CN111143887B - Safety control method, processor, integrated device and computer equipment - Google Patents
Safety control method, processor, integrated device and computer equipment Download PDFInfo
- Publication number
- CN111143887B CN111143887B CN201911342360.9A CN201911342360A CN111143887B CN 111143887 B CN111143887 B CN 111143887B CN 201911342360 A CN201911342360 A CN 201911342360A CN 111143887 B CN111143887 B CN 111143887B
- Authority
- CN
- China
- Prior art keywords
- signature
- value
- current
- unit
- signature unit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
本申请涉及一种安全控制方法、处理器、集成器件及计算机设备,属于计算机技术领域。该方法包括:接收针对当前度量目标生成的度量请求,度量请求基于签名链生成,签名链包括与多个度量目标一一对应且按照多个度量目标的设定顺序排列的多个签名单元,度量请求包括与当前度量目标对应的当前签名单元;根据当前签名单元和本地存储的本地签名单元,验证度量请求;在验证通过时,用当前签名单元更新本地签名单元;输出验证结果。本申请通过签名链将各度量目标有机串联起来,使得对各度量目标严格按照签名链上的顺序依次进行完整性与依赖性双重度量,度量目标不可被绕过也不可被替换,保证了系统的整体完整性和一致性,进一步增强了系统启动安全。
The present application relates to a security control method, a processor, an integrated device and computer equipment, and belongs to the technical field of computers. The method includes: receiving a measurement request generated for a current measurement target, the measurement request is generated based on a signature chain, the signature chain includes a plurality of signature units corresponding to a plurality of measurement targets one-to-one and arranged in a set order of the plurality of measurement targets, and the measurement The request includes the current signature unit corresponding to the current measurement target; the measurement request is verified according to the current signature unit and the locally stored local signature unit; when the verification is passed, the local signature unit is updated with the current signature unit; and the verification result is output. In this application, the measurement targets are organically connected through the signature chain, so that the integrity and dependency dual measurement of each measurement target is performed in strict accordance with the sequence on the signature chain. The measurement target cannot be bypassed or replaced, ensuring the system's Overall integrity and consistency, further enhancing system startup security.
Description
Technical Field
The application belongs to the technical field of computers, and particularly relates to a safety control method, a processor, an integrated device and computer equipment.
Background
The main work of a computer system is to execute a program, and under a normal condition, a program code and a configuration parameter thereof are kept unchanged, and the behavior of each execution of the program is completely the same. However, due to the defects in design or implementation, the program may change, and once the program changes, the behavior of the computer system is easily out of control. In order to avoid the above situation, the computer performs integrity check on the program file by using a static measurement method at the time of starting, so as to ensure that the file executed by the program is not tampered. In the prior art, whether the signature of each measurement target is valid is usually verified in an isolation manner, and whether the measurement target is successfully verified depends on the target itself. The method has the following defects in the measurement and protection of the overall integrity and consistency of the system: some metric targets are easily replaced if the signature is legitimate; even if some metric targets, such as configuration files of some devices, are bypassed at system startup, the system cannot know and take action.
Disclosure of Invention
In view of this, an object of the present application is to provide a security control method, a processor, an integrated device, and a computer apparatus, so as to enhance the security of system startup.
The embodiment of the application is realized as follows:
in a first aspect, an embodiment of the present application provides a safety control method, including: receiving a metric request generated aiming at a current metric target, wherein the metric request is generated based on a signature chain, the signature chain comprises a plurality of signature units which are in one-to-one correspondence with a plurality of metric targets and are arranged according to a set sequence of the plurality of metric targets, the current metric target is one of the plurality of metric targets, and the metric request comprises a current signature unit which is in the signature chain and corresponds to the current metric target; verifying the measurement request according to the current signature unit and a locally stored local signature unit, wherein the local signature unit is a signature unit which is previous to the current signature unit in the signature chain; when the verification is passed, updating the local signature unit by using the current signature unit; and outputting a verification result. According to the method and the device, the measurement targets are organically connected in series through the signature chain, so that the integrity and the dependency of the measurement targets are sequentially measured strictly according to the sequence on the signature chain, the measurement targets cannot be bypassed or replaced, the overall integrity and consistency of the system are guaranteed, and the system starting safety is further enhanced.
With reference to one possible implementation manner of the embodiment of the first aspect, each signature unit in the signature chain includes: a signature chain identification number; validating the metric request, comprising: verifying whether the signature chain identification number in the current signature unit is consistent with the signature chain identification number in the local signature unit; when yes, the characterization verification passes. In the embodiment of the application, the verification result can be quickly obtained by verifying whether the signature chain identification number in the current signature unit is consistent with the signature chain identification number in the local signature unit.
With reference to one possible implementation manner of the embodiment of the first aspect, each signature unit in the signature chain includes: the signature value and the Hash value of the measurement target corresponding to the signature unit are obtained, wherein the signature value of the ith signature unit in the signature chain is a value generated by carrying out encryption signature on an expanded value obtained by calculation according to the Hash value of the measurement target corresponding to the ith and (i-1) th signature units, and i is a positive integer greater than or equal to 1; validating the measurement request, including: calculating an extended value to be verified according to the Hash value in the current signature unit and the Hash value in the local signature unit; decrypting the signature value in the current signature unit and verifying whether the extended value to be verified is consistent with the decrypted signature value; or, verifying whether the value generated by the encrypted signature on the extended value to be verified is consistent with the signature value in the current signature unit; and when the extended value to be verified is consistent with the decrypted signature value, or when the value generated by carrying out the encrypted signature on the extended value to be verified is consistent with the signature value in the current signature unit, the representation verification is passed. In the embodiment of the application, the signature value of the ith signature unit is used as a value generated by carrying out encryption signature on an expansion value obtained by calculating the Hash value of the measurement target according to the ith and (i-1) th signature units, the relevance among the measurement targets is fully considered, and the change of any signature can cause the damage of a signature chain, so that the integral integrity and consistency of the signature chain are ensured, and the absolute control and safety of the starting process are further ensured.
With reference to one possible implementation manner of the embodiment of the first aspect, each signature unit in the signature chain further includes: a signature chain identification number; before calculating an extended value to be verified according to the Hash value in the current signature unit and the Hash value in the local signature unit, the method further comprises: and determining that the signature chain identification number in the current signature unit is consistent with the signature chain identification number in the local signature unit. In the embodiment of the application, before the extended value to be verified is calculated according to the Hash value in the current signature unit and the Hash value in the local signature unit, whether the signature chain identification number in the current signature unit is consistent with the signature chain identification number in the local signature unit is verified in advance, only after the signature chain identification number in the current signature unit is determined to be consistent with the signature chain identification number in the local signature unit, subsequent verification is carried out, and on the premise that the integral integrity and consistency of the signature chain are guaranteed, unnecessary verification processes can be avoided.
With reference to one possible implementation manner of the embodiment of the first aspect, the metric request further includes the current metric target; prior to verifying the metric request, the method further comprises: calculating a Hash value of the current measurement target; and determining that the Hash value in the current signature unit is consistent with the calculated Hash value. In the embodiment of the application, before the measurement request is verified, the calculated Hash value of the current measurement target is required to be consistent with the Hash value in the current signature unit, and when the calculated Hash value is inconsistent with the Hash value in the current signature unit, the conclusion of verification failure can be directly obtained, so that a subsequent verification process is not required.
With reference to a possible implementation manner of the embodiment of the first aspect, the method further includes: receiving a query request, wherein the query request comprises a request type, and the request type is used for indicating that a local signature unit stored locally is queried; and responding to the query request and returning the locally stored local signature unit. In the embodiment of the application, the local signature unit stored locally is inquired, and the stage to which the system is started is judged by combining the signature chain, so that whether the measurement of all preset targets is completed or not is judged, and a basis is provided for judging the overall health condition of the system.
With reference to a possible implementation manner of the embodiment of the first aspect, the plurality of signature units in the signature chain are a plurality of signature units corresponding to a plurality of metric targets arranged according to a starting sequence of the metric targets at system start. In the embodiment of the application, the plurality of signature units in the signature chain are a plurality of signature units which are in one-to-one correspondence with the plurality of measurement targets arranged according to the starting sequence of the measurement targets when the system is started, so that when the system is started, the integrity and dependency of each measurement target are sequentially measured strictly according to the sequence on the signature chain, the measurement targets cannot be bypassed or replaced, the integral integrity and consistency of the system are ensured, and the system starting safety is further enhanced.
In a second aspect, an embodiment of the present application further provides a security control method, which calculates a Hash value of a current measurement target; searching a current signature unit matched with the Hash value from a signature chain, wherein the signature chain comprises a plurality of signature units which are in one-to-one correspondence with a plurality of measurement targets and are arranged according to a set sequence of the measurement targets, and the current measurement target is one of the measurement targets; generating and sending a metric request, the metric request comprising: the current metric target and the current signature unit. In the embodiment of the application, the measurement targets are organically connected in series through the signature chain, so that when the current measurement target is verified, the current signature unit matched with the Hash value of the current measurement target obtained through calculation is searched from the signature chain to generate a measurement request, the integrity and the dependency of the current measurement target are strictly measured according to the sequence on the signature chain, the measurement target cannot be bypassed or replaced, the overall integrity and the consistency of a system are ensured, and the starting safety of the system is further enhanced.
