) * 2009-04-28 2010-10-13 苏州国芯科技有限公司 Multi-mode startup safety embedded system
GB2477774A (en) * 2010-02-12 2011-08-17 Icera Inc Overriding production processor authentication restrictions through remote security unit for development code testing
EP2458522A1 (en) * 2010-11-30 2012-05-30 Nxp B.V. Electronic component with configurable functionality
WO2013179091A1 (en) * 2012-05-30 2013-12-05 Freescale Semiconductor, Inc. A semiconductor device and a method of manufacturing a semiconductor device
CN103365687B (en) * 2013-06-28 2017-02-08 北京创毅讯联科技股份有限公司 Method and device for starting processor as well as device for providing IPL (Initial Program Loader)
CN103870745B (en) * 2014-04-01 2017-08-29 联想(北京)有限公司 The method of electronic equipment and clean boot electronic equipment
US9524390B2 (en) * 2014-09-09 2016-12-20 Dell Products, Lp Method for authenticating firmware volume and system therefor

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105278974A (en) * 2014-06-30 2016-01-27 深圳市中兴微电子技术有限公司 Chip starting method and device

Also Published As

Publication number Publication date
CN108021812A (en) 2018-05-11
WO2018076648A1 (en) 2018-05-03

Similar Documents

Publication Publication Date Title
CN108021812B (en) Method and device for safe booting of a chip
TWI438686B (en) System and method for protected operating system boot using state validation
US8775784B2 (en) Secure boot up of a computer based on a hardware based root of trust
US20110246778A1 (en) Providing security mechanisms for virtual machine images
US20140115343A1 (en) Information processor, method for verifying authenticity of computer program, and computer program product
CN105678162B (en) TPM-based operating system secure boot control method
KR100792287B1 (en) Security method using self-generated encryption key and applied security device
CN107851160A (en) For carrying out multiple credible I/O that credible performing environment coexists technology under being controlled in ISA
CN104794394B (en) A kind of virtual machine starts the method and device of verification
CN112148314B (en) Mirror image verification method, device and equipment of embedded system and storage medium
CN104715208A (en) Platform integrity checking method based on TPM chip
WO2016101559A1 (en) Secure data access method and device, and computer storage medium
CN112243154B (en) Set top box safe starting method, equipment and medium
CN1969500A (en) protection software
CN112749383B (en) Software Authentication Methods and Related Products
KR20180007717A (en) Soc having double security features, and double security method for soc
CN116561734A (en) A verification method, device, computer and computer configuration system
CN107704756B (en) A security verification method and system before system upgrade
JP4537940B2 (en) Information processing apparatus and program execution control method
CN106407753A (en) Equipment safety protection method and system
CN114816549B (en) Method and system for protecting bootloader and environment variable thereof
CN114880651B (en) Method and device for realizing process white list based on file extension attribute
CN108664280A (en) A kind of embedded system start method and device
CN104408365B (en) Progress authentication method based on password
CN112733126B (en) Product license authentication method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant