[go: up one dir, main page]

WO2018138789A1 - Dispositif intégré et procédé de mise à jour de micrologiciel - Google Patents

Dispositif intégré et procédé de mise à jour de micrologiciel Download PDF

Info

Publication number
WO2018138789A1
WO2018138789A1 PCT/JP2017/002442 JP2017002442W WO2018138789A1 WO 2018138789 A1 WO2018138789 A1 WO 2018138789A1 JP 2017002442 W JP2017002442 W JP 2017002442W WO 2018138789 A1 WO2018138789 A1 WO 2018138789A1
Authority
WO
WIPO (PCT)
Prior art keywords
firmware
update
embedded device
application
control unit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/JP2017/002442
Other languages
English (en)
Japanese (ja)
Inventor
俊介 西尾
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Mitsubishi Electric Corp
Original Assignee
Mitsubishi Electric Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mitsubishi Electric Corp filed Critical Mitsubishi Electric Corp
Priority to JP2018563980A priority Critical patent/JP6861739B2/ja
Priority to PCT/JP2017/002442 priority patent/WO2018138789A1/fr
Publication of WO2018138789A1 publication Critical patent/WO2018138789A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating

Definitions

  • the present invention relates to an embedded device that operates according to firmware and a firmware update method in the embedded device.
  • IoT Internet of Things
  • Patent Document 1 discloses a secure boot method for safely starting an embedded device by verifying the validity of a part (that is, a partial program) of the OS of the embedded device. is suggesting.
  • Patent Document 2 discloses a startup program data, a backup program data, and a non-volatile memory that stores correction data having the same contents as the backup program data.
  • bit error detection is performed on the backup program data, and when a bit error is detected, the bit error is corrected with correction data.
  • An apparatus is provided that includes an error correction unit that restarts and a restart unit that restarts the system using backup program data when an abnormality of the startup program data is detected by the abnormality detection unit.
  • EP-A-2733612 (eg abstract, FIG. 2)
  • the apparatus described in Patent Document 2 detects the presence or absence of abnormality in the activation program data in parallel with the activation of the activation program data, and when an abnormality in the activation program data is detected, Since restart is performed, it is possible to ensure continuity of service. However, since the detection of abnormality of the activation program data is performed when the activation program is activated, the system may be restarted at the activation.
  • the present invention has been made in order to solve the above-described problems, and its purpose is to be able to start up safely with firmware whose validity has been confirmed, and to avoid the suspension of operation due to tampered firmware. It is to provide an embedded device and a firmware update method that can be used.
  • An embedded device is an embedded device connected to a network, and a firmware storage unit that stores firmware, and the firmware is read from the firmware storage unit and executed to activate the embedded device
  • An activation control unit that performs update, a device control unit that acquires firmware for update through the network, and a firmware verification unit that verifies the validity of the firmware stored in the firmware storage unit and the validity of the firmware for update
  • a firmware update control unit that writes the update firmware that has been determined to be a legitimate program by the firmware verification unit to the firmware storage unit, and the activation control unit includes the update firmware as the firmware.
  • a firmware update method is a firmware update method in an embedded device that is connected to a network and is activated by reading and executing firmware stored in a firmware storage unit.
  • the update firmware written in the firmware storage unit updates the new firmware.
  • Reading the firmware is characterized by having a start executing.
  • the present invention it is possible to safely start the embedded device with the firmware whose validity has been confirmed, and it is possible to prevent the operation from being stopped by the altered firmware, and to continue providing services by the embedded device. Sex can be secured.
  • FIG. 1 is a block diagram schematically showing a configuration of an embedded device according to Embodiment 1 of the present invention.
  • FIG. 3 is a diagram illustrating an example of a file configuration of update firmware acquired by the embedded device according to the first embodiment.
  • 6 is a flowchart illustrating an example of an operation at the time of update in which the embedded device according to the first embodiment acquires a file of update firmware and replaces the firmware stored in the firmware storage unit with the update firmware.
  • 6 is a diagram illustrating an example of a startup process of the embedded device according to the first embodiment.
  • FIG. 6 is a flowchart illustrating an example of an activation process of the embedded device according to the first embodiment.
  • 10 is a flowchart illustrating an example of an operation at the time of update in which an embedded device according to Embodiment 2 of the present invention acquires a firmware file for update and replaces firmware stored in a firmware storage unit with firmware for update.
  • an embedded device (also referred to as “embedded device”) is a computer that is incorporated into household appliances, industrial equipment such as factory equipment, communication equipment, and transportation equipment such as automobiles in order to realize a specific function. is there.
  • industrial equipment such as factory equipment, communication equipment, and transportation equipment such as automobiles in order to realize a specific function.
  • transportation equipment such as automobiles in order to realize a specific function.
  • FIG. 1 is a block diagram schematically showing the configuration of the embedded device 1 according to the first embodiment.
  • the embedded device 1 is a device that can perform the firmware update method according to the first embodiment.
  • the embedded device 1 includes a device control unit 2 that controls the overall operation of the embedded device 1, and a communication interface unit 3 that is communicably connected to a network by Ethernet (registered trademark) connection or the like.
  • a boot control unit 4 for controlling the operation of the embedded device 1 according to the boot program and firmware, a firmware update control unit 5 for updating firmware, a firmware verification unit 6 for verifying firmware, and firmware verification
  • a certificate information storage unit 61 for storing certificate information used for verification in the firmware.
  • the embedded device 1 also includes a boot ROM (Read Only Memory) 7 as a storage unit of a boot program 7a, which is a storage device configured by a nonvolatile semiconductor memory, and a memory configured by a semiconductor memory or a hard disk drive. And a firmware storage unit 8 which is a device.
  • boot ROM Read Only Memory
  • the firmware storage unit 8 includes an OS storage unit 9 for storing an OS (Operating System) and an application storage unit 10 for storing an application program (also referred to as “application”).
  • the firmware includes an OS and an application.
  • the OS storage unit 9 and the application storage unit 10 may be provided in different storage devices, but may be different storage areas of the same storage device.
  • the OS storage unit 9 has an OS storage area (A) 11 and an OS storage area (B) 12 which are duplicated storage areas.
  • An OS (A) 15 is stored in the OS storage area (A) 11.
  • the OS (A) 15 includes OS signature information (A) 15a for proving the legitimacy of the OS (A) 15.
  • An OS (B) 16 is stored in the OS storage area (B) 12.
  • the OS (B) 16 includes OS signature information (B) 16 a for verifying the legitimacy of the OS (B) 16.
  • (A) and (B) are symbols assigned to facilitate the distinction between the OS storage area (A) 11 and the OS storage area (B) 12. For example, when (A) indicates an operating OS storage area or OS currently in operation, (B) is a standby OS storage area or standby firmware that has been operated before. Indicates the OS. In some cases, (A) and (B) are reversed.
  • the application storage unit 10 has an application storage area (A) 13 and an application storage area (B) 14 which are duplicated storage areas.
  • the application (A) 17 is stored in the application storage area (A) 13.
  • the application (A) 17 includes application signature information (A) 17a for verifying the validity of the application (A) 17.
  • An application (B) 18 is stored in the application storage area (B) 14.
  • the application (B) 18 includes application signature information (B) 18 a for verifying the validity of the application (B) 18.
  • (A) indicates a currently operating application storage area or application
  • (B) is a standby application storage area or standby firmware that was previously operated. Indicates an application. In some cases, (A) and (B) are reversed.
  • FIG. 2 is a diagram illustrating an example of a file configuration of the update firmware 20 acquired by the embedded device 1 according to the first embodiment.
  • the update firmware 20 file acquired from the network through the communication interface unit 3 includes an update OS 21 and an update application 22.
  • the update OS 21 includes OS signature information 21a
  • the update application 22 includes application signature information 22a.
  • FIG. 3 shows that the embedded device 1 according to the first embodiment acquires a file of the firmware 20 for update, and places the firmware stored in the firmware storage unit 8 in the firmware 20 for update. It is a flowchart which shows the operation example at the time of the update to replace.
  • step S101 the device control unit 2 acquires a file of the firmware 20 for update from the network through the communication interface unit 3, and instructs the firmware update control unit 5 to update the firmware.