In a third aspect, an embodiment of the present application further provides a processor, including: a processor core and a secure processor; a processor core, configured to generate a metric request for a current metric target, and send the metric request, where the metric request is generated based on a signature chain, where the signature chain includes a plurality of signature units that are in one-to-one correspondence with a plurality of metric targets and are arranged in a set order of the plurality of metric targets, the current metric target is one of the plurality of metric targets, and the metric request includes a current signature unit in the signature chain that corresponds to the current metric target; a security processor for receiving the metric request and verifying the metric request based on the current signature unit and a locally stored local signature unit, and updating the local signature unit with the current signature unit if verification passes; and the local signature unit is used for sending a verification result, wherein the local signature unit is a signature unit which is previous to the current signature unit in the signature chain.
With reference to a possible implementation manner of the embodiment of the third aspect, each signature unit in the signature chain includes: a signature chain identification number; the security processor is used for verifying whether the signature chain identification number in the current signature unit is consistent with the signature chain identification number in the local signature unit; when yes, the characterization verification is passed.
With reference to one possible implementation manner of the embodiment of the third aspect, each signature unit in the signature chain includes: the signature value and the Hash value of the measurement target corresponding to the signature unit are obtained, wherein the signature value of the ith signature unit in the signature chain is a value generated by carrying out encryption signature on an expanded value obtained by calculation according to the Hash value of the measurement target corresponding to the ith and (i-1) th signature units, and i is a positive integer greater than or equal to 1; the secure processor is to: calculating an extended value to be verified according to the Hash value in the current signature unit and the Hash value in the local signature unit; decrypting the signature value in the current signature unit and verifying whether the extended value to be verified is consistent with the decrypted signature value; or, verifying whether the value generated by the encrypted signature on the extended value to be verified is consistent with the signature value in the current signature unit; and when the extended value to be verified is consistent with the decrypted signature value, or when the value generated by carrying out the encrypted signature on the extended value to be verified is consistent with the signature value in the current signature unit, the representation verification is passed.
With reference to a possible implementation manner of the embodiment of the third aspect, each signature unit in the signature chain further includes: a signature chain identification number; and the safety processor is also used for determining that the signature chain identification number in the current signature unit is consistent with the signature chain identification number in the local signature unit before calculating the to-be-verified extended value according to the Hash value in the current signature unit and the Hash value in the local signature unit.
With reference to a possible implementation manner of the embodiment of the third aspect, the measurement request further includes the current measurement target, and the security processor is further configured to, before verifying the measurement request, calculate a Hash value of the current measurement target, and determine that the Hash value in the current signature unit is consistent with the calculated Hash value.
With reference to one possible implementation manner of the embodiment of the third aspect, the processor core is further configured to send a query request to the secure processor, where the query request includes a request type, and the request type is used to indicate that a local signature unit stored locally is queried; and the security processor is also used for responding to the query request and returning the locally stored local signature unit.
In a fourth aspect, an embodiment of the present application further provides an integrated device, including: a general purpose processor and a secure processor; the general processor is used for generating a measurement request aiming at a current measurement target and sending the measurement request, wherein the measurement request is generated based on a signature chain, the signature chain comprises a plurality of signature units which are in one-to-one correspondence with a plurality of measurement targets and are arranged according to a set sequence of the plurality of measurement targets, the current measurement target is one of the plurality of measurement targets, and the measurement request comprises a current signature unit which is in the signature chain and corresponds to the current measurement target; a security processor for receiving the metric request and verifying the metric request based on the current signature unit and a locally stored local signature unit, and updating the local signature unit with the current signature unit if verification passes; and the local signature unit is used for sending a verification result, wherein the local signature unit is a signature unit which is previous to the current signature unit in the signature chain.
In combination with a possible implementation manner of the embodiment of the fourth aspect, each signature unit in the signature chain includes: a signature chain identification number; the security processor is used for verifying whether the signature chain identification number in the current signature unit is consistent with the signature chain identification number in the local signature unit; when yes, the characterization verification passes.
In combination with a possible implementation manner of the embodiment of the fourth aspect, each signature unit in the signature chain includes: the signature value and the Hash value of the measurement target corresponding to the signature unit are obtained, wherein the signature value of the ith signature unit in the signature chain is a value generated by carrying out encryption signature on an expanded value obtained by calculation according to the Hash value of the measurement target corresponding to the ith and (i-1) th signature units, and i is a positive integer greater than or equal to 1; the secure processor is to: calculating an extended value to be verified according to the Hash value in the current signature unit and the Hash value in the local signature unit; decrypting the signature value in the current signature unit and verifying whether the extended value to be verified is consistent with the decrypted signature value; or, verifying whether the value generated by the encrypted signature on the extended value to be verified is consistent with the signature value in the current signature unit; and when the extended value to be verified is consistent with the decrypted signature value, or when the value generated by carrying out the encrypted signature on the extended value to be verified is consistent with the signature value in the current signature unit, the representation verification is passed.
In combination with one possible implementation manner of the embodiment of the fourth aspect, each signature unit in the signature chain further includes: a signature chain identification number; and the safety processor is also used for determining that the signature chain identification number in the current signature unit is consistent with the signature chain identification number in the local signature unit before calculating the to-be-verified extended value according to the Hash value in the current signature unit and the Hash value in the local signature unit.
