CN111832013A - Firmware upgrade method and device - Google Patents
Firmware upgrade method and device Download PDFInfo
- Publication number
- CN111832013A CN111832013A CN202010753344.5A CN202010753344A CN111832013A CN 111832013 A CN111832013 A CN 111832013A CN 202010753344 A CN202010753344 A CN 202010753344A CN 111832013 A CN111832013 A CN 111832013A
- Authority
- CN
- China
- Prior art keywords
- firmware
- firmware file
- file
- key
- download address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Stored Programmes (AREA)
Abstract
Description
(本申请是申请号201810981834.3的专利申请的分案申请)(This application is a divisional application of the patent application with application number 201810981834.3)
技术领域technical field
本申请涉及电子技术领域,尤其涉及一种固件升级方法及装置。The present application relates to the field of electronic technologies, and in particular, to a method and device for upgrading firmware.
背景技术Background technique
固件(Firmware)是指设备内部保存的设备“驱动程序”,承担着操作系统最基础最底层的工作,通过固件,操作系统才能按照标准的设备驱动实现特定机器的运行动作。可见,在硬件设备中,固件就是硬件设备的灵魂,决定着硬件设备的功能及性能。Firmware refers to the device "driver" stored inside the device, which undertakes the most basic and bottom-level work of the operating system. Through the firmware, the operating system can realize the operation of a specific machine according to the standard device driver. It can be seen that in a hardware device, firmware is the soul of the hardware device and determines the function and performance of the hardware device.
为了修复产品缺陷、满足不断变化的需求和新功能、以及缩短产品周期,会对设备的固件进行升级。目前,在对固件进行升级的过程中,相关固件文件的保密程度较低,易于被篡改或破解,存在较大的安全隐患。To fix product defects, meet changing requirements and new features, and shorten product cycles, device firmware is upgraded. At present, in the process of upgrading the firmware, the relevant firmware files have a low degree of confidentiality and are easy to be tampered with or cracked, which poses a great security risk.
为解决上述技术问题,需要提出一种安全性较高的固件升级方法。In order to solve the above technical problems, it is necessary to propose a firmware upgrade method with high security.
发明内容SUMMARY OF THE INVENTION
本说明书实施例的目的是提供一种固件升级方法及装置,本说明书实施例是这样实现的:The purpose of the embodiments of this specification is to provide a firmware upgrade method and device, and the embodiments of this specification are implemented as follows:
第一方面,提供了一种固件升级方法,应用于服务端,所述方法包括:In a first aspect, a firmware upgrade method is provided, applied to a server, and the method includes:
采用第二密钥对第一固件文件进行加密,得到第二固件文件;Encrypt the first firmware file with the second key to obtain the second firmware file;
采用预设校验算法对所述第二固件文件进行校验,得到第一校验值;The second firmware file is verified by using a preset verification algorithm to obtain a first verification value;
向终端设备发送固件升级指令,所述固件升级指令用于指示所述终端设备进行固件升级,所述固件升级指令中携带所述第二固件文件的下载地址、所述第二密钥和所述第一校验值;所述第二固件文件的下载地址对应设置有数字证书,用于所述终端设备验证所述第二固件文件的下载地址的合法性。Send a firmware upgrade instruction to the terminal device, the firmware upgrade instruction is used to instruct the terminal device to perform firmware upgrade, and the firmware upgrade instruction carries the download address of the second firmware file, the second key and the The first check value; the download address of the second firmware file is correspondingly provided with a digital certificate, which is used by the terminal device to verify the legitimacy of the download address of the second firmware file.
第二方面,提供了一种固件升级方法,应用于终端设备,所述方法包括:In a second aspect, a firmware upgrade method is provided, applied to a terminal device, the method includes:
接收服务端发送的固件升级指令,所述固件升级指令中携带第二固件文件的下载地址、第二密钥和第一校验值,所述第二固件文件是采用第二密钥对第一固件文件进行加密得到的,所述第一校验值是采用预设校验算法对所述第二固件文件进行校验得到的;所述第二固件文件的下载地址对应设置有数字证书;Receive a firmware upgrade instruction sent by the server, where the firmware upgrade instruction carries the download address, the second key, and the first check value of the second firmware file, and the second firmware file uses the second key to pair the first The firmware file is encrypted, and the first check value is obtained by using a preset verification algorithm to verify the second firmware file; the download address of the second firmware file is correspondingly provided with a digital certificate;
对所述第二固件文件的下载地址所对应的数字证书进行验证;Verifying the digital certificate corresponding to the download address of the second firmware file;
如果验证通过,则根据所述第二固件文件的下载地址,获取所述第二固件文件;If the verification is passed, obtain the second firmware file according to the download address of the second firmware file;
采用所述预设校验算法对所述第二固件文件进行校验,得到第二校验值;The second firmware file is verified by using the preset verification algorithm to obtain a second verification value;
如果所述第二校验值与所述第一校验值匹配,则采用所述第二密钥对所述第二固件文件进行解密得到所述第一固件文件;If the second check value matches the first check value, decrypt the second firmware file by using the second key to obtain the first firmware file;
基于所述第一固件文件对所述终端设备进行固件升级。Perform firmware upgrade on the terminal device based on the first firmware file.
第三方面,提供了一种固件升级装置,应用于服务端,所述装置包括:In a third aspect, a firmware upgrade device is provided, which is applied to a server, and the device includes:
加密模块,用于采用第二密钥对第一固件文件进行加密,得到第二固件文件;an encryption module for encrypting the first firmware file with a second key to obtain a second firmware file;
第一校验模块,用于采用预设校验算法对所述第二固件文件进行校验,得到第一校验值;a first verification module, configured to verify the second firmware file by using a preset verification algorithm to obtain a first verification value;
发送模块,用于向终端设备发送固件升级指令,所述固件升级指令用于指示所述终端设备进行固件升级,所述固件升级指令中携带所述第二固件文件的下载地址、所述第二密钥和所述第一校验值;所述第二固件文件的下载地址对应设置有数字证书,用于所述终端设备验证所述第二固件文件的下载地址的合法性。A sending module, configured to send a firmware upgrade instruction to the terminal device, the firmware upgrade instruction is used to instruct the terminal device to perform firmware upgrade, and the firmware upgrade instruction carries the download address of the second firmware file, the second firmware file The key and the first check value; the download address of the second firmware file is correspondingly provided with a digital certificate, which is used by the terminal device to verify the validity of the download address of the second firmware file.
第四方面,提供了一种固件升级装置,应用于终端设备,所述装置包括:In a fourth aspect, a firmware upgrade apparatus is provided, which is applied to a terminal device, and the apparatus includes:
指令接收模块,用于接收服务端发送的固件升级指令,所述固件升级指令中携带第二固件文件的下载地址、第二密钥和第一校验值,所述第二固件文件是采用第二密钥对第一固件文件进行加密得到的,所述第一校验值是采用预设校验算法对所述第二固件文件进行校验得到的;所述第二固件文件的下载地址对应设置有数字证书;The instruction receiving module is used to receive the firmware upgrade instruction sent by the server, and the firmware upgrade instruction carries the download address, the second key and the first check value of the second firmware file, and the second firmware file adopts the first check value. Obtained by encrypting the first firmware file with the second key, and the first check value is obtained by verifying the second firmware file by using a preset check algorithm; the download address of the second firmware file corresponds to Set up with a digital certificate;
下载模块,用于对所述第二固件文件的下载地址所对应的数字证书进行验证;如果验证通过,则根据所述第二固件文件的下载地址,获取所述第二固件文件;a download module, configured to verify the digital certificate corresponding to the download address of the second firmware file; if the verification is passed, obtain the second firmware file according to the download address of the second firmware file;
第二校验模块,用于采用所述预设校验算法对所述第二固件文件进行校验,得到第二校验值;a second verification module, configured to perform verification on the second firmware file by using the preset verification algorithm to obtain a second verification value;
解密模块,用于在所述第二校验值与所述第一校验值匹配的情况下,采用所述第二密钥对所述第二固件文件进行解密得到所述第一固件文件;a decryption module, configured to decrypt the second firmware file by using the second key to obtain the first firmware file when the second check value matches the first check value;
升级模块,用于基于所述第一固件文件对所述终端设备进行固件升级。An upgrade module, configured to upgrade the firmware of the terminal device based on the first firmware file.
第五方面,提供了一种电子设备,包括:In a fifth aspect, an electronic device is provided, comprising:
处理器;以及processor; and
被安排成存储计算机可执行指令的存储器,所述可执行指令在被执行时使所述处理器执行以下操作:memory arranged to store computer-executable instructions which, when executed, cause the processor to:
采用第二密钥对第一固件文件进行加密,得到第二固件文件;Encrypt the first firmware file with the second key to obtain the second firmware file;
采用预设校验算法对所述第二固件文件进行校验,得到第一校验值;The second firmware file is verified by using a preset verification algorithm to obtain a first verification value;
向终端设备发送固件升级指令,所述固件升级指令用于指示所述终端设备进行固件升级,所述固件升级指令中携带所述第二固件文件的下载地址、所述第二密钥和所述第一校验值;所述第二固件文件的下载地址对应设置有数字证书,用于所述终端设备验证所述第二固件文件的下载地址的合法性。Send a firmware upgrade instruction to the terminal device, the firmware upgrade instruction is used to instruct the terminal device to perform firmware upgrade, and the firmware upgrade instruction carries the download address of the second firmware file, the second key and the The first check value; the download address of the second firmware file is correspondingly provided with a digital certificate, which is used by the terminal device to verify the legitimacy of the download address of the second firmware file.
第六方面,提供了一种电子设备,包括:In a sixth aspect, an electronic device is provided, comprising:
处理器;以及processor; and
被安排成存储计算机可执行指令的存储器,所述可执行指令在被执行时使所述处理器执行以下操作:memory arranged to store computer-executable instructions which, when executed, cause the processor to:
接收服务端发送的固件升级指令,所述固件升级指令中携带第二固件文件的下载地址、第二密钥和第一校验值,所述第二固件文件是采用第二密钥对第一固件文件进行加密得到的,所述第一校验值是采用预设校验算法对所述第二固件文件进行校验得到的;所述第二固件文件的下载地址对应设置有数字证书;Receive a firmware upgrade instruction sent by the server, where the firmware upgrade instruction carries the download address, the second key, and the first check value of the second firmware file, and the second firmware file uses the second key to pair the first The firmware file is encrypted, and the first check value is obtained by using a preset verification algorithm to verify the second firmware file; the download address of the second firmware file is correspondingly provided with a digital certificate;
对所述第二固件文件的下载地址所对应的数字证书进行验证;Verifying the digital certificate corresponding to the download address of the second firmware file;
如果验证通过,则根据所述第二固件文件的下载地址,获取所述第二固件文件;If the verification is passed, obtain the second firmware file according to the download address of the second firmware file;
采用所述预设校验算法对所述第二固件文件进行校验,得到第二校验值;The second firmware file is verified by using the preset verification algorithm to obtain a second verification value;
如果所述第二校验值与所述第一校验值匹配,则采用所述第二密钥对所述第二固件文件进行解密得到所述第一固件文件;If the second check value matches the first check value, decrypt the second firmware file by using the second key to obtain the first firmware file;
基于所述第一固件文件对终端设备进行固件升级。The firmware of the terminal device is upgraded based on the first firmware file.
第七方面,提供了一种计算机存储介质,所述计算机可读存储介质存储一个或多个程序,所述一个或多个程序当被包括多个应用程序的电子设备执行时,使得所述电子设备执行以下操作:In a seventh aspect, a computer storage medium is provided that stores one or more programs that, when executed by an electronic device including a plurality of application programs, cause the electronic The device does the following:
采用第二密钥对第一固件文件进行加密,得到第二固件文件;Encrypt the first firmware file with the second key to obtain the second firmware file;
采用预设校验算法对所述第二固件文件进行校验,得到第一校验值;The second firmware file is verified by using a preset verification algorithm to obtain a first verification value;
向终端设备发送固件升级指令,所述固件升级指令用于指示所述终端设备进行固件升级,所述固件升级指令中携带所述第二固件文件的下载地址、所述第二密钥和所述第一校验值;所述第二固件文件的下载地址对应设置有数字证书,用于所述终端设备验证所述第二固件文件的下载地址的合法性。Send a firmware upgrade instruction to the terminal device, the firmware upgrade instruction is used to instruct the terminal device to perform firmware upgrade, and the firmware upgrade instruction carries the download address of the second firmware file, the second key and the The first check value; the download address of the second firmware file is correspondingly provided with a digital certificate, which is used by the terminal device to verify the legitimacy of the download address of the second firmware file.
第八方面,提供了一种计算机存储介质,所述计算机可读存储介质存储一个或多个程序,所述一个或多个程序当被包括多个应用程序的电子设备执行时,使得所述电子设备执行以下操作:In an eighth aspect, there is provided a computer storage medium storing one or more programs that, when executed by an electronic device including a plurality of application programs, cause the electronic The device does the following:
接收服务端发送的固件升级指令,所述固件升级指令中携带第二固件文件的下载地址、第二密钥和第一校验值,所述第二固件文件是采用第二密钥对第一固件文件进行加密得到的,所述第一校验值是采用预设校验算法对所述第二固件文件进行校验得到的;所述第二固件文件的下载地址对应设置有数字证书;Receive a firmware upgrade instruction sent by the server, where the firmware upgrade instruction carries the download address, the second key, and the first check value of the second firmware file, and the second firmware file uses the second key to pair the first The firmware file is encrypted, and the first check value is obtained by using a preset verification algorithm to verify the second firmware file; the download address of the second firmware file is correspondingly provided with a digital certificate;
对所述第二固件文件的下载地址所对应的数字证书进行验证;Verifying the digital certificate corresponding to the download address of the second firmware file;
如果验证通过,则根据所述第二固件文件的下载地址,获取所述第二固件文件;If the verification is passed, obtain the second firmware file according to the download address of the second firmware file;
采用所述预设校验算法对所述第二固件文件进行校验,得到第二校验值;The second firmware file is verified by using the preset verification algorithm to obtain a second verification value;
如果所述第二校验值与所述第一校验值匹配,则采用所述第二密钥对所述第二固件文件进行解密得到所述第一固件文件;If the second check value matches the first check value, decrypt the second firmware file by using the second key to obtain the first firmware file;
基于所述第一固件文件对所述终端设备进行固件升级。Perform firmware upgrade on the terminal device based on the first firmware file.
由以上本说明书实施例提供的技术方案可见,本说明书实施例中,通过对开发人员开发出的新固件文件进行加密和校验,来确保固件升级过程中固件文件的内容不被破解和篡改,安全性较高。It can be seen from the technical solutions provided by the above embodiments of this specification that in the embodiments of this specification, the new firmware files developed by developers are encrypted and verified to ensure that the contents of the firmware files are not cracked and tampered with during the firmware upgrade process, High security.
附图说明Description of drawings
为了更清楚地说明本说明书实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本说明书中记载的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present specification or the prior art, the following briefly introduces the accompanying drawings required in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only These are some embodiments described in this specification. For those of ordinary skill in the art, other drawings can also be obtained according to these drawings without creative labor.
图1是本说明书的一个实施例的固件升级方法的应用场景图;1 is an application scenario diagram of a firmware upgrade method according to an embodiment of this specification;
图2是本说明书的一个实施例的固件升级方法的流程图;2 is a flowchart of a firmware upgrade method according to an embodiment of this specification;
图3是本说明书的另一个实施例的固件升级方法的流程图;3 is a flowchart of a firmware upgrade method according to another embodiment of the present specification;
图4是本说明书的一个实施例的固件升级装置的结构示意图;4 is a schematic structural diagram of a firmware upgrade apparatus according to an embodiment of the present specification;
图5是本说明书的另一个实施例的固件升级装置的结构示意图;5 is a schematic structural diagram of a firmware upgrade apparatus according to another embodiment of the present specification;
图6是本说明书的一个实施例的电子设备的结构示意图;6 is a schematic structural diagram of an electronic device according to an embodiment of the present specification;
图7是本说明书的另一个实施例的电子设备的结构示意图。FIG. 7 is a schematic structural diagram of an electronic device according to another embodiment of the present specification.
具体实施方式Detailed ways
为了使本技术领域的人员更好地理解本说明书中的技术方案,下面将结合本说明书实施例中的附图,对本说明书实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅是本说明书一部分实施例,而不是全部的实施例。基于本说明书中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都应当属于本说明书保护的范围。In order to make those skilled in the art better understand the technical solutions in this specification, the technical solutions in the embodiments of this specification will be clearly and completely described below with reference to the accompanying drawings in the embodiments of this specification. Obviously, the described The embodiments are only some of the embodiments of the present specification, but not all of the embodiments. Based on the embodiments in this specification, all other embodiments obtained by persons of ordinary skill in the art without creative efforts shall fall within the protection scope of this specification.
本说明书实施例提供了一种固件升级方法及装置。The embodiments of this specification provide a method and device for upgrading firmware.
为了便于理解,下面首先对本说明书实施例中涉及到的一些概念及应用场景进行介绍。For ease of understanding, the following first introduces some concepts and application scenarios involved in the embodiments of this specification.
空中下载技术(Over The Air,OTA):是指通过多样化的空中传输方法(包括不限于WiFi、ZigBee和BLE等)将需要升级资源或配置分发到嵌入式终端设备上,使终端设备进行自动更新升级的技术。目前,终端设备的固件升级主要通过OTA实现。Over The Air (OTA): refers to distributing resources or configurations that need to be upgraded to embedded terminal devices through a variety of over-the-air transmission methods (including but not limited to WiFi, ZigBee, and BLE, etc.) Updated technology. At present, the firmware upgrade of terminal equipment is mainly realized through OTA.
消息队列遥测传输(Message Queuing Telemetry Transport,MQTT):是IBM开发的一个即时通讯协议,属于轻量级传输协议。Message Queuing Telemetry Transport (MQTT): It is an instant messaging protocol developed by IBM and is a lightweight transport protocol.
非对称加密:非对称加密算法是一种密钥的保密方法,涉及公开密钥和私有密钥,其中,公开密钥与私有密钥是一对,如果用私有密钥对数据进行加密,只有用对应的公开密钥才能解密;如果用公开密钥对数据进行加密,只有用对应的私有密钥才能解密。Asymmetric encryption: Asymmetric encryption algorithm is a key encryption method, involving public key and private key, in which the public key and the private key are a pair, if the data is encrypted with the private key, only the It can only be decrypted with the corresponding public key; if the data is encrypted with the public key, it can only be decrypted with the corresponding private key.
对称加密:对称加密算法是一种密钥的保密方法,采用单钥密钥加密,同一个密钥可以同时用作数据的加密和解密,也称为单密钥加密。Symmetric Encryption: Symmetric encryption algorithm is a secret key method, using single-key key encryption, the same key can be used for data encryption and decryption at the same time, also known as single-key encryption.
数字摘要:数字摘要是将任意长度的消息变成固定长度的短消息,它类似于一个自变量是消息的函数,也就是Hash函数。数字摘要采用单向Hash函数将需要加密的明文“摘要”成一串固定长度(例如128位)的密文这一串密文又称为数字指纹,它有固定的长度,而且不同的明文摘要成密文,其结果总是不同的,而同样的明文其摘要必定一致。Digital digest: Digital digest is to turn a message of any length into a short message of fixed length, which is similar to a function whose argument is the message, that is, the Hash function. The digital digest uses a one-way Hash function to "digest" the plaintext to be encrypted into a string of ciphertexts with a fixed length (for example, 128 bits). This string of ciphertexts is also called a digital fingerprint. The result of ciphertext is always different, and the digest of the same plaintext must be the same.
启动装载(BootLoader):是嵌入式系统在加电后执行的第一段代码,在它完成CPU和相关硬件的初始化之后,再将操作系统映像或固化的嵌入式应用程序装在到内存中然后跳转到操作系统所在的空间,启动操作系统运行。Boot Loader: It is the first piece of code executed after the embedded system is powered on. After it completes the initialization of the CPU and related hardware, the operating system image or the solidified embedded application is loaded into the memory and then Jump to the space where the operating system is located, and start the operating system to run.
本说明书实施例技术方案的应用场景:应用场景中包括:开发环境、管理中心、服务端和终端设备;其中,开发人员在开发环境中开发固件文件,开发人员开发的固件文件称为“源固件文件”,源固件文件用于终端设备的固件升级;管理中心用于对开发人员开发的源固件文件进行存储和版本信息管理,在开发人员开发出新的源固件文件后,管理中心会将新的源固件文件录入到该管理中心中,为了确保源固件文件的合法性,管理中心会对新的源固件进行非对称加密,并将非对称加密得到的固件文件提供给服务端;服务端对来自管理中心的固件文件进行一系列处理后,将处理后的固件文件的下载地址提供给终端设备;终端设备根据来自服务端的固件文件下载地址去下载固件文件,对下载得到的固件文件进行校验、解密,如果校验通过、且解密成功,则会得到源固件文件,使用源固件文件对终端设备的固件进行升级。Application scenarios of the technical solutions of the embodiments of this specification: The application scenarios include: a development environment, a management center, a server, and a terminal device; wherein, developers develop firmware files in the development environment, and the firmware files developed by developers are called "source firmware files". file”, the source firmware file is used for firmware upgrade of the terminal device; the management center is used to store and manage the version information of the source firmware file developed by the developer. After the developer develops a new source firmware file, the management center will update the The source firmware file is entered into the management center. In order to ensure the legitimacy of the source firmware file, the management center will asymmetrically encrypt the new source firmware, and provide the firmware file obtained by asymmetric encryption to the server; After a series of processing of the firmware file from the management center, the download address of the processed firmware file is provided to the terminal device; the terminal device downloads the firmware file according to the firmware file download address from the server, and verifies the downloaded firmware file. , decryption, if the verification is passed and the decryption is successful, the source firmware file will be obtained, and the firmware of the terminal device will be upgraded using the source firmware file.
接下来对本说明书实施例提供的一种固件升级方法进行介绍。Next, a firmware upgrade method provided by the embodiments of this specification will be introduced.
图2是本说明书的一个实施例的固件升级方法的流程图,该方法应用于服务端,如图2所示,该方法可以包括以下步骤:步骤204、步骤206和步骤208,其中,FIG. 2 is a flowchart of a firmware upgrade method according to an embodiment of the present specification. The method is applied to a server. As shown in FIG. 2, the method may include the following steps:
在步骤204中,采用第二密钥对第一固件文件进行加密,得到第二固件文件。In
本说明书实施例中,为了避免传输过程中固件文件的数据和业务逻辑的泄露,服务端会对第一固件文件进行加密。考虑到AES加密算法具备运算速度快,安全性高以及资源消耗少等优点,因此,可以优先选择采用AES加密算法对第一固件进行加密,此时,第二密钥为AES密钥。In the embodiment of this specification, in order to avoid leakage of data and business logic of the firmware file during transmission, the server encrypts the first firmware file. Considering that the AES encryption algorithm has the advantages of fast operation speed, high security, and low resource consumption, it is preferable to use the AES encryption algorithm to encrypt the first firmware. In this case, the second key is the AES key.
其中,第一固件文件可以是源固件文件也可以是对源固件文件进行如加密等处理后得到的固件文件。本实施例中对源固件文件经处理得到第一固件文件所采用的具体处理方式不做限定。The first firmware file may be a source firmware file or a firmware file obtained by performing processing such as encryption on the source firmware file. In this embodiment, the specific processing manner used to obtain the first firmware file by processing the source firmware file is not limited.
例如,在步骤204之前,还可以执行如下处理步骤得到第一固件文件:For example, before
获取第一固件文件,其中,第一固件文件是采用第一密钥对源固件文件进行加密得到的,第一密钥为私有密钥。Obtain a first firmware file, where the first firmware file is obtained by encrypting the source firmware file with a first key, and the first key is a private key.
本说明书实施例中,源固件文件为开发人员在开发环境中开发的固件文件,源固件文件为非加密的文件。In the embodiment of this specification, the source firmware file is a firmware file developed by a developer in a development environment, and the source firmware file is a non-encrypted file.
本说明书实施例中,在开发人员在开发环境中开发(或编译)出新的源固件文件后,会将其录入管理中心中进行存储,管理中心会对源固件文件进行非对称加密,得到非对称加密后的固件文件,即第一固件文件;具体的,管理中心可以采用RSA加密算法的私有密钥对源固件文件进行加密,得到第一固件文件。相应的,服务端从管理中心中获取第一固件文件。In the embodiment of this specification, after the developer develops (or compiles) a new source firmware file in the development environment, it will be entered into the management center for storage, and the management center will asymmetrically encrypt the source firmware file to obtain a non-symmetrical encryption of the source firmware file. The symmetrically encrypted firmware file is the first firmware file; specifically, the management center can encrypt the source firmware file with the private key of the RSA encryption algorithm to obtain the first firmware file. Correspondingly, the server obtains the first firmware file from the management center.
在步骤206中,采用预设校验算法对第二固件文件进行校验,得到第一校验值。In
本说明书实施例中,保证固件升级过程的安全性,服务端会对第二固件文件进行校验,其中,校验算法可以包括:SHA256校验算法、SHA128校验算法或MD5校验算法。具体的,当校验算法为SHA256校验算法时,第一校验值为256位的字符串;具体的,当校验算法为SHA128校验算法时,第一校验值为128位的字符串;具体的,当校验算法为MD5校验算法时,第一校验值为128位的字符串。In the embodiment of this specification, to ensure the security of the firmware upgrade process, the server will verify the second firmware file, where the verification algorithm may include: SHA256 verification algorithm, SHA128 verification algorithm or MD5 verification algorithm. Specifically, when the verification algorithm is the SHA256 verification algorithm, the first verification value is a 256-bit character string; specifically, when the verification algorithm is the SHA128 verification algorithm, the first verification value is a 128-bit character string String; specifically, when the check algorithm is the MD5 check algorithm, the first check value is a 128-bit character string.
在步骤206中,向终端设备发送固件升级指令,其中,固件升级指令用于指示终端设备进行固件升级,固件升级指令中携带第二固件文件的下载地址、第二密钥和第一校验值。In
本说明书实施例中,当检测到终端设备中的固件版本低于源固件文件的版本时,向该终端设备发送固件升级指令。In the embodiment of this specification, when it is detected that the firmware version in the terminal device is lower than the version of the source firmware file, a firmware upgrade instruction is sent to the terminal device.
考虑到固件升级指令中携带的数据量比较小,本说明书实施例中,可以通过轻量级传输协议,向终端设备发送固件升级指令;其中,轻量级传输协议可以包括:MQTT协议或CoAP协议。Considering that the amount of data carried in the firmware upgrade instruction is relatively small, in the embodiment of this specification, the firmware upgrade instruction may be sent to the terminal device through a lightweight transmission protocol; wherein, the lightweight transmission protocol may include: MQTT protocol or CoAP protocol .
本说明书实施例中,服务端可以接收终端设备上报的状态信息,其中,状态信息可以包括下述至少一项:固件的版本信息和固件的安装进度信息,固件的版本信息用于确定终端设备是否需要进行固件升级。In the embodiment of this specification, the server may receive status information reported by the terminal device, where the status information may include at least one of the following: firmware version information and firmware installation progress information, and the firmware version information is used to determine whether the terminal device is A firmware upgrade is required.
本说明书实施例中,如果终端设备在固件升级过程中发生错误,则服务端可以根据固件的安装进度信息进行错误定位。In the embodiment of this specification, if an error occurs in the firmware upgrade process of the terminal device, the server can locate the error according to the installation progress information of the firmware.
本说明书实施例中,如果终端设备的固件升级失败,则服务端可以在终端设备重启时再次下发固件升级指令。In the embodiment of this specification, if the firmware upgrade of the terminal device fails, the server may issue the firmware upgrade instruction again when the terminal device restarts.
由上述实施例可见,该实施例中,通过对开发人员开发出的新固件文件(即源固件文件)进行多次加密和校验,来确保固件升级过程中固件文件的内容不被破解和篡改,安全性较高。As can be seen from the above-mentioned embodiment, in this embodiment, the new firmware file (namely the source firmware file) developed by the developer is encrypted and verified multiple times to ensure that the content of the firmware file is not cracked and tampered with during the firmware upgrade process. , higher security.
图3是本说明书的另一个实施例的固件升级方法的流程图,该方法应用于终端设备,如图3所示,该方法可以包括以下步骤:步骤302、步骤304、步骤306、步骤308和步骤310,其中,FIG. 3 is a flowchart of a firmware upgrade method according to another embodiment of the present specification. The method is applied to a terminal device. As shown in FIG. 3 , the method may include the following steps:
在步骤302中,接收服务端发送的固件升级指令,其中,固件升级指令中携带第二固件文件的下载地址、第二密钥和第一校验值,第二固件文件是采用第二密钥对第一固件文件进行加密得到的,第一校验值是采用预设校验算法对第二固件文件进行校验得到的。In
在步骤304中,根据第二固件文件的下载地址,获取第二固件文件。In
本说明书实施例中,通过可以HTTPS证书认证的方式,验证固件文件的下载地址的合法性,从而确保固件升级指令中的固件文件下载地址和校验值未被篡改,相应的,上述步骤304具体可以包括以下步骤:In the embodiment of this specification, the legality of the download address of the firmware file is verified by means of HTTPS certificate authentication, so as to ensure that the download address and check value of the firmware file in the firmware upgrade instruction are not tampered with. Correspondingly, the
获取第二固件文件的下载地址对应的数字证书;Obtain the digital certificate corresponding to the download address of the second firmware file;
判断数字证书是否处于预设白名单中,如果数字证书处于预设白名单中,则从第二固件文件的下载地址获取第二固件文件,其中,预设白名单中的数字证书为合法数字证书。Determine whether the digital certificate is in the preset whitelist, and if the digital certificate is in the preset whitelist, obtain the second firmware file from the download address of the second firmware file, wherein the digital certificate in the preset whitelist is a legal digital certificate .
本说明书实施例中,可以获取第二固件文件的下载地址对应的证书,通过预先存储的合法下载地址的根证书对所获取的证书进行验证;如果验证通过,则从第二固件文件的下载地址获取第二固件文件。具体的,在终端设备中预埋合法下载地址的根证书,当需要从下载地址获取固件文件(即需要与服务端进行通信)时,通过下载地址中包括的主机域名,获取主机(即服务端)的证书,使用预设的验证算法和预埋的根证书,对主机的证书进行验证,如果验证通过,则表明主机是合法的,此时从下载地址下载相应的固件文件,如果验证未通过,则表明主机是非法的,此时不从下载地址下载相应的固件文件。In the embodiment of this specification, the certificate corresponding to the download address of the second firmware file can be obtained, and the obtained certificate can be verified by using the pre-stored root certificate of the legal download address; Get the second firmware file. Specifically, the root certificate of the legal download address is pre-embedded in the terminal device. When the firmware file needs to be obtained from the download address (that is, it needs to communicate with the server), the host (ie the server needs to be communicated) is obtained through the host domain name included in the download address. ) certificate, use the preset verification algorithm and the pre-embedded root certificate to verify the host's certificate, if the verification is passed, it means that the host is legal, then download the corresponding firmware file from the download address, if the verification fails , it indicates that the host is illegal, and the corresponding firmware file will not be downloaded from the download address at this time.