  • the update firmware 20 includes an update OS 21 having OS update information 21a and an update application 22 having application signature information 22a.
  • the firmware update control unit 5 separates and extracts the update OS 21 and the update application 22 from the file of the update firmware 20.
  • the firmware verification unit 6 verifies whether or not the OS signature information 21a of the update OS 21 is valid (ie, confirms the validity).
  • a checksum (or hash value) for the OS object code is obtained, and this is stored in advance in the certificate information storage unit 61 as a valid checksum (or a valid hash value), and the obtained update firmware
  • the checksum (or hash value) obtained for 20 is compared with a stored valid checksum (or valid hash value) and is judged to be valid if they match.
  • Examples of the algorithm for obtaining the hash value include SHA (Secure Hash Algorithm) -1, SHA-256, SHA-384, SHA-512, SHA-224, Wirlpool, MD5 (Message Digest 5), and SHA-3.
  • the length of the hash value varies depending on the algorithm for obtaining the hash value, and is, for example, 128 bits, 160 bits, 224 bits, 256 bits, 384 bits, 512 bits, 1024 bits, or the like.
  • step S103 when the firmware verification unit 6 determines that the program of the update OS 21 has been tampered (NO in step S103), the process proceeds to step S110, and the firmware update control unit 5 The firmware 20 stops the update process for replacing the firmware in the firmware storage unit 8.
  • step S103 if the firmware verification unit 6 determines that the OS 21 program for update is valid (YES in step S103), the process proceeds to step S104.
  • step S104 the firmware update control unit 5 stores (writes) the OS 21 for updating the obtained firmware 20 for update in an OS storage area different from the OS storage area currently in operation. Specifically, when the embedded device 1 is currently operating on the OS (A) 15 stored in the OS storage area (A) 11, the firmware update control unit 5 sets the update OS 21 to the current status. Store in the OS storage area (B) 12 that is not in operation. Conversely, when the embedded device 1 is operating on the OS (B) 16 stored in the OS storage area (B) 12, the firmware update control unit 5 sets the OS 21 for update as an OS that is not currently operated. Store in the storage area (A) 11.
  • step S105 the firmware update control unit 5 sets the OS storage area updated this time (for example, the OS storage area (B) 12) as a program to be executed when the next embedded device 1 is started up.
  • the firmware verification unit 6 verifies whether or not the application signature information 22a of the update application 22 included in the update OS 20 is valid (that is, confirms the validity). .
  • the verification is executed by the same method as the verification method in step S103.
  • step S106 if the firmware verification unit 6 determines that the program of the update application 22 is valid (YES in step S106), the process proceeds to step S107.
  • step S107 the firmware update control unit 5 stores (writes) the acquired update application 22 in an application storage area different from the currently operated application storage area. Specifically, when the embedded device 1 is currently operating with the application (A) 17 stored in the application storage area (A) 13, the firmware update control unit 5 sets the update application 22 as follows: It stores in the application storage area (B) 14 which is not currently operated. Conversely, when the embedded device 1 is operating with the application (B) 18 stored in the application storage area (B) 14, the firmware update control unit 5 does not currently operate the application 22 for update. Store in the application storage area (A) 13.
  • step S108 the firmware update control unit 5 uses the application (A) 17 or (B) 18 stored in the application storage unit (A) 13 or (B) 14 of the application storage unit 10 in step S107 at the next startup. Set as the program to be executed.
  • step S106 if the firmware verification unit 6 determines that the program of the update application 22 has been tampered (NO in step S106), the update process skips steps S107 and S108 and updates this time. In order to validate the OS, the process proceeds to step S109. Moreover, after the process of step S108 is performed, a process progresses to step S109.
  • step S109 the embedded device 1 is restarted, and the update process is terminated.
  • the restart is executed by the update firmware stored in the firmware storage unit 8 this time.
  • FIG. 4 is a diagram illustrating an example of a startup process of the embedded device 1 according to the first embodiment.
  • the boot program 31 read from the boot ROM 7 is started first, and the boot program 31 is sequentially started from the OS 32 read from the firmware storage unit 8. Then, the OS 32 activates the application 33.
  • FIG. 5 is a flowchart showing an example of the startup process of the embedded device 1 according to the first embodiment.
  • FIG. 5 shows a case where the OS 21 for update and the application 22 for update are respectively written in the OS storage area (B) 12 and the application storage area (B) 14 in the last firmware update.
  • step S201 the activation control unit 4 reads the boot program 31 for activating the embedded device 1 from the boot ROM 7 which is a non-rewritable storage area when the embedded device 1 is activated, and executes the read boot program. .
  • the firmware verification unit 6 determines the OS signature information (B) 16a of the OS (B) 16 stored in the OS storage area (B) 12 that is currently being executed (that is, by the previous firmware update). The written OS signature information 21a) of the update OS 21 is verified.
  • step S203 the activation control unit 4 determines that the OS (OS) in the OS storage area (B) 12 B) 16 is read and executed, and then the process proceeds to step S207.
  • step S202 If it is determined that the OS (B) 16 has been falsified as a result of the verification of the OS (B) 16 in step S202 (NO in step S202), the process proceeds to step S204.
  • step S204 the OS storage area to be used is switched to the OS storage area (A) 11 different from the currently operating OS storage area (B) 12.
  • step S205 it is verified whether or not the stored OS signature information (A) 15 is valid.
  • step S205 if it is determined that the OS signature information (A) 15 is valid (has not been tampered with) (YES in step S205), in step S206, the activation control unit 4 displays the OS storage area (A ) 11 OS (A) 15 is read and executed, and then the process proceeds to step S207.
  • step S205 when it is determined that the OS storage area (A) 11 is not valid (tampered) (NO in step S205), the stored OS storage area (B) 12 and the OS storage area (A) It is determined that none of the OSs of 11 can be trusted, and the startup operation is terminated as a startup failure.
  • step S207 the firmware verification unit 6 writes the application signature information (B) 18a of the application (B) 18 stored in the application storage area (B) 14 that is currently being executed (that is, written by the previous firmware update).
  • the application signature information 22a) of the application 22 is verified.
  • step S208 the activation control unit 4 determines that the application (B) 14 application ( B) 18 is read and executed, the verified OS and application are successfully started, and the start process is terminated.
  • step S207 If it is determined that the application (B) 18 has been tampered with as a result of the application verification in step S207 (NO in step S207), the process proceeds to step S209.
  • step S209 the activation control unit 4 switches the application storage area to be used to an application storage area (A) 13 different from the application storage area (B) 14 currently used.
  • the firmware verification unit 6 verifies the application signature information (A) 17a stored in the application storage area (A) 13.
  • step S211 the activation control unit 4 determines that the application (A) 13 A) 17 is read and executed.
  • step S210 when it is determined that the application (A) 17 has been tampered with (NO in step S210), the application (A) 17 stored in the application storage area (A) 13 and the application storage are stored. It is determined that none of the applications (B) 18 stored in the area (B) 14 can be trusted, the reading and execution of the applications are skipped, and the activation process is terminated with only the OS activated.
  • the service provided by the OS can be provided as the embedded device 1, but the service provided by the application cannot be provided. However, it is more secure because the operation of applications that cannot be trusted is suppressed.
  • ⁇ 1-5 Effect As described above, according to the embedded device 1 and the firmware update method according to the first embodiment, after the firmware 20 for update is acquired and stored in the firmware storage unit 8, The firmware verification unit 6 verifies the validity of the update firmware 20 (steps S103 and S106 in FIG. 3). For this reason, if the updating firmware 20 is not a valid program, the firmware 20 is not stored in the firmware storage unit 8 (step S110 in FIG. 3), and it is illegal to consider the continuity of the service. Control without operating the firmware program becomes possible.
  • the OS (B) 16 and the application (B) 18 read from the firmware storage unit 8 when the embedded device 1 is activated by the activation control unit 4.
  • the validity of (or OS (A) 15 and application (A) 17) is verified (steps S202 and S207 in FIG. 5). For this reason, when the OS or application to be executed is not a valid program, the OS used before being stored in another OS storage area and used before being stored in another application storage area are used.
  • the loaded application is read and executed (steps S204, S206, S209, and S211 in FIG. 5). For this reason, it is possible to ensure the continuity of the service provided by the embedded device 1 without stopping the operation of the embedded device 1.
  • Steps S205 and S210 in FIG. 5 a more secure program execution environment can be provided.
  • ⁇ 2 Embodiment 2