With reference to a possible implementation manner of the embodiment of the fourth aspect, the measurement request further includes the current measurement target, and the security processor is further configured to calculate a Hash value of the current measurement target before verifying the measurement request, and determine that the Hash value in the current signature unit is consistent with the calculated Hash value.
With reference to one possible implementation manner of the embodiment of the fourth aspect, the general-purpose processor is further configured to send a query request to the secure processor, where the query request includes a request type, and the request type is used to indicate that a local signature unit stored locally is queried; and the security processor is also used for responding to the query request and returning the locally stored local signature unit.
In a fifth aspect, an embodiment of the present application further provides a computer device, including: a processor as described in the above embodiment of the third aspect and/or as provided in connection with any possible implementation of the embodiment of the third aspect, or an integrated device as described in the above embodiment of the fourth aspect and/or as provided in connection with any possible implementation of the embodiment of the fourth aspect.
Additional features and advantages of the application will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the embodiments of the application. The objectives and other advantages of the application may be realized and attained by the structure particularly pointed out in the written description and drawings.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings without creative efforts. The above and other objects, features and advantages of the present application will become more apparent from the accompanying drawings. Like reference numerals refer to like parts throughout the drawings. The drawings are not intended to be to scale as practical, emphasis instead being placed upon illustrating the subject matter of the present application.
Fig. 1 shows a block diagram of a computer device according to an embodiment of the present disclosure.
Fig. 2 illustrates a structural diagram of a signature chain provided in an embodiment of the present application.
Fig. 3 shows an interaction diagram of a safety control method provided in an embodiment of the present application.
Fig. 4 shows an interaction diagram of another safety control method provided in the embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined or explained in subsequent figures. Meanwhile, relational terms such as "first," "second," and the like may be used solely in the description to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
Furthermore, the term "and/or" in this application is only one kind of association relationship describing the associated object, and means that there may be three relationships, for example, a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone.
When a computer is started, in order to ensure the safety of system startup, security measurement needs to be performed on a program file to ensure that a file executed by a program is not tampered. During the research process of the present application, the inventor finds that, in the prior art, it is common to verify whether the signature of a single measurement target is valid in an isolated manner, while the measurement targets are independent of each other and have no correlation, and whether the measurement target is successfully verified depends on the target itself and is not related to other measurement targets. The existing verification mode has the defects in the measurement and protection of the overall integrity and consistency of the system: a single metric target is easily replaced if the signature is legitimate; even if some metric targets, such as configuration files of some devices, are bypassed at system startup, the system cannot know and take action. It should be noted that the defects existing in the above solutions are the results obtained after the inventors have practiced and studied carefully, and therefore, the discovery process of the above problems and the solutions proposed by the following embodiments of the present application to the above problems should be the contribution of the inventors to the present application in the process of the present application.
In view of this, the present application provides a computer security control method, which performs integrity and dependency dual measurement on each measurement target according to a fixed sequence based on a signature chain configured in a system, and the measurement target cannot be bypassed or replaced, thereby ensuring the overall integrity and consistency of the system and further enhancing the start security of the system. Wherein, each measurement target can be an image file, a configuration file or device firmware, etc.
Fig. 1 shows a block diagram of a computer device 100 according to an embodiment of the present application. The computer device 100 includes: general purpose processor 110, secure processor 120, and memory 130. The secure processor 120 and the general processor 110 may be two independent integrated chips, both of which are integrated on the motherboard to form an integrated device (e.g., an SOC chip), that is, the integrated device includes: a general purpose processor 110 and a secure processor 120. Here, soc (system on chip) refers to a system on chip, which is also called a system on chip. In one embodiment, the secure processor 120 may also be integrated into the general purpose processor 110, such as a Dhyana-family processor.
The secure processor 120 has dedicated hardware resources, such as operating memory, non-volatile memory, etc., which are isolated from the general purpose processor 110 and are not accessible to the general purpose processor 110. The secure processor 120 communicates with the general-purpose processor 110 through a fixed communication interface, and the secure processor 120 can receive data from the general-purpose processor 110 through a high-speed bus or directly access a memory address in the memory 130 designated by the general-purpose processor 110. The secure processor 120 can receive the command sent by the general-purpose processor 110 through the fixed communication interface in time, and return the execution result to the general-purpose processor 110 after executing the command.
The general Processor 110 may be a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), an Accelerated Processing Unit (Accelerated Processing Unit), or other types of processors, such as a Network Processor (NP) and an application Processor, and certainly, in some products, the application Processor is the CPU.
The Memory 130 is used for temporarily storing operation Data required by the processors (the general-purpose processor 110 and the secure processor 120) and Data exchanged with an external Memory such as a hard disk, and may be a Double Data Rate (DDR), or other memories such as a Random Access Memory (RAM), a Dynamic Random Access Memory (DRAM), and the like.