在步骤306中,采用预设校验算法对第二固件文件进行校验,得到第二校验值。In
本说明书实施例中,为了确保固件文件的合法性,终端设备会对下载得到的固件文件进行校验,得到校验值,通过将该校验值与固件升级指令中携带的校验值进行比较,确定该固件文件的合法性;其中,如果两者匹配(即相同),则表明该固件文件是合法的,未被篡改;如果两者不匹配(即不相同),则表明该固件文件是非法的,已被篡改,这种情况下,不再执行该固件文件的后续升级操作。In the embodiment of this specification, in order to ensure the legality of the firmware file, the terminal device will check the downloaded firmware file to obtain a check value, and compare the check value with the check value carried in the firmware upgrade instruction , determine the legitimacy of the firmware file; if the two match (that is, the same), it indicates that the firmware file is legal and has not been tampered with; if the two do not match (that is, not the same), it indicates that the firmware file is Illegal, it has been tampered with, in this case, the subsequent upgrade operation of the firmware file is no longer performed.
在步骤308中,如果第二校验值与第一校验值匹配,则采用第二密钥对第二固件文件进行解密得到第一固件文件。。In
本说明书实施例中,使用固件升级指令中携带的密钥对下载得到的固件文件进行解密,得到解密后的固件文件,该固件文件可用于对终端设备进行固件升级。In the embodiment of this specification, the downloaded firmware file is decrypted using the key carried in the firmware upgrade instruction to obtain a decrypted firmware file, which can be used to upgrade the firmware of the terminal device.
在步骤310中,基于第一固件文件对终端设备进行固件升级。In
在一些实施例中,第一固件文件可以直接为源固件文件,因此可以直接使用第一固件文件对终端设备进行固件升级。In some embodiments, the first firmware file may be the source firmware file directly, so the terminal device may be upgraded with firmware directly by using the first firmware file.
在另一些实施例中,由于使用固件升级指令中携带的密钥解密得到的固件文件可能仍然为加密的固件文件,因此需要对第一固件文件进行进一步解密得到源固件文件才能实现对终端设备进行固件升级。In some other embodiments, since the firmware file obtained by decryption using the key carried in the firmware upgrade instruction may still be an encrypted firmware file, it is necessary to further decrypt the first firmware file to obtain the source firmware file in order to realize the process of the terminal device. Firmware upgrade.
例如,在服务端采用第二密钥对第一固件文件进行加密,得到第二固件文件之前,该第一固件文件已经是采用第一密钥对源固件文件进行加密得到的,且第一密钥为私有密钥。相应地,在执行本步骤之前,可具体执行如下步骤:For example, before the server uses the second key to encrypt the first firmware file and obtains the second firmware file, the first firmware file has been obtained by encrypting the source firmware file with the first key, and the first key is used to encrypt the source firmware file. The key is the private key. Correspondingly, before performing this step, the following steps can be specifically performed:
采用预先存储的第三密钥对第一固件文件进行解密得到源固件文件,第三密钥为第一密钥对应的公开密钥。The source firmware file is obtained by decrypting the first firmware file with a pre-stored third key, where the third key is a public key corresponding to the first key.
具体地,终端设备会预先存储用于固件文件签名的公开密钥(即第三密钥)和私有密钥(即第一密钥)。在终端设备使用固件升级指令中携带的密钥解密得到的固件文件为加密的固件文件、且是使用私有密钥加密的固件文件、且终端设备本地维护了该私有密钥对应的公开密钥时,终端设备可以使用对应的公开密钥对前述固件文件进行解密,如果解密失败,则说明固件文件为非法的,已被篡改,在这种情况下,不再执行该固件文件的后续升级操作;如果解密成功,则根据解密得到的固件文件(即源固件文件)对终端设备进行固件升级。Specifically, the terminal device will pre-store the public key (ie the third key) and the private key (ie the first key) for signing the firmware file. When the firmware file decrypted by the terminal device using the key carried in the firmware upgrade instruction is an encrypted firmware file and a firmware file encrypted with a private key, and the terminal device locally maintains the public key corresponding to the private key , the terminal device can use the corresponding public key to decrypt the aforementioned firmware file. If the decryption fails, it means that the firmware file is illegal and has been tampered with. In this case, the subsequent upgrade operation of the firmware file is no longer performed; If the decryption is successful, the firmware of the terminal device is upgraded according to the decrypted firmware file (ie, the source firmware file).
基于此,在执行本步骤时,可直接使用解密得到的源固件文件对终端设备进行固件升级。Based on this, when this step is performed, the source firmware file obtained by decryption can be directly used to upgrade the firmware of the terminal device.
本说明书实施例中,可以将源固件文件写入终端设备的闪存中。在将源固件文件写入终端设备的闪存中后,可以立即重启终端设备以完成固件的升级;也可以设置预设时长后或到达预设时间点时,重启终端设备以完成固件的升级。In the embodiment of this specification, the source firmware file may be written into the flash memory of the terminal device. After the source firmware file is written into the flash memory of the terminal device, the terminal device can be restarted immediately to complete the firmware upgrade; it is also possible to restart the terminal device to complete the firmware upgrade after setting a preset time period or when the preset time point is reached.
本说明书实施例中,可以对终端设备的闪存进行加密,以确保闪存中所存储数据的安全性。具体的,如果终端设备的闪存为加密的,则向闪存中写入数据时需要先对闪存进行解密,之后再写入数据;以及从闪存中读取数据时需要先对闪存进行解密,之后再读取数据。In the embodiment of this specification, the flash memory of the terminal device may be encrypted to ensure the security of data stored in the flash memory. Specifically, if the flash memory of the terminal device is encrypted, when writing data into the flash memory, the flash memory needs to be decrypted first, and then the data is written; and when reading data from the flash memory, the flash memory needs to be decrypted first, and then Read data.
本说明书实施例中,为了保证终端设备的启动装载BootLoader不被篡改,可以采用第四密钥对终端设备的BootLoader进行加密,并对加密后的BootLoader进行校验,得到第三校验值;将第三校验值存储至终端设备的闪存中,以便当终端设备再次启动时需要对BootLoader进行校验,只校验通过后才可以启动;在这种情况下,可以将第三密钥预先存储在BootLoader中,以确保第三密钥的安全性。其中,第四密钥可以为Security Boot开启后生成的一个256位的字符串,可以将该字符串作为AES密钥对BootLoader进行加密,可以将第三校验值存储在闪存0x0开始的位置。In the embodiment of this specification, in order to ensure that the BootLoader of the terminal device is not tampered with, a fourth key can be used to encrypt the BootLoader of the terminal device, and the encrypted BootLoader is verified to obtain a third check value; The third check value is stored in the flash memory of the terminal device, so that when the terminal device starts up again, the BootLoader needs to be checked, and it can be started only after the check is passed; in this case, the third key can be stored in advance In BootLoader to ensure the security of the third key. The fourth key can be a 256-bit character string generated after Security Boot is turned on, the character string can be used as an AES key to encrypt BootLoader, and the third check value can be stored in the position starting from 0x0 of the flash memory.
本说明书实施例中,终端设备可以向服务端上报状态信息,其中,状态信息包括下述至少一项:固件的版本信息和固件的安装进度信息,固件的版本信息用于确定终端设备是否需要进行固件升级,固件的安装进度信息用于服务端进行固件升级错误的定位。In the embodiment of this specification, the terminal device may report status information to the server, wherein the status information includes at least one of the following: firmware version information and firmware installation progress information, and the firmware version information is used to determine whether the terminal device needs to perform Firmware upgrade, the firmware installation progress information is used by the server to locate firmware upgrade errors.
由上述实施例可见,该实施例中,通过对开发人员开发出的新固件文件进行加密和校验,来确保固件升级过程中固件文件的内容不被破解和篡改,安全性较高。It can be seen from the above embodiment that in this embodiment, the new firmware file developed by the developer is encrypted and verified to ensure that the content of the firmware file is not cracked and tampered with during the firmware upgrade process, and the security is high.
图4是本说明书的一个实施例的固件升级装置的结构示意图,该固件升级装置应用于服务端,在一种软件实施方式中,固件升级装置400,可以包括:加密模块402、第一校验模块403和发送模块404,其中,4 is a schematic structural diagram of a firmware upgrade apparatus according to an embodiment of the present specification. The firmware upgrade apparatus is applied to a server. In a software implementation, the
加密模块402,用于采用第二密钥对第一固件文件进行加密,得到第二固件文件;an
第一校验模块403,用于采用预设校验算法对所述第二固件文件进行校验,得到第一校验值;A
发送模块404,用于向终端设备发送固件升级指令,所述固件升级指令用于指示所述终端设备进行固件升级,所述固件升级指令中携带所述第二固件文件的下载地址、所述第二密钥和所述第一校验值。The sending
由上述实施例可见,该实施例中,通过对开发人员开发出的新固件文件进行加密和校验,来确保固件升级过程中固件文件的内容不被破解和篡改,安全性较高。It can be seen from the above embodiment that in this embodiment, the new firmware file developed by the developer is encrypted and verified to ensure that the content of the firmware file is not cracked and tampered with during the firmware upgrade process, and the security is high.
可选地,作为一个实施例,所述发送模块404,可以包括:Optionally, as an embodiment, the sending
指令发送子模块,用于通过轻量级传输协议,向所述终端设备发送固件升级指令。The instruction sending sub-module is configured to send a firmware upgrade instruction to the terminal device through a lightweight transmission protocol.
可选地,作为一个实施例,所述第二密钥包括:AES密钥。Optionally, as an embodiment, the second key includes: an AES key.
可选地,作为一个实施例,所述预设校验算法包括:SHA256校验算法、SHA128校验算法或MD5校验算法。Optionally, as an embodiment, the preset verification algorithm includes: SHA256 verification algorithm, SHA128 verification algorithm or MD5 verification algorithm.
可选地,作为一个实施例,所述固件升级装置400,还可以包括:Optionally, as an embodiment, the
接收所述终端设备上报的状态信息,所述状态信息包括下述至少一项:固件的版本信息和固件的安装进度信息。Status information reported by the terminal device is received, where the status information includes at least one of the following: firmware version information and firmware installation progress information.
可选地,作为一个实施例,所述固件升级装置400还可包括:Optionally, as an embodiment, the
获取模块,用于获取所述第一固件文件,所述第一固件文件是采用第一密钥对源固件文件进行加密得到的,所述第一密钥为私有密钥。an obtaining module, configured to obtain the first firmware file, where the first firmware file is obtained by encrypting the source firmware file with a first key, and the first key is a private key.