  • the validity of the OS signature information 21a is verified in the validity confirmation process performed when the file of the firmware 20 for update is acquired. Both confirmation of the authenticity (step S103) and validity of the application signature information 22a (step S106) are performed.
  • the file size of the application is larger than the file size of the OS, the amount of calculation required for the process of confirming the validity of the application is relatively large, and the processing time is relatively long.
  • the validity of the OS signature information 21a is confirmed in the validity confirmation process performed when the update firmware 20 file is acquired.
  • the validity of the application authentication information 22a is not confirmed.
  • the second embodiment is almost the same as the first embodiment. Therefore, in the description of the second embodiment, reference is also made to FIG. 1 showing the configuration of the embedded device, FIG. 2 showing the file of the firmware 20 for update, and FIG. 5 showing the operation at startup.
  • FIG. 6 shows an operation example at the time of update in which the embedded device according to the second embodiment acquires the file of the firmware 20 for update and replaces the firmware stored in the firmware storage unit 8 with the firmware 20 for update. It is a flowchart.
  • step S301 the apparatus control unit 2 acquires a firmware 20 file for update from the network through the communication interface unit 3, and instructs the firmware update control unit 5 to update the firmware.
  • the firmware 20 includes an update OS 21 having OS signature information 21a and an update application 22 having application signature information 22a.
  • the firmware update control unit 5 separates and extracts the update OS 21 and the update application 22 from the file of the update firmware 20.
  • the firmware verification unit 6 verifies whether or not the OS signature information 21a of the update OS 21 is valid (that is, confirms the validity).
  • step S303 if the firmware verification unit 6 determines that the program of the update OS 21 has been falsified (NO in step S303), the process proceeds to step S307, and the firmware update control unit 5 The update process for rewriting the firmware in the firmware storage unit 8 is stopped by the firmware.
  • step S303 if the firmware verification unit 6 determines that the OS 21 program for update is valid (YES in step S303), the process proceeds to step S304.
  • step S304 the firmware update control unit 5 stores (writes) the OS 21 for update of the obtained update firmware 20 in an OS storage area different from the OS storage area currently in operation, and performs the current operation.
  • the update application 22 of the acquired update firmware 20 is stored (written) in a different application storage area from the application storage area being used. Specifically, when the embedded device is currently operating on the OS (A) 15 stored in the OS storage area (A) 11, the firmware update control unit 5 operates the OS 21 for update at present. If the embedded device is operating in the application (A) 17 stored in the unstored OS storage area (B) 12 and currently stored in the application storage area (A) 13, the firmware update control unit 5 The update application 22 is stored in the application storage area (B) 14 that is not currently operated.
  • the firmware update control unit 5 does not currently operate the OS 21 for update.
  • the firmware update control unit 5 are stored in the application storage area (A) 13 which is not currently operated.
  • step S305 the firmware update control unit 5 sets the OS storage area updated this time (for example, the OS storage area (B) 12) as a program to be executed when the next embedded device is started up.
  • step S109 the embedded device is restarted, and the update process ends.
  • the restart is executed by the update firmware stored in the firmware storage unit 8 this time.
  • the first purpose is to quickly detect the presence or absence of tampering. Therefore, the verification of the update firmware 20 is performed only for the verification of the update OS 21, and the verification of the application is performed when the embedded device is started.
  • 1 embedded device 1 embedded device, 2 device control unit, 3 communication interface unit, 4 startup control unit, 5 firmware update control unit, 6 firmware verification unit, 6a certificate information storage unit, 7 boot ROM, 8 firmware storage unit, 9 OS storage unit , 10 Application storage section, 11 OS storage area (A), 12 OS storage area (B), 13 Application storage area (A), 14 Application storage area (B), 15 OS (A), 15a OS signature information (A ), 16 OS (B), 16a OS signature information (B), 17 application (A), 17a application signature information (A), 18 application (B), 18a application signature information (B), 20 for update Firmware, OS for 21 updating, 21a OS signature information, application for 22 updating, 22a application signature information, 31 boot program, 32 OS, 33 applications, 61 certificate information storage section.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Quality & Reliability (AREA)
  • Stored Programmes (AREA)