According to the method, the measurement targets are organically connected in series through the signature chain, the purpose is to establish the sequence and the irreducible sequence between the signatures corresponding to the measurement targets in the starting process, the measurement targets are sequentially verified in the sequence on the signature chain strictly by using the safety processor 120 during starting, and the change of any signature can cause the damage of the signature chain, so that the integral integrity and the consistency of the signature chain are ensured, and the absolute control and the safety of the starting process are further ensured.
Fig. 2 illustrates a structural diagram of a signature chain provided in an embodiment of the present application. The implementation form of the signature chain is flexible, in this embodiment, the signature chain may include a plurality of signature units, each signature unit has a number, where the number may be 0, 1, 2.. n, the plurality of signature units respectively correspond to the plurality of measurement targets one to one, and the plurality of signature units are arranged according to a set sequence, that is, the plurality of signature units in the signature chain are a plurality of signature units corresponding to the plurality of measurement targets one to one, which are arranged according to the start sequence of the measurement targets when the system is started. Each Signature unit has the same data structure and may include information such as a Signature Chain Identifier (SCID), a Signature value, and a Hash value of a metric target. The SCID may be used to mark that the signature unit belongs to the signature chain, and the SCID may be generated using an identifier generation tool uuid (universal Unique identifier). The Hash value of the metric target may be generated using a Hash algorithm (SM3 algorithm). The signature value of the ith signature unit may be a value generated by performing an encryption signature on an extended value calculated from a Hash value of the measurement target of the ith signature unit and a Hash value of the measurement target of the (i-1) th signature unit, where i is a positive integer greater than or equal to 1. Here, the encrypted signature may use an asymmetric cryptographic algorithm, and may be, for example, an SM2 algorithm. It should be noted that, for the first signature unit in the signature chain, the signature value of the signature unit may be obtained by performing an encrypted signature on the Hash value of the metric target of the signature unit by using an asymmetric cryptographic algorithm. The signature chain of the present application may be located in a non-volatile memory of the general processor 110, such as a hard disk or a Flash memory, so as to facilitate the overall update of the signature chain when the system is updated, and the signature chain may also be stored in other storage modules, and the general processor 110 may access the module to obtain the signature chain. In particular, each signature unit may also include other information, such as a Hash algorithm, a signature algorithm, public key information, and the like.
The private key used for generating the signature value in the embodiment of the present application may be safely kept by a trusted software provider, and the public key used for verifying the signature value may be located inside the secure processor 120, and may be modified through a secure command interface provided by the secure processor 120. In addition, when the system is initially installed, an installation package provided by a trusted software provider is used, and the installation package comprises signature chains consisting of all image files and signature units of a measurement target; when a system is updated, such as an Operating System (OS) is upgraded, a trusted software provider must generate an entire signature chain according to a new metric target, all signature units use the new signature chain identification SCID, and then install the updated image and signature chain on the system to be updated.
At system startup, the general-purpose processor 110 generates a metric request for the current metric target and sends the metric request to the security processor 120. Here, the measurement request may be generated based on a signature chain, specifically, the general processor 110 calculates a Hash value of the current measurement target, searches for a signature unit in which the Hash value is consistent with the calculated Hash value in the signature chain, that is, the current signature unit, and generates the measurement request based on the found current signature unit. Wherein the metric request includes the current signature unit. It should be noted that, when the secure processor 120 is integrated in the general-purpose processor 110, the action of generating the metric request is performed by a processor core in the general-purpose processor 110, that is, the processor core generates the metric request for the current metric target and sends the metric request.
The security processor 120 receives a metric request corresponding to the current metric target and verifies the metric request. During verification, the security processor 120 verifies the measurement request according to the current signature unit and the locally stored local signature unit, and updates the local signature unit with the current signature unit after the verification is passed; and also for sending the verification result to the general-purpose processor 110. The security processor 120 may have a Signature Unit Buffer (SUB), and when the measurement target passes verification, the Signature Unit corresponding to the measurement target is stored in the Signature Unit Buffer, and the Signature Unit stored in the Signature Unit Buffer is the local Signature Unit. The signature unit buffer SUB always holds the signature unit of the last success metric before the system is restarted. If the measurement request is verified as the first verification of the security processor 120, that is, when there is no local signature unit in the signature unit cache, the security processor 120 directly verifies the Hash value and the signature value of the current measurement target based on the current signature unit, for example, calculates the Hash value of the current measurement target, and verifies whether the Hash value in the current signature unit is consistent with the calculated Hash value. At this time, the metric request includes a current metric target and a current signature unit corresponding to the current metric target.
As an embodiment, when each signature unit in the signature chain comprises: when signing the chain identification number, the security processor 120 verifies whether the signature chain identification number in the current signature unit is consistent with the signature chain identification number in the local signature unit; when it is (consistent), the characterization verification passes.