图5是本说明书的另一个实施例的固件升级装置的结构示意图,该固件升级装置应用于终端设备,在一种软件实施方式中,固件升级装置500,可以包括:指令接收模块501、下载模块502、第二校验模块503、解密模块504和升级模块505,其中,5 is a schematic structural diagram of a firmware upgrade apparatus according to another embodiment of the present specification. The firmware upgrade apparatus is applied to a terminal device. In a software implementation, the
指令接收模块501,用于接收服务端发送的固件升级指令,所述固件升级指令中携带第二固件文件的下载地址、第二密钥和第一校验值,所述第二固件文件是采用第二密钥对第一固件文件进行加密得到的,所述第一校验值是采用预设校验算法对所述第二固件文件进行校验得到的;The
下载模块502,用于根据所述第二固件文件的下载地址,获取所述第二固件文件;A
第二校验模块503,用于采用所述预设校验算法对所述第二固件文件进行校验,得到第二校验值;The
解密模块504,用于在所述第二校验值与所述第一校验值匹配的情况下,采用所述第二密钥对所述第二固件文件进行解密得到所述第一固件文件;A
升级模块505,用于基于所述源固件文件对所述终端设备进行固件升级。An
由上述实施例可见,该实施例中,通过对开发人员开发出的新固件文件(即源固件文件)进行多次加密和校验,来确保固件升级过程中固件文件的内容不被破解和篡改,安全性较高。As can be seen from the above-mentioned embodiment, in this embodiment, the new firmware file (namely the source firmware file) developed by the developer is encrypted and verified multiple times to ensure that the content of the firmware file is not cracked and tampered with during the firmware upgrade process. , higher security.
可选地,作为一个实施例,所述第一固件文件是采用第一密钥对源固件文件进行加密得到的,所述第一密钥为私有密钥;Optionally, as an embodiment, the first firmware file is obtained by encrypting the source firmware file with a first key, and the first key is a private key;
相应地,所述解密模块504,用于采用预先存储的第三密钥对所述第一固件文件进行解密得到所述源固件文件,所述第三密钥为所述第一密钥对应的公开密钥;所述升级模块505,用于使用所述源固件文件对所述终端设备进行固件升级。Correspondingly, the
可选地,作为一个实施例,所述下载模块502,可以包括:Optionally, as an embodiment, the
证书获取子模块,用于获取所述第二固件文件的下载地址对应的证书;a certificate obtaining submodule, configured to obtain a certificate corresponding to the download address of the second firmware file;
验证子模块,用于通过预先存储的合法下载地址的根证书对所获取的证书进行验证;The verification sub-module is used to verify the obtained certificate through the root certificate of the pre-stored legal download address;
固件文件下载子模块,用于在验证通过的情况下,从所述第二固件文件的下载地址获取所述第二固件文件。The firmware file download submodule is configured to acquire the second firmware file from the download address of the second firmware file when the verification is passed.
可选地,作为一个实施例,所述固件升级装置500,还可以包括:Optionally, as an embodiment, the
加密子模块,用于采用第四密钥对所述终端设备的BootLoader进行加密,并对加密后的BootLoader进行校验,得到第三校验值;an encryption submodule, used for encrypting the BootLoader of the terminal device with a fourth key, and verifying the encrypted BootLoader to obtain a third check value;
存储子模块,用于将所述第三校验值存储至所述终端设备的闪存中。A storage submodule, configured to store the third check value in the flash memory of the terminal device.
可选地,作为一个实施例,所述第三密钥预先存储在所述BootLoader中。Optionally, as an embodiment, the third key is pre-stored in the BootLoader.
可选地,作为一个实施例,所述升级模块505,可以包括:Optionally, as an embodiment, the
升级子模块,用于将所述源固件文件写入所述终端设备的闪存中。The upgrade submodule is used for writing the source firmware file into the flash memory of the terminal device.
可选地,作为一个实施例,所述固件升级装置500,还可以包括:Optionally, as an embodiment, the
上报模块,用于向所述服务端上报状态信息,所述状态信息包括下述至少一项:固件的版本信息和固件的安装进度信息。A reporting module, configured to report status information to the server, where the status information includes at least one of the following: firmware version information and firmware installation progress information.
图6是本说明书的一个实施例的电子设备的结构示意图,该电子设备可以为服务端,如图6所示,在硬件层面,该电子设备包括处理器,可选地还包括内部总线、网络接口、存储器。其中,存储器可能包含内存,例如高速随机存取存储器(Random-Access Memory,RAM),也可能还包括非易失性存储器(non-volatile memory),例如至少1个磁盘存储器等。当然,该电子设备还可能包括其他业务所需要的硬件。FIG. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present specification. The electronic device may be a server. As shown in FIG. 6 , at the hardware level, the electronic device includes a processor, optionally an internal bus, a network interface, memory. The memory may include memory, such as high-speed random-access memory (Random-Access Memory, RAM), or may also include non-volatile memory (non-volatile memory), such as at least one disk memory. Of course, the electronic equipment may also include hardware required for other services.
处理器、网络接口和存储器可以通过内部总线相互连接,该内部总线可以是ISA(Industry Standard Architecture,工业标准体系结构)总线、PCI(PeripheralComponent Interconnect,外设部件互连标准)总线或EISA(Extended Industry StandardArchitecture,扩展工业标准结构)总线等。所述总线可以分为地址总线、数据总线、控制总线等。为便于表示,图6中仅用一个双向箭头表示,但并不表示仅有一根总线或一种类型的总线。The processor, the network interface, and the memory can be connected to each other through an internal bus, which can be an ISA (Industry Standard Architecture, industry standard architecture) bus, a PCI (Peripheral Component Interconnect, peripheral component interconnect standard) bus or an EISA (Extended Industry Standard) bus. StandardArchitecture, extended industry standard structure) bus, etc. The bus can be divided into an address bus, a data bus, a control bus, and the like. For ease of representation, only one bidirectional arrow is shown in FIG. 6, but it does not mean that there is only one bus or one type of bus.
存储器,用于存放程序。具体地,程序可以包括程序代码,所述程序代码包括计算机操作指令。存储器可以包括内存和非易失性存储器,并向处理器提供指令和数据。memory for storing programs. Specifically, the program may include program code, and the program code includes computer operation instructions. The memory may include memory and non-volatile memory and provide instructions and data to the processor.
处理器从非易失性存储器中读取对应的计算机程序到内存中然后运行,在逻辑层面上形成固件升级装置。处理器,执行存储器所存放的程序,并具体用于执行以下操作:The processor reads the corresponding computer program from the non-volatile memory into the memory and runs it, forming a firmware upgrade device on a logical level. The processor executes the program stored in the memory, and is specifically used to perform the following operations:
采用第二密钥对第一固件文件进行加密,得到第二固件文件;Encrypt the first firmware file with the second key to obtain the second firmware file;
采用预设校验算法对所述第二固件文件进行校验,得到第一校验值;The second firmware file is verified by using a preset verification algorithm to obtain a first verification value;
向终端设备发送固件升级指令,所述固件升级指令用于指示所述终端设备进行固件升级,所述固件升级指令中携带所述第二固件文件的下载地址、所述第二密钥和所述第一校验值。Send a firmware upgrade instruction to the terminal device, the firmware upgrade instruction is used to instruct the terminal device to perform firmware upgrade, and the firmware upgrade instruction carries the download address of the second firmware file, the second key and the The first check value.
可选地,作为一个实施例,所述向所述终端设备发送固件升级指令,包括:Optionally, as an embodiment, the sending a firmware upgrade instruction to the terminal device includes:
通过轻量级传输协议,向所述终端设备发送固件升级指令。A firmware upgrade instruction is sent to the terminal device through a lightweight transmission protocol.
可选地,作为一个实施例,所述第二密钥包括:AES密钥。Optionally, as an embodiment, the second key includes: an AES key.
可选地,作为一个实施例,所述预设校验算法包括:SHA256校验算法、SHA128校验算法或MD5校验算法。Optionally, as an embodiment, the preset verification algorithm includes: SHA256 verification algorithm, SHA128 verification algorithm or MD5 verification algorithm.
可选地,作为一个实施例,所述方法还包括:Optionally, as an embodiment, the method further includes:
接收所述终端设备上报的状态信息,所述状态信息包括下述至少一项:固件的版本信息和固件的安装进度信息。Status information reported by the terminal device is received, where the status information includes at least one of the following: firmware version information and firmware installation progress information.
可选地,作为一个实施例,所述方法还包括:Optionally, as an embodiment, the method further includes:
获取所述第一固件文件,所述第一固件文件是采用第一密钥对源固件文件进行加密得到的,所述第一密钥为私有密钥。Obtain the first firmware file, where the first firmware file is obtained by encrypting the source firmware file with a first key, and the first key is a private key.
上述如本说明书图6所示实施例揭示的固件升级装置执行的方法可以应用于处理器中,或者由处理器实现。处理器可能是一种集成电路芯片,具有信号的处理能力。在实现过程中,上述方法的各步骤可以通过处理器中的硬件的集成逻辑电路或者软件形式的指令完成。上述的处理器可以是通用处理器,包括中央处理器(Central Processing Unit,CPU)、网络处理器(Network Processor,NP)等;还可以是数字信号处理器(Digital SignalProcessor,DSP)、专用集成电路(Application Specific Integrated Circuit,ASIC)、现场可编程门阵列(Field-Programmable Gate Array,FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件。可以实现或者执行本说明书实施例中的公开的各方法、步骤及逻辑框图。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。结合本说明书实施例所公开的方法的步骤可以直接体现为硬件译码处理器执行完成,或者用译码处理器中的硬件及软件模块组合执行完成。软件模块可以位于随机存储器,闪存、只读存储器,可编程只读存储器或者电可擦写可编程存储器、寄存器等本领域成熟的存储介质中。该存储介质位于存储器,处理器读取存储器中的信息,结合其硬件完成上述方法的步骤。The above-mentioned method performed by the firmware upgrade apparatus disclosed in the embodiment shown in FIG. 6 of this specification may be applied to a processor, or implemented by a processor. A processor may be an integrated circuit chip with signal processing capabilities. In the implementation process, each step of the above-mentioned method can be completed by a hardware integrated logic circuit in a processor or an instruction in the form of software. The above-mentioned processor may be a general-purpose processor, including a central processing unit (CPU), a network processor (NP), etc.; it may also be a digital signal processor (Digital Signal Processor, DSP), an application-specific integrated circuit (Application Specific Integrated Circuit, ASIC), Field-Programmable Gate Array (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components. Various methods, steps and logic block diagrams disclosed in the embodiments of this specification can be implemented or executed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the methods disclosed in conjunction with the embodiments of this specification may be directly embodied as being executed by a hardware decoding processor, or executed by a combination of hardware and software modules in the decoding processor. The software modules may be located in random access memory, flash memory, read-only memory, programmable read-only memory or electrically erasable programmable memory, registers and other storage media mature in the art. The storage medium is located in the memory, and the processor reads the information in the memory, and completes the steps of the above method in combination with its hardware.
该电子设备还可执行图2的方法,并实现固件升级装置在图2所示实施例的功能,本说明书实施例在此不再赘述。The electronic device can also execute the method shown in FIG. 2 , and implement the functions of the firmware upgrade apparatus in the embodiment shown in FIG. 2 , which will not be repeated in the embodiments of this specification.