Abstract

L'invention concerne un dispositif intégré (1) qui est pourvu : d'une unité de stockage de micrologiciel (8) ; d'une unité de commande de démarrage (4) qui lit des programmes de micrologiciel (15, 17, or 16, 18) à partir de l'unité de stockage de micrologiciel (8) et exécute les programmes de micrologiciel de lecture pour démarrer le dispositif intégré ; une unité de commande de dispositif (2) qui acquiert des programmes de micrologiciel de mise à jour (20) par l'intermédiaire d'un réseau ; une unité de vérification de micrologiciel (6) qui vérifie la validité des programmes de micrologiciel stockés dans l'unité de stockage de micrologiciel (8) et la validité des programmes de micrologiciel de mise à jour (20) ; une unité de commande de mise à jour de micrologiciel (5) qui écrit les programmes de micrologiciel de mise à jour (20) sur l'unité de stockage de micrologiciel (8) si l'unité de vérification de micrologiciel (6) détermine que les programmes de micrologiciel de mise à jour (20) sont des programmes valides. Lors du démarrage du dispositif intégré, l'unité de commande de démarrage (4) lit, en tant que nouveaux programmes de micrologiciel (15, 17, ou 16, 18), les programmes de micrologiciel de mise à jour (20) qui ont été écrits dans l'unité de stockage de micrologiciel (8), et exécute les programmes de micrologiciel de mise à jour de lecture (20).
PCT/JP2017/002442 2017-01-25 2017-01-25 Dispositif intégré et procédé de mise à jour de micrologiciel Ceased WO2018138789A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
JP2018563980A JP6861739B2 (ja) 2017-01-25 2017-01-25 組み込み装置及びファームウェア更新方法
PCT/JP2017/002442 WO2018138789A1 (fr) 2017-01-25 2017-01-25 Dispositif intégré et procédé de mise à jour de micrologiciel

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2017/002442 WO2018138789A1 (fr) 2017-01-25 2017-01-25 Dispositif intégré et procédé de mise à jour de micrologiciel

Publications (1)

Publication Number Publication Date
WO2018138789A1 true WO2018138789A1 (fr) 2018-08-02

Family

ID=62977942

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2017/002442 Ceased WO2018138789A1 (fr) 2017-01-25 2017-01-25 Dispositif intégré et procédé de mise à jour de micrologiciel

Country Status (2)

Country Link
JP (1) JP6861739B2 (fr)
WO (1) WO2018138789A1 (fr)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110737448A (zh) * 2018-09-05 2020-01-31 杭州瑞彼加医疗科技有限公司 一种包含有微控制器的固件加密系统及其固件保护和升级方法
CN111831308A (zh) * 2020-04-15 2020-10-27 腾讯科技(深圳)有限公司 快充设备的固件更新方法、程序、快充设备及存储介质
JP2021077971A (ja) * 2019-11-07 2021-05-20 株式会社リコー 情報処理装置、ファイル保証方法、及びファイル保証プログラム
JPWO2021181828A1 (fr) * 2020-03-10 2021-09-16
WO2025187604A1 (fr) * 2024-03-05 2025-09-12 株式会社オートネットワーク技術研究所 Dispositif embarqué, procédé de démarrage de dispositif embarqué et programme de démarrage

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040054883A1 (en) * 2002-09-13 2004-03-18 International Business Machines Corporation Firmware updating
JP2008226159A (ja) * 2007-03-15 2008-09-25 Ricoh Co Ltd 情報処理装置、ソフトウェア更新方法及び画像処理装置
JP2011118873A (ja) * 2009-11-30 2011-06-16 Intel Corp 自動化されたモジュール型のセキュアな起動ファームウェアの更新
JP2015022521A (ja) * 2013-07-19 2015-02-02 スパンション エルエルシー セキュアブート方法、組み込み機器、セキュアブート装置およびセキュアブートプログラム
JP2015055898A (ja) * 2013-09-10 2015-03-23 富士通セミコンダクター株式会社 セキュアブート方法、半導体装置、及び、セキュアブートプログラム

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040054883A1 (en) * 2002-09-13 2004-03-18 International Business Machines Corporation Firmware updating
JP2008226159A (ja) * 2007-03-15 2008-09-25 Ricoh Co Ltd 情報処理装置、ソフトウェア更新方法及び画像処理装置
JP2011118873A (ja) * 2009-11-30 2011-06-16 Intel Corp 自動化されたモジュール型のセキュアな起動ファームウェアの更新
JP2015022521A (ja) * 2013-07-19 2015-02-02 スパンション エルエルシー セキュアブート方法、組み込み機器、セキュアブート装置およびセキュアブートプログラム
JP2015055898A (ja) * 2013-09-10 2015-03-23 富士通セミコンダクター株式会社 セキュアブート方法、半導体装置、及び、セキュアブートプログラム

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110737448A (zh) * 2018-09-05 2020-01-31 杭州瑞彼加医疗科技有限公司 一种包含有微控制器的固件加密系统及其固件保护和升级方法
CN110737448B (zh) * 2018-09-05 2023-08-11 杭州瑞彼加医疗科技有限公司 一种包含有微控制器的固件加密系统及其固件保护和升级方法
JP2021077971A (ja) * 2019-11-07 2021-05-20 株式会社リコー 情報処理装置、ファイル保証方法、及びファイル保証プログラム
JP7367471B2 (ja) 2019-11-07 2023-10-24 株式会社リコー 情報処理装置、ファイル保証方法、及びファイル保証プログラム
JPWO2021181828A1 (fr) * 2020-03-10 2021-09-16
WO2021181828A1 (fr) * 2020-03-10 2021-09-16 日立Astemo株式会社 Dispositif et système de commande de véhicule
JP7320126B2 (ja) 2020-03-10 2023-08-02 日立Astemo株式会社 車両制御装置及び車両制御システム
CN111831308A (zh) * 2020-04-15 2020-10-27 腾讯科技(深圳)有限公司 快充设备的固件更新方法、程序、快充设备及存储介质
WO2025187604A1 (fr) * 2024-03-05 2025-09-12 株式会社オートネットワーク技術研究所 Dispositif embarqué, procédé de démarrage de dispositif embarqué et programme de démarrage

Also Published As

Publication number Publication date
JPWO2018138789A1 (ja) 2019-04-11
JP6861739B2 (ja) 2021-04-21

Similar Documents

Publication Publication Date Title
CN110990084B (zh) 芯片的安全启动方法、装置、存储介质和终端
JP4769608B2 (ja) 起動検証機能を有する情報処理装置
JP5740646B2 (ja) ソフトウェアのダウンロード方法
KR101066779B1 (ko) 컴퓨팅 장치의 보안 부팅
US8806221B2 (en) Securely recovering a computing device
US8296579B2 (en) System and method for updating a basic input/output system (BIOS)
JP6861739B2 (ja) 組み込み装置及びファームウェア更新方法
JP2015036847A (ja) 半導体装置
CN113127011A (zh) 电子设备及电子设备的操作方法
US10621330B2 (en) Allowing use of a test key for a BIOS installation
CN107783776B (zh) 固件升级包的处理方法及装置、电子设备
US20100100966A1 (en) Method and system for blocking installation of some processes
TWI706274B (zh) 容許透過復原代理器進行作業系統修復的運算裝置與非暫態電腦可讀儲存媒體
WO2021184712A1 (fr) Procédé et dispositif de mise à niveau de logiciel
WO2019233022A1 (fr) Procédé et système de prévention de rejet
KR101954439B1 (ko) 이중보안기능을 가지는 SoC 및 SoC의 이중보안방법
CN116415225A (zh) 固件验证系统及固件验证方法
WO2020233044A1 (fr) Procédé et dispositif de vérification de module d'extension, et serveur et support d'informations lisible par ordinateur
CN113051577B (zh) 一种处理方法及电子设备
US11663299B2 (en) Method and apparatus for preventing rollback of firmware of data processing device, and data processing device
US20240202341A1 (en) Method for patching secure boot in iot
CN116055124B (zh) 一种白名单更新方法、装置、电子设备及存储介质
CN112487500B (zh) 认证方法
JP5895271B2 (ja) ソフトウェアのダウンロード方法
CN120255925A (zh) 防止方案代码运行中死机的方法、嵌入式芯片及存储介质

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17894621

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2018563980

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17894621

Country of ref document: EP

Kind code of ref document: A1