As another embodiment, when each signature unit in the signature chain includes: the secure processor 120 is configured to calculate an extended value to be verified according to the Hash value in the current signature unit and the Hash value in the local signature unit when the signature value and the Hash value of the measurement target corresponding to the signature unit are used and when the measurement request is verified; decrypting the signature value in the current signature unit and verifying whether the extended value to be verified is consistent with the decrypted signature value; and when the extended value to be verified is consistent with the decrypted signature value, the representation verification is passed. Or, the secure processor 120 is configured to calculate an extended value to be verified according to the Hash value in the current signature unit and the Hash value in the local signature unit; verifying whether a value generated by carrying out encryption signature on an extended value to be verified is consistent with a signature value in a current signature unit; and when the value generated by carrying out encryption signature on the extended value to be verified is consistent with the signature value in the current signature unit, the representation verification is passed.
As another embodiment, when each signature unit in the signature chain includes: when the signature chain identification number, the signature value and the Hash value of the measurement target corresponding to the signature unit are determined, at this time, the security processor 120 verifies whether the signature chain identification number in the current signature unit is consistent with the signature chain identification number in the local signature unit before calculating the to-be-verified extended value according to the Hash value in the current signature unit and the Hash value in the local signature unit, and only when the signature chain identification number in the current signature unit is determined to be consistent with the signature chain identification number in the local signature unit (otherwise, a verification failure conclusion is directly obtained), the subsequent verification is performed, for example, the actions of calculating the to-be-verified extended value according to the Hash value in the current signature unit and the Hash value in the local signature unit are performed.
As another embodiment, the measurement request further includes a current measurement target, that is, the measurement request includes the current measurement target and a current signature unit corresponding to the current measurement target, in this case, the security processor 120 calculates a Hash value of the current measurement target before verifying the measurement request, verifies whether the Hash value in the current signature unit is consistent with the calculated Hash value, verifies the measurement request only when it is determined that the Hash value in the current signature unit is consistent with the calculated Hash value, and otherwise, directly obtains a result of verification failure.
As can be seen from the above embodiments, different verification methods, different information contained in each signature unit in the corresponding signature chain, and different content contained in the measurement request may also be used. The above exemplary signature chains are therefore not to be understood as limiting the application.
To facilitate determining which phase the system has been booted up to, the general purpose processor 110 may also send a query request to the secure processor 120, the query request including a request type indicating to query the locally stored local signature units. After receiving the query request, the security processor 120, when recognizing that the query request is a request for querying a locally stored local signature unit, responds to the query request, and returns the locally stored local signature unit to the general processor 110, so that the general processor 110 determines, based on the local signature unit in combination with the signature chain, which stage the system is started to, whether the measurement of all preset targets is completed, and provides a basis for the upper-layer application to determine the overall health condition of the system. It should be noted that, when the secure processor 120 is integrated in the general-purpose processor 110, the sending of the query request is performed by a processor core in the general-purpose processor 110, that is, the processor core sends the query request to the secure processor 120.
Referring to fig. 3, steps included in a safety control method provided in an embodiment of the present application will be described with reference to fig. 3.
Step S101: and sending the metric request generated aiming at the current metric target.
Calculating a Hash value of a current measurement target, searching a current signature unit matched with the Hash value from a signature chain, and generating and sending a measurement request, wherein in one implementation mode, the measurement request comprises: and the current signature unit corresponding to the current measurement target.
The signature chain comprises a plurality of signature units which are in one-to-one correspondence with the plurality of measurement targets and are arranged according to the set sequence of the plurality of measurement targets, and optionally, the plurality of signature units in the signature chain are a plurality of signature units which are in one-to-one correspondence with the plurality of measurement targets arranged according to the starting sequence of the measurement targets when the system is started. The current metrology target is one of the plurality of metrology targets.
Step S102: the metric request is validated.
The security processor receives a measurement request generated for a current measurement target, verifies the measurement request according to a current signature unit and a locally stored local signature unit, and if the current verification is the first verification, the locally stored local signature unit is empty, which is equivalent to verifying the measurement request only according to the current signature unit, and the process may be as follows: decrypting the signature value of the current signature unit by using a public key, and verifying whether the decrypted value is consistent with the Hash value of the measurement target of the current signature unit; if the verification result is consistent with the verification result, the verification is successful, otherwise, the verification fails; or, verifying whether a value generated by carrying out encryption signature on the Hash value of the measurement target of the current signature unit is consistent with the signature value of the current signature unit; if the two are consistent, the verification is successful, otherwise, the verification fails. Upon successful verification, the local signature unit is also updated based on the current signature unit. It should be noted that the criterion for determining whether the current verification is the first verification may be that the current verification is determined according to whether the system is restarted, when the system is restarted, the measurement request is received, and the current verification is the first verification, otherwise, the current verification is not the first verification.