图7是本说明书的另一个实施例的电子设备的结构示意图,该电子设备可以为终端设备,如图7所示,在硬件层面,该电子设备包括处理器,可选地还包括内部总线、网络接口、存储器。其中,存储器可能包含内存,例如高速随机存取存储器(Random-AccessMemory,RAM),也可能还包括非易失性存储器(non-volatile memory),例如至少1个磁盘存储器等。当然,该电子设备还可能包括其他业务所需要的硬件。FIG. 7 is a schematic structural diagram of an electronic device according to another embodiment of the present specification. The electronic device may be a terminal device. As shown in FIG. 7 , at the hardware level, the electronic device includes a processor, and optionally an internal bus, network interface, storage. The memory may include memory, such as high-speed random-access memory (Random-Access Memory, RAM), or may also include non-volatile memory (non-volatile memory), such as at least one disk memory. Of course, the electronic equipment may also include hardware required for other services.
处理器、网络接口和存储器可以通过内部总线相互连接,该内部总线可以是ISA(Industry Standard Architecture,工业标准体系结构)总线、PCI(PeripheralComponent Interconnect,外设部件互连标准)总线或EISA(Extended Industry StandardArchitecture,扩展工业标准结构)总线等。所述总线可以分为地址总线、数据总线、控制总线等。为便于表示,图7中仅用一个双向箭头表示,但并不表示仅有一根总线或一种类型的总线。The processor, the network interface, and the memory can be connected to each other through an internal bus, which can be an ISA (Industry Standard Architecture, industry standard architecture) bus, a PCI (Peripheral Component Interconnect, peripheral component interconnect standard) bus or an EISA (Extended Industry Standard) bus. StandardArchitecture, extended industry standard structure) bus, etc. The bus can be divided into an address bus, a data bus, a control bus, and the like. For ease of representation, only one bidirectional arrow is used in FIG. 7, but it does not mean that there is only one bus or one type of bus.
存储器,用于存放程序。具体地,程序可以包括程序代码,所述程序代码包括计算机操作指令。存储器可以包括内存和非易失性存储器,并向处理器提供指令和数据。memory for storing programs. Specifically, the program may include program code, and the program code includes computer operation instructions. The memory may include memory and non-volatile memory and provide instructions and data to the processor.
处理器从非易失性存储器中读取对应的计算机程序到内存中然后运行,在逻辑层面上形成固件升级装置。处理器,执行存储器所存放的程序,并具体用于执行以下操作:The processor reads the corresponding computer program from the non-volatile memory into the memory and runs it, forming a firmware upgrade device on a logical level. The processor executes the program stored in the memory, and is specifically used to perform the following operations:
接收服务端发送的固件升级指令,所述固件升级指令中携带第二固件文件的下载地址、第二密钥和第一校验值,所述第二固件文件是采用第二密钥对第一固件文件进行加密得到的,所述第一校验值是采用预设校验算法对所述第二固件文件进行校验得到的;所述第二固件文件的下载地址对应设置有数字证书;Receive a firmware upgrade instruction sent by the server, where the firmware upgrade instruction carries the download address, the second key, and the first check value of the second firmware file, and the second firmware file uses the second key to pair the first The firmware file is encrypted, and the first check value is obtained by using a preset verification algorithm to verify the second firmware file; the download address of the second firmware file is correspondingly provided with a digital certificate;
对所述第二固件文件的下载地址所对应的数字证书进行验证;Verifying the digital certificate corresponding to the download address of the second firmware file;
如果验证通过,则根据所述第二固件文件的下载地址,获取所述第二固件文件;If the verification is passed, obtain the second firmware file according to the download address of the second firmware file;
采用所述预设校验算法对所述第二固件文件进行校验,得到第二校验值;The second firmware file is verified by using the preset verification algorithm to obtain a second verification value;
如果所述第二校验值与所述第一校验值匹配,则采用所述第二密钥对所述第二固件文件进行解密得到所述第一固件文件;If the second check value matches the first check value, decrypt the second firmware file by using the second key to obtain the first firmware file;
基于所述第一固件文件对所述终端设备进行固件升级。Perform firmware upgrade on the terminal device based on the first firmware file.
可选地,作为一个实施例,所述第一固件文件是采用第一密钥对源固件文件进行加密得到的,所述第一密钥为私有密钥;Optionally, as an embodiment, the first firmware file is obtained by encrypting the source firmware file with a first key, and the first key is a private key;
所述方法还包括:采用预先存储的第三密钥对所述第一固件文件进行解密得到所述源固件文件,所述第三密钥为所述第一密钥对应的公开密钥;The method further includes: decrypting the first firmware file with a pre-stored third key to obtain the source firmware file, where the third key is a public key corresponding to the first key;
所述基于所述第一固件文件对所述终端设备进行固件升级包括:The performing firmware upgrade on the terminal device based on the first firmware file includes:
使用所述源固件文件对所述终端设备进行固件升级。Perform firmware upgrade on the terminal device using the source firmware file.
可选地,作为一个实施例,所述根据所述第二固件文件的下载地址,获取所述第二固件文件,包括:Optionally, as an embodiment, the obtaining the second firmware file according to the download address of the second firmware file includes:
获取所述第二固件文件的下载地址对应的证书;Obtain the certificate corresponding to the download address of the second firmware file;
通过预先存储的合法下载地址的根证书对所获取的证书进行验证;Verify the obtained certificate through the root certificate of the pre-stored legal download address;
如果验证通过,则从所述第二固件文件的下载地址获取所述第二固件文件。If the verification is passed, the second firmware file is obtained from the download address of the second firmware file.
可选地,作为一个实施例,所述方法还包括:Optionally, as an embodiment, the method further includes:
采用第四密钥对所述终端设备的BootLoader进行加密,并对加密后的BootLoader进行校验,得到第三校验值;Using the fourth key to encrypt the BootLoader of the terminal device, and verifying the encrypted BootLoader to obtain a third check value;
将所述第三校验值存储至所述终端设备的闪存中。The third check value is stored in the flash memory of the terminal device.
可选地,作为一个实施例,所述第三密钥预先存储在所述BootLoader中。Optionally, as an embodiment, the third key is pre-stored in the BootLoader.
可选地,作为一个实施例,所述使用所述源固件文件对所述终端设备进行固件升级,包括:Optionally, as an embodiment, the use of the source firmware file to perform firmware upgrade on the terminal device includes:
将所述源固件文件写入所述终端设备的闪存中。Write the source firmware file into the flash memory of the terminal device.
可选地,作为一个实施例,所述方法还包括:Optionally, as an embodiment, the method further includes:
向所述服务端上报状态信息,所述状态信息包括下述至少一项:固件的版本信息和固件的安装进度信息。Report status information to the server, where the status information includes at least one of the following: firmware version information and firmware installation progress information.
上述如本说明书图7所示实施例揭示的固件升级装置执行的方法可以应用于处理器中,或者由处理器实现。处理器可能是一种集成电路芯片,具有信号的处理能力。在实现过程中,上述方法的各步骤可以通过处理器中的硬件的集成逻辑电路或者软件形式的指令完成。上述的处理器可以是通用处理器,包括中央处理器(Central Processing Unit,CPU)、网络处理器(Network Processor,NP)等;还可以是数字信号处理器(Digital SignalProcessor,DSP)、专用集成电路(Application Specific Integrated Circuit,ASIC)、现场可编程门阵列(Field-Programmable Gate Array,FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件。可以实现或者执行本说明书实施例中的公开的各方法、步骤及逻辑框图。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。结合本说明书实施例所公开的方法的步骤可以直接体现为硬件译码处理器执行完成,或者用译码处理器中的硬件及软件模块组合执行完成。软件模块可以位于随机存储器,闪存、只读存储器,可编程只读存储器或者电可擦写可编程存储器、寄存器等本领域成熟的存储介质中。该存储介质位于存储器,处理器读取存储器中的信息,结合其硬件完成上述方法的步骤。The above-mentioned method performed by the firmware upgrade apparatus disclosed in the embodiment shown in FIG. 7 of this specification may be applied to a processor, or implemented by a processor. A processor may be an integrated circuit chip with signal processing capabilities. In the implementation process, each step of the above-mentioned method can be completed by a hardware integrated logic circuit in a processor or an instruction in the form of software. The above-mentioned processor may be a general-purpose processor, including a central processing unit (CPU), a network processor (NP), etc.; it may also be a digital signal processor (Digital Signal Processor, DSP), an application-specific integrated circuit (Application Specific Integrated Circuit, ASIC), Field-Programmable Gate Array (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components. Various methods, steps and logic block diagrams disclosed in the embodiments of this specification can be implemented or executed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the methods disclosed in conjunction with the embodiments of this specification may be directly embodied as being executed by a hardware decoding processor, or executed by a combination of hardware and software modules in the decoding processor. The software modules may be located in random access memory, flash memory, read-only memory, programmable read-only memory or electrically erasable programmable memory, registers and other storage media mature in the art. The storage medium is located in the memory, and the processor reads the information in the memory, and completes the steps of the above method in combination with its hardware.
该电子设备还可执行图3的方法,并实现固件升级装置在图3所示实施例的功能,本说明书实施例在此不再赘述。The electronic device can also execute the method shown in FIG. 3 , and implement the functions of the firmware upgrade apparatus in the embodiment shown in FIG. 3 , which will not be repeated in the embodiments of this specification.
本说明书实施例还提供了一种计算机可读存储介质,该计算机可读存储介质存储一个或多个程序,该一个或多个程序包括指令,该指令当被包括多个应用程序的便携式电子设备执行时,能够使该便携式电子设备执行图2所示实施例的方法,并具体用于执行以下方法:Embodiments of the present specification also provide a computer-readable storage medium, where the computer-readable storage medium stores one or more programs, and the one or more programs include instructions, and the instructions, when used by a portable electronic device including a plurality of application programs When executed, the portable electronic device can be made to execute the method of the embodiment shown in FIG. 2 , and is specifically used to execute the following method:
采用第二密钥对第一固件文件进行加密,得到第二固件文件;Encrypt the first firmware file with the second key to obtain the second firmware file;
采用预设校验算法对所述第二固件文件进行校验,得到第一校验值;The second firmware file is verified by using a preset verification algorithm to obtain a first verification value;
向终端设备发送固件升级指令,所述固件升级指令用于指示所述终端设备进行固件升级,所述固件升级指令中携带所述第二固件文件的下载地址、所述第二密钥和所述第一校验值;所述第二固件文件的下载地址对应设置有数字证书,用于所述终端设备验证所述第二固件文件的下载地址的合法性。Send a firmware upgrade instruction to the terminal device, the firmware upgrade instruction is used to instruct the terminal device to perform firmware upgrade, and the firmware upgrade instruction carries the download address of the second firmware file, the second key and the The first check value; the download address of the second firmware file is correspondingly provided with a digital certificate, which is used by the terminal device to verify the legitimacy of the download address of the second firmware file.
本说明书实施例还提供了一种计算机可读存储介质,该计算机可读存储介质存储一个或多个程序,该一个或多个程序包括指令,该指令当被包括多个应用程序的便携式电子设备执行时,能够使该便携式电子设备执行图3所示实施例的方法,并具体用于执行以下方法:Embodiments of the present specification also provide a computer-readable storage medium, where the computer-readable storage medium stores one or more programs, and the one or more programs include instructions, and the instructions, when used by a portable electronic device including a plurality of application programs When executed, the portable electronic device can be made to execute the method of the embodiment shown in FIG. 3, and is specifically used to execute the following method:
接收服务端发送的固件升级指令,所述固件升级指令中携带第二固件文件的下载地址、第二密钥和第一校验值,所述第二固件文件是采用第二密钥对第一固件文件进行加密得到的,所述第一校验值是采用预设校验算法对所述第二固件文件进行校验得到的;所述第二固件文件的下载地址对应设置有数字证书;Receive a firmware upgrade instruction sent by the server, where the firmware upgrade instruction carries the download address, the second key, and the first check value of the second firmware file, and the second firmware file uses the second key to pair the first The firmware file is encrypted, and the first check value is obtained by using a preset verification algorithm to verify the second firmware file; the download address of the second firmware file is correspondingly provided with a digital certificate;
对所述第二固件文件的下载地址所对应的数字证书进行验证;Verifying the digital certificate corresponding to the download address of the second firmware file;
如果验证通过,则根据所述第二固件文件的下载地址,获取所述第二固件文件;If the verification is passed, obtain the second firmware file according to the download address of the second firmware file;
采用所述预设校验算法对所述第二固件文件进行校验,得到第二校验值;The second firmware file is verified by using the preset verification algorithm to obtain a second verification value;
如果所述第二校验值与所述第一校验值匹配,则采用所述第二密钥对所述第二固件文件进行解密得到所述第一固件文件;If the second check value matches the first check value, decrypt the second firmware file by using the second key to obtain the first firmware file;
基于所述第一固件文件对所述终端设备进行固件升级。Perform firmware upgrade on the terminal device based on the first firmware file.
总之,以上所述仅为本说明书的较佳实施例而已,并非用于限定本说明书的保护范围。凡在本说明书的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本说明书的保护范围之内。In a word, the above descriptions are only preferred embodiments of the present specification, and are not intended to limit the protection scope of the present specification. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of this specification shall be included within the protection scope of this specification.
上述实施例阐明的系统、装置、模块或单元,具体可以由计算机芯片或实体实现,或者由具有某种功能的产品来实现。一种典型的实现设备为计算机。具体的,计算机例如可以为个人计算机、膝上型计算机、蜂窝电话、相机电话、智能电话、个人数字助理、媒体播放器、导航设备、电子邮件设备、游戏控制台、平板计算机、可穿戴设备或者这些设备中的任何设备的组合。The systems, devices, modules or units described in the above embodiments may be specifically implemented by computer chips or entities, or by products with certain functions. A typical implementation device is a computer. Specifically, the computer can be, for example, a personal computer, a laptop computer, a cellular phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or A combination of any of these devices.
计算机可读介质包括永久性和非永久性、可移动和非可移动媒体可以由任何方法或技术来实现信息存储。信息可以是计算机可读指令、数据结构、程序的模块或其他数据。计算机的存储介质的例子包括,但不限于相变内存(PRAM)、静态随机存取存储器(SRAM)、动态随机存取存储器(DRAM)、其他类型的随机存取存储器(RAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、快闪记忆体或其他内存技术、只读光盘只读存储器(CD-ROM)、数字多功能光盘(DVD)或其他光学存储、磁盒式磁带,磁带磁磁盘存储或其他磁性存储设备或任何其他非传输介质,可用于存储可以被计算设备访问的信息。按照本文中的界定,计算机可读介质不包括暂存电脑可读媒体(transitory media),如调制的数据信号和载波。Computer-readable media includes both persistent and non-permanent, removable and non-removable media, and storage of information may be implemented by any method or technology. Information may be computer readable instructions, data structures, modules of programs, or other data. Examples of computer storage media include, but are not limited to, phase-change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read only memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), Flash Memory or other memory technology, Compact Disc Read Only Memory (CD-ROM), Digital Versatile Disc (DVD) or other optical storage, Magnetic tape cassettes, magnetic tape magnetic disk storage or other magnetic storage devices or any other non-transmission medium that can be used to store information that can be accessed by a computing device. Computer-readable media, as defined herein, excludes transitory computer-readable media, such as modulated data signals and carrier waves.
还需要说明的是,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、商品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、商品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括所述要素的过程、方法、商品或者设备中还存在另外的相同要素。It should also be noted that the terms "comprising", "comprising" or any other variation thereof are intended to encompass a non-exclusive inclusion such that a process, method, article or device comprising a series of elements includes not only those elements, but also Other elements not expressly listed or inherent to such a process, method, article of manufacture or apparatus are also included. Without further limitation, an element qualified by the phrase "comprising a..." does not preclude the presence of additional identical elements in the process, method, article of manufacture or device that includes the element.
本说明书中的各个实施例均采用递进的方式描述,各个实施例之间相同相似的部分互相参见即可,每个实施例重点说明的都是与其他实施例的不同之处。尤其,对于系统实施例而言,由于其基本相似于方法实施例,所以描述的比较简单,相关之处参见方法实施例的部分说明即可。Each embodiment in this specification is described in a progressive manner, and the same and similar parts between the various embodiments may be referred to each other, and each embodiment focuses on the differences from other embodiments. In particular, as for the system embodiments, since they are basically similar to the method embodiments, the description is relatively simple, and for related parts, please refer to the partial descriptions of the method embodiments.
Claims (19)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010753344.5A CN111832013A (en) | 2018-08-27 | 2018-08-27 | Firmware upgrade method and device |
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010753344.5A CN111832013A (en) | 2018-08-27 | 2018-08-27 | Firmware upgrade method and device |
| CN201810981834.3A CN109214168B (en) | 2018-08-27 | 2018-08-27 | Firmware upgrade method and device |
Related Parent Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810981834.3A Division CN109214168B (en) | 2018-08-27 | 2018-08-27 | Firmware upgrade method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111832013A true CN111832013A (en) | 2020-10-27 |
Family
ID=64989729
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010753344.5A Pending CN111832013A (en) | 2018-08-27 | 2018-08-27 | Firmware upgrade method and device |
| CN201810981834.3A Active CN109214168B (en) | 2018-08-27 | 2018-08-27 | Firmware upgrade method and device |
Family Applications After (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810981834.3A Active CN109214168B (en) | 2018-08-27 | 2018-08-27 | Firmware upgrade method and device |
Country Status (3)
| Country | Link |
|---|---|
| CN (2) | CN111832013A (en) |
| TW (1) | TWI709056B (en) |
| WO (1) | WO2020042778A1 (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112416716A (en) * | 2020-11-25 | 2021-02-26 | 宁波阶梯教育科技有限公司 | Automatic firmware checking method and equipment |
| CN113626792A (en) * | 2021-07-09 | 2021-11-09 | 苏州浪潮智能科技有限公司 | PCIe Switch firmware safe execution method, device, terminal and storage medium |
| CN114741091A (en) * | 2022-03-18 | 2022-07-12 | 武汉光迅信息技术有限公司 | Firmware loading method, apparatus, electronic device, and computer-readable storage medium |
| CN114816484A (en) * | 2022-05-06 | 2022-07-29 | 苏州灵猴机器人有限公司 | System software upgrading method, device, equipment and medium |
| CN114928551A (en) * | 2022-04-30 | 2022-08-19 | 苏州浪潮智能科技有限公司 | System configuration method, device and storage medium |
| CN115374488A (en) * | 2022-10-25 | 2022-11-22 | 广州万协通信息技术有限公司 | Vehicle-mounted terminal program checking method and device |
| CN116107611A (en) * | 2023-03-10 | 2023-05-12 | 深圳市雷赛控制技术有限公司 | Firmware upgrading method and device |
| CN118656841A (en) * | 2024-08-20 | 2024-09-17 | 中孚信息股份有限公司 | A firmware security protection and upgrade method, system, device and medium |
Families Citing this family (31)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111832013A (en) * | 2018-08-27 | 2020-10-27 | 创新先进技术有限公司 | Firmware upgrade method and device |
| US11372977B2 (en) * | 2018-11-12 | 2022-06-28 | Thirdwayv, Inc. | Secure over-the-air firmware upgrade |
| WO2020158247A1 (en) | 2019-01-28 | 2020-08-06 | オムロン株式会社 | Safety system and maintenance method |
| JP7334492B2 (en) * | 2019-01-28 | 2023-08-29 | オムロン株式会社 | Safety system and maintenance method |
| CN111819540A (en) * | 2019-02-02 | 2020-10-23 | 深圳市大疆创新科技有限公司 | Firmware upgrade method, radar system, terminal device and firmware upgrade system |
| CN112543927B (en) * | 2019-04-17 | 2023-03-24 | 华为技术有限公司 | Equipment upgrading method and related equipment |
| CN110333882B (en) * | 2019-05-09 | 2023-03-14 | 阿波罗智联(北京)科技有限公司 | System upgrading method, device, equipment and computer readable medium |
| CN110311773B (en) * | 2019-06-28 | 2022-05-17 | 兆讯恒达科技股份有限公司 | Method for preventing injection type attack of advanced encryption standard coprocessor |
| CN110417871A (en) * | 2019-07-05 | 2019-11-05 | 青岛海信智慧家居系统股份有限公司 | A kind of smart machine upgrade method |
| CN110377307A (en) * | 2019-07-18 | 2019-10-25 | 上海擎感智能科技有限公司 | A kind of car body controller firmware upgrade method, terminal, system |
| CN110928564B (en) * | 2019-11-11 | 2020-10-09 | 中科有讯(北京)科技有限公司 | Method for safely updating application, service server, cluster and storage medium |
| CN111142902B (en) * | 2019-12-21 | 2023-05-16 | 广州小鹏汽车科技有限公司 | Method and device for protecting upgrading firmware of processor and vehicle |
| CN111159717A (en) * | 2019-12-25 | 2020-05-15 | 合肥联宝信息技术有限公司 | Starting method and device for electronic equipment |
| CN111176696B (en) * | 2019-12-31 | 2023-10-27 | 泰斗微电子科技有限公司 | Memory chip upgrading method and device, terminal equipment and medium |
| CN111382397B (en) * | 2020-02-26 | 2023-03-24 | 浙江大华技术股份有限公司 | Configuration method of upgrade software package, software upgrade method, equipment and storage device |
| CN111596938A (en) * | 2020-05-15 | 2020-08-28 | 青岛海米飞驰智能科技有限公司 | Embedded device firmware security upgrade method, system, terminal and storage medium |
| CN113840262A (en) | 2020-06-23 | 2021-12-24 | 京东方科技集团股份有限公司 | Over-the-air updating method, updating server, terminal equipment and Internet of things system |
| US20220012046A1 (en) * | 2020-07-10 | 2022-01-13 | Generalplus Technology Inc. | Os-independent peripheral plug-and-play and driver update method for embedded systems and firmware data transmission method for embedded system platform |
| CN114362981B (en) | 2020-09-30 | 2024-11-12 | 京东方科技集团股份有限公司 | Upgrading method and related equipment of Internet of Things terminal equipment |
| CN112612499A (en) * | 2020-12-31 | 2021-04-06 | 京东数科海益信息科技有限公司 | Application program upgrading method and device, electronic equipment and storage medium |
| CN115344832A (en) | 2021-04-28 | 2022-11-15 | 开利消防及保安伊米有限公司 | Secure device update by passing encryption and data together |
| CN113365244A (en) * | 2021-05-10 | 2021-09-07 | 中国汽车技术研究中心有限公司 | OTA (over the air) upgrading method and device for whole vehicle, electronic equipment, medium and signature method |
| CN113515747B (en) * | 2021-05-17 | 2024-02-09 | 深圳市友华通信技术有限公司 | Equipment upgrading method, device, equipment and storage medium |
| CN113721965B (en) * | 2021-08-02 | 2024-05-03 | 国创移动能源创新中心(江苏)有限公司 | Upgrading method of charging pile based on safety firmware |
| CN113885907B (en) * | 2021-09-16 | 2025-05-02 | 北京经纬恒润科技股份有限公司 | A firmware upgrade system and method |
| CN114143198B (en) * | 2021-11-30 | 2023-06-13 | 四川启睿克科技有限公司 | Firmware upgrading method |
| TWI815263B (en) * | 2021-12-28 | 2023-09-11 | 尚承科技股份有限公司 | Processing system and method for online firmware update |
| TWI797932B (en) | 2021-12-30 | 2023-04-01 | 新唐科技股份有限公司 | Firmware verification system and firmware verification method |
| CN115643060B (en) * | 2022-10-11 | 2025-09-23 | 武汉光迅科技股份有限公司 | Method and device for executing firmware file |
| CN115686565A (en) * | 2022-10-21 | 2023-02-03 | 中移物联网有限公司 | Firmware upgrade method, electronic device, and computer-readable storage medium |
| CN117609965B (en) * | 2024-01-19 | 2024-06-25 | 深圳前海深蕾半导体有限公司 | Upgrade data packet acquisition method of intelligent device, intelligent device and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101436141A (en) * | 2008-11-21 | 2009-05-20 | 深圳创维数字技术股份有限公司 | Firmware upgrading and encapsulating method and device based on digital signing |
| CN101924607A (en) * | 2010-08-27 | 2010-12-22 | 华为终端有限公司 | Firmware processing method, device and system based on firmware over-the-air transmission technology |
| CN102955700A (en) * | 2011-08-18 | 2013-03-06 | 腾讯科技(深圳)有限公司 | System and method for upgrading software |
| KR101286711B1 (en) * | 2013-03-28 | 2013-07-16 | 주식회사 이스턴웨어 | System and method for preventing malicious codes of mobile terminal |
| CN103679004A (en) * | 2012-09-19 | 2014-03-26 | Nxp股份有限公司 | Method and system for securely updating firmware in a computing device |
Family Cites Families (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7603562B2 (en) * | 2005-02-02 | 2009-10-13 | Insyde Software Corporation | System and method for reducing memory requirements of firmware |
| US8213612B2 (en) * | 2007-12-07 | 2012-07-03 | Inside Contactless S.A. | Secure software download |
| US9965270B2 (en) * | 2015-07-01 | 2018-05-08 | Quanta Computer Inc. | Updating computer firmware |
| CN105812570B (en) * | 2016-04-21 | 2019-05-03 | 深圳市旭子科技有限公司 | Terminal firmware update method and device |
| CN106203071A (en) * | 2016-06-30 | 2016-12-07 | 浪潮(北京)电子信息产业有限公司 | A kind of firmware upgrade method and device |
| CN108121915A (en) * | 2016-11-30 | 2018-06-05 | 北京忆芯科技有限公司 | The method of electronic equipment production, the method and system started |
| CN107688463B (en) * | 2017-09-21 | 2020-08-18 | 杭州全维技术股份有限公司 | Method for packaging version file of embedded equipment |
| CN108196867A (en) * | 2018-03-08 | 2018-06-22 | 深圳市文鼎创数据科技有限公司 | Device for upgrading firmware, equipment and its firmware upgrade method of equipment |
| CN108418893A (en) * | 2018-03-20 | 2018-08-17 | 深圳市闪联信息技术有限公司 | A kind of method of smart machine firmware safety upgrade |
| CN111832013A (en) * | 2018-08-27 | 2020-10-27 | 创新先进技术有限公司 | Firmware upgrade method and device |
-
2018
- 2018-08-27 CN CN202010753344.5A patent/CN111832013A/en active Pending
- 2018-08-27 CN CN201810981834.3A patent/CN109214168B/en active Active
-
2019
- 2019-06-24 TW TW108121917A patent/TWI709056B/en not_active IP Right Cessation
- 2019-07-11 WO PCT/CN2019/095580 patent/WO2020042778A1/en active Application Filing
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101436141A (en) * | 2008-11-21 | 2009-05-20 | 深圳创维数字技术股份有限公司 | Firmware upgrading and encapsulating method and device based on digital signing |
| CN101924607A (en) * | 2010-08-27 | 2010-12-22 | 华为终端有限公司 | Firmware processing method, device and system based on firmware over-the-air transmission technology |
| CN102955700A (en) * | 2011-08-18 | 2013-03-06 | 腾讯科技(深圳)有限公司 | System and method for upgrading software |
| CN103679004A (en) * | 2012-09-19 | 2014-03-26 | Nxp股份有限公司 | Method and system for securely updating firmware in a computing device |
| KR101286711B1 (en) * | 2013-03-28 | 2013-07-16 | 주식회사 이스턴웨어 | System and method for preventing malicious codes of mobile terminal |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112416716A (en) * | 2020-11-25 | 2021-02-26 | 宁波阶梯教育科技有限公司 | Automatic firmware checking method and equipment |
| CN113626792A (en) * | 2021-07-09 | 2021-11-09 | 苏州浪潮智能科技有限公司 | PCIe Switch firmware safe execution method, device, terminal and storage medium |
| CN113626792B (en) * | 2021-07-09 | 2023-07-14 | 苏州浪潮智能科技有限公司 | PCIe Switch firmware security execution method, device, terminal and storage medium |
| CN114741091A (en) * | 2022-03-18 | 2022-07-12 | 武汉光迅信息技术有限公司 | Firmware loading method, apparatus, electronic device, and computer-readable storage medium |
| CN114928551A (en) * | 2022-04-30 | 2022-08-19 | 苏州浪潮智能科技有限公司 | System configuration method, device and storage medium |
| CN114928551B (en) * | 2022-04-30 | 2024-03-12 | 苏州浪潮智能科技有限公司 | System configuration method, device and storage medium |
| CN114816484A (en) * | 2022-05-06 | 2022-07-29 | 苏州灵猴机器人有限公司 | System software upgrading method, device, equipment and medium |
| CN115374488A (en) * | 2022-10-25 | 2022-11-22 | 广州万协通信息技术有限公司 | Vehicle-mounted terminal program checking method and device |
| CN116107611A (en) * | 2023-03-10 | 2023-05-12 | 深圳市雷赛控制技术有限公司 | Firmware upgrading method and device |
| CN118656841A (en) * | 2024-08-20 | 2024-09-17 | 中孚信息股份有限公司 | A firmware security protection and upgrade method, system, device and medium |
| CN118656841B (en) * | 2024-08-20 | 2024-11-12 | 中孚信息股份有限公司 | A firmware security protection and upgrade method, system, device and medium |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2020042778A1 (en) | 2020-03-05 |
| CN109214168B (en) | 2020-08-18 |
| CN109214168A (en) | 2019-01-15 |
| TW202009778A (en) | 2020-03-01 |
| TWI709056B (en) | 2020-11-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109214168B (en) | Firmware upgrade method and device | |
| JP6991431B2 (en) | Methods and systems to secure communication between the host system and the data processing accelerator | |
| CN109313690B (en) | Self-contained encrypted boot policy verification | |
| US8560820B2 (en) | Single security model in booting a computing device | |
| US11374734B2 (en) | Method and system for key distribution and exchange for data processing accelerators | |
| EP3794772B1 (en) | Data processing accelerator having security unit to provide root trust services | |
| US11233652B2 (en) | Method and system to derive a session key to secure an information exchange channel between a host system and a data processing accelerator | |
| US8560823B1 (en) | Trusted modular firmware update using digital certificate | |
| JP5576983B2 (en) | Secure boot and configuration of subsystems from non-local storage | |
| US20090259855A1 (en) | Code Image Personalization For A Computing Device | |
| US20150095652A1 (en) | Encryption and decryption processing method, apparatus, and device | |
| CN106610863B (en) | Virtual machine trusted migration method and device | |
| US11392687B2 (en) | Method and system for validating kernel objects to be executed by a data processing accelerator of a host system | |
| US10255089B2 (en) | Self-deleting virtual machines | |
| CN112346759A (en) | A firmware upgrade method, device and computer-readable storage medium | |
| CN111414640A (en) | Key access control method and device | |
| EP3794763B1 (en) | An attestation protocol between a host system and a data processing accelerator | |
| US20210176063A1 (en) | Method for establishing a secure information exchange channel between a host system and a data processing accelerator | |
| JP6199712B2 (en) | Communication terminal device, communication terminal association method, and computer program | |
| CN113360857A (en) | Code starting method and system for software | |
| CN118586000A (en) | Vehicle system safe starting method, system, device, medium and vehicle | |
| EP3811271B1 (en) | A data processing accelerator having a local time unit to generate timestamps | |
| EP3811272B1 (en) | Method and system for managing memory of data processing accelerators | |
| JP2020150310A (en) | Information processing equipment, decryption method of encrypted data and electronic equipment | |
| HK40003193B (en) | Firmware upgrade method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20201027 |