And if the current verification is not the first verification and the locally stored local signature unit is not empty, verifying the measurement request according to the current signature unit and the locally stored local signature unit to obtain a verification result of passing (success) or failing verification.
Under one embodiment, each signature unit in the signature chain includes: when signing the chain identification number; at this time, the process of verifying the metric request may be: verifying whether the signature chain identification number in the current signature unit is consistent with the signature chain identification number in the local signature unit; when yes, the characterization verification passes.
Under yet another embodiment, each signature unit in the signature chain includes: the signature value and the Hash value of the measurement target corresponding to the signature unit; the process of verifying the metric request may be: calculating an extended value to be verified according to the Hash value in the current signature unit and the Hash value in the local signature unit; decrypting the signature value in the current signature unit and verifying whether the extended value to be verified is consistent with the decrypted signature value; or, verifying whether a value generated by encrypting and signing the extended value to be verified is consistent with a signature value in the current signature unit; and when the extended value to be verified is consistent with the decrypted signature value, or when the value generated by encrypting and signing the extended value to be verified is consistent with the signature value in the current signature unit, the representation verification is passed.
Under yet another embodiment, each signature unit in the signature chain includes: the signature chain identification number, the signature value and the Hash value of the measurement target corresponding to the signature unit; the process of validating the metric request may be: judging whether the signature chain identification number in the current signature unit is consistent with the signature chain identification number in the local signature unit, and if so, calculating an extended value to be verified according to the Hash value in the current signature unit and the Hash value in the local signature unit; decrypting the signature value in the current signature unit and verifying whether the extended value to be verified is consistent with the decrypted signature value; or, verifying whether a value generated by encrypting and signing the extended value to be verified is consistent with a signature value in the current signature unit; and when the extended value to be verified is consistent with the decrypted signature value, or when the value generated by encrypting and signing the extended value to be verified is consistent with the signature value in the current signature unit, the representation verification is passed. That is, in this embodiment, before calculating the to-be-verified extended value according to the Hash value in the current signature unit and the Hash value in the local signature unit, it is verified whether the signature chain identification number in the current signature unit is consistent with the signature chain identification number in the local signature unit, and only when determining that the signature chain identification number in the current signature unit is consistent with the signature chain identification number in the local signature unit (otherwise, a verification failure conclusion is directly obtained), the subsequent verification is performed, for example, the to-be-verified extended value is calculated according to the Hash value in the current signature unit and the Hash value in the local signature unit.
As another embodiment, the measurement request further includes a current measurement target, that is, the measurement request includes the current measurement target and a current signature unit corresponding to the current measurement target, at this time, before the measurement request is verified, a Hash value of the current measurement target is calculated, and it is verified whether the Hash value in the current signature unit is consistent with the calculated Hash value, the measurement request is verified only when it is determined that the Hash value in the current signature unit is consistent with the calculated Hash value, otherwise, a conclusion of verification failure is directly drawn.
Step S103: and returning a verification result.
And returning a verification result of passing (success) verification or failing verification, and further determining whether to suspend starting or continue starting according to the verification result.
To facilitate understanding of the verification process of the measurement request, the interaction diagram shown in fig. 4 is used as an example for the following description. It should be noted that the schematic verification process shown in fig. 4 is only one of many embodiments of the present application, and therefore, it should not be construed as limiting the present application.
When the Hash value and the signature value of the current measurement target are verified according to the current signature unit, the process may be as follows: the security processor calculates the Hash value of the current measurement target by using an SM3 algorithm, decrypts the signature value of the current signature unit by using a public key to obtain a decrypted value, and verifies whether the calculated Hash value and the decrypted value are consistent with the Hash value of the measurement target of the current signature unit; if the two are consistent, the verification is successful, otherwise, the verification fails.
When verifying the hash value and the signature value of the current measurement target according to the current signature unit and the local signature unit, the process may be as follows: calculating the Hash value of the current measurement target by using an SM3 algorithm, and verifying whether the calculated Hash value is consistent with the Hash value in the current signature unit; and when the calculated Hash value is determined to be consistent with the Hash value in the current signature unit, calculating to obtain an extended value according to the Hash value in the current signature unit and the Hash value in the local signature unit, decrypting the signature value in the current signature unit by using the public key, and verifying whether the calculated extended value is consistent with the decrypted signature value, wherein if the two verifications are consistent, the verification is successful, and otherwise, the verification fails.
According to the method and the system, all the measurement targets are organically connected in series through the signature chain, the safety processor is utilized to sequentially measure the integrity and the dependency of all the measurement targets in sequence strictly according to the sequence on the signature chain during starting, the measurement targets cannot be bypassed or replaced, the overall integrity and the consistency of the system are guaranteed, and the system starting safety is further enhanced.
The embodiment of the present application further provides a non-volatile readable storage medium (hereinafter, referred to as a storage medium), where the storage medium stores an executable program, and the executable program is executed by a computer, such as the computer device 100, to perform the above-mentioned security control method. The storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
It should be noted that, in the present specification, the embodiments are all described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments may be referred to each other.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (18)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911342360.9A CN111143887B (en) | 2019-12-26 | 2019-12-26 | Safety control method, processor, integrated device and computer equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911342360.9A CN111143887B (en) | 2019-12-26 | 2019-12-26 | Safety control method, processor, integrated device and computer equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111143887A CN111143887A (en) | 2020-05-12 |
| CN111143887B true CN111143887B (en) | 2022-05-24 |
Family
ID=70519508
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911342360.9A Active CN111143887B (en) | 2019-12-26 | 2019-12-26 | Safety control method, processor, integrated device and computer equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111143887B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111881467B (en) * | 2020-06-12 | 2022-10-28 | 海光信息技术股份有限公司 | Method and device for protecting file by using security processor, CPU and computer equipment |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105227319A (en) * | 2015-10-23 | 2016-01-06 | 浪潮电子信息产业股份有限公司 | A kind of method of authentication server and device |
| CN107908977A (en) * | 2017-09-28 | 2018-04-13 | 中国船舶重工集团公司第七0九研究所 | Intelligent mobile terminal trust chain safety transmitting method and system based on TrustZone |
| CN109245899A (en) * | 2018-09-06 | 2019-01-18 | 成都三零嘉微电子有限公司 | One kind being based on the novel trust chain design method of SM9 cryptographic algorithm |
| CN109951416A (en) * | 2017-12-20 | 2019-06-28 | 北京可信华泰信息技术有限公司 | A kind of trust authentication method and terminal |
-
2019
- 2019-12-26 CN CN201911342360.9A patent/CN111143887B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105227319A (en) * | 2015-10-23 | 2016-01-06 | 浪潮电子信息产业股份有限公司 | A kind of method of authentication server and device |
| CN107908977A (en) * | 2017-09-28 | 2018-04-13 | 中国船舶重工集团公司第七0九研究所 | Intelligent mobile terminal trust chain safety transmitting method and system based on TrustZone |
| CN109951416A (en) * | 2017-12-20 | 2019-06-28 | 北京可信华泰信息技术有限公司 | A kind of trust authentication method and terminal |
| CN109245899A (en) * | 2018-09-06 | 2019-01-18 | 成都三零嘉微电子有限公司 | One kind being based on the novel trust chain design method of SM9 cryptographic algorithm |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111143887A (en) | 2020-05-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109710315B (en) | BIOS (basic input output System) flash writing method and BIOS mirror image file processing method | |
| EP3637297A1 (en) | Securing firmware | |
| US8161285B2 (en) | Protocol-Independent remote attestation and sealing | |
| CN107545184B (en) | Credibility measuring system and method for cloud host | |
| CN104995627B (en) | Key revocation in system-on-chip devices | |
| JP5530460B2 (en) | Secure boot method and secure boot device | |
| CN110069316B (en) | Integrity verification of entities | |
| JP6391439B2 (en) | Information processing apparatus, server apparatus, information processing system, control method, and computer program | |
| US11886593B2 (en) | Verification of a provisioned state of a platform | |
| TWI582632B (en) | Method and system of entering a secured computing environment using multiple authenticated code modules,and processor | |
| TW201145069A (en) | Providing integrity verification and attestation in a hidden execution environment | |
| CN107451479A (en) | The construction method and system of a kind of trust chain | |
| US20220382874A1 (en) | Secure computation environment | |
| JP2015022521A (en) | Secure boot method, built-in apparatus, secure boot device and secure boot program | |
| CN114021106B (en) | Remote authentication method, device and system for credibility measurement | |
| CN114995894A (en) | Starting control method of operating system, terminal equipment and readable storage medium | |
| CN113468535A (en) | Credibility measuring method and related device | |
| CN112835628A (en) | A server operating system booting method, device, device and medium | |
| CN113495729A (en) | Software upgrading method and device | |
| CN117834627B (en) | Remote certification method, device, electronic device and storage medium | |
| WO2016041419A1 (en) | Trusted metric method and device | |
| CN113190880B (en) | Determining whether to perform an action on a computing device based on analysis of endorsement information of a security co-processor | |
| CN111143887B (en) | Safety control method, processor, integrated device and computer equipment | |
| JP2019133220A (en) | Integrity verification device, integrity verification system, integrity verification method and integrity verification program | |
| WO2014183643A1 (en) | Check method and check device for chip having secure startup function |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 300450 Tianjin Binhai New Area Huayuan Industrial Zone Haitai West Road 18 North 2-204 Industrial Incubation-3-8 Applicant after: Haiguang Information Technology Co., Ltd Address before: 300450 Tianjin Binhai New Area Huayuan Industrial Zone Haitai West Road 18 North 2-204 Industrial Incubation-3-8 Applicant before: HAIGUANG INFORMATION TECHNOLOGY Co.,Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |