[go: up one dir, main page]

WO2022088194A1 - Appareil de traitement de sécurité, procédé de traitement de la sécurité et dispositif associé - Google Patents

Appareil de traitement de sécurité, procédé de traitement de la sécurité et dispositif associé Download PDF

Info

Publication number
WO2022088194A1
WO2022088194A1 PCT/CN2020/125977 CN2020125977W WO2022088194A1 WO 2022088194 A1 WO2022088194 A1 WO 2022088194A1 CN 2020125977 W CN2020125977 W CN 2020125977W WO 2022088194 A1 WO2022088194 A1 WO 2022088194A1
Authority
WO
WIPO (PCT)
Prior art keywords
image
subsystem
target
key
security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2020/125977
Other languages
English (en)
Chinese (zh)
Inventor
陈迎国
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to PCT/CN2020/125977 priority Critical patent/WO2022088194A1/fr
Priority to CN202080006698.1A priority patent/CN114731272B/zh
Publication of WO2022088194A1 publication Critical patent/WO2022088194A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords

Definitions

  • the present application relates to the technical field of safe booting of operating systems, and in particular, to a security processing device, a security processing method, and related equipment.
  • An operating system is a computer program that manages computer hardware and software resources.
  • the operating system handles basic tasks such as managing and configuring memory, prioritizing the supply and demand of system resources, controlling input and output devices, operating the network, and managing the file system.
  • An operating system image is a compressed file containing the above computer program, and an operating system image usually contains multiple subsystem images. If the operating system image has been encrypted, during the operating system startup process, each encrypted subsystem image needs to be decrypted in turn to obtain the plaintext of each subsystem image, and the processor will run the plaintext of each subsystem image to start the operating system. .
  • a unified decryption key is used to decrypt the different subsystem images respectively. Specifically, the following two methods are included: (1) The above-mentioned decryption key is in plaintext.
  • the method is stored in the memory of the chip, the processor drives the decryption module to obtain the decryption key, and decrypts each subsystem image; (2)
  • the above-mentioned decryption key is stored in the memory of the chip in the form of ciphertext, and the processor Drive the decryption module to obtain the decryption key, decrypt the decryption key to obtain the decryption key plaintext, and then use the decryption key plaintext to decrypt each subsystem image.
  • the above two methods are easy to crack the ciphertext of the entire operating system image due to the leakage of the decryption key, and the security is low.
  • the embodiments of the present application disclose a security processing device and a related security processing method, so as to improve the security of system startup during operating system startup.
  • an embodiment of the present application provides a security processing device, which may include: a processing unit, a security engine, a first storage unit, and a second storage unit; wherein, the processing unit is configured to separately acquire a Multiple subsystem images of the operating system image; a first storage unit for storing the first key information of the operating system image, the first key information including the root key ciphertext, the life cycle state LCS, the root of trust public key at least one of the key ROTPK hash value, operator information or product information; a second storage unit for storing the target key factor of the target subsystem image in the multiple subsystem images; in the multiple subsystem images, one The subsystem image corresponds to a key factor, and different subsystem images have different key factors; the security engine is used to generate a target decryption key of the target subsystem image according to the first key information and the target key factor; and use the target The decryption key decrypts the target subsystem image to obtain the target image plaintext of the target subsystem image; the processing unit
  • each subsystem image has a different decryption key during the decryption process. Therefore, when the decryption keys of some subsystem images in the operating system are leaked, since the decryption keys of each subsystem image are different, other subsystem images whose decryption keys have not been leaked cannot be decrypted, preventing the operating system from being completely attacked. Thereby improving the security of the operating system.
  • the first key information includes one or more of the root key ciphertext, the life cycle state LCS, the trusted root public key ROTPK hash value, the operator information and the product information, it can further ensure that different subsystems
  • the decryption keys of each subsystem image generated by the image according to its corresponding key factor and the first key information are different.
  • the terminal device is in different life cycle states (such as chip manufacturing CM mode, device manufacturing DM mode and secure SM mode)
  • its LCS value is different
  • the ROTPK of different device manufacturers is different, so the ROTPK hash value is also different
  • the operator information or product information corresponding to terminal devices of different network operators or terminal devices of different models are also different.
  • the decryption key in the embodiment of the present application can effectively prevent the decryption key of the operating system image in a certain life cycle state from being leaked and be used to decrypt the operating system image in other life cycle states; at the same time, it can also prevent some devices from being leaked.
  • the manufacturer's ROTPK is leaked and used to decrypt other device manufacturers' terminal device operating system images; and to prevent the same type of terminal device, or the decryption key of the same operator's terminal device operating system image from being leaked and used to decrypt other devices.
  • the above-mentioned first storage unit may be a one-time programmable device, that is, the first key information stored in the first storage unit cannot be changed after being written for the first time, thereby ensuring that according to the first key information
  • the security and accuracy of each subsystem image decryption key generated by the information further improves the security of the operating system.
  • the above-mentioned security engine is configured to continue decrypting the next subsystem image to obtain the next subsystem image of the next subsystem image after decrypting the target subsystem image to obtain the plaintext of the target image.
  • the image plaintext, the next subsystem image is the subsequent subsystem image of the target subsystem image in the above-mentioned multiple subsystem images.
  • the multiple subsystem images included in the operating system are loaded one by one, and the loading of each subsystem image includes the decryption of each subsystem image and the plaintext of each subsystem image. operation; wherein, the target subsystem image is the subsystem image currently being loaded among the above-mentioned multiple subsystem images.
  • the security engine decrypts the currently loaded subsystem image, that is, the target subsystem image each time, and then decrypts the next subsystem image after the target subsystem image is decrypted. Therefore, even if the target subsystem image is attacked during the decryption process, resulting in the leakage of the target decryption key, due to the different decryption keys of different subsystem images, other subsystem images still cannot be decrypted, which can prevent the entire operating system from being completely attacked. Thereby improving the security of the operating system.
  • the above-mentioned processing unit is specifically configured to: obtain the target subsystem image in the above-mentioned multiple subsystem images; run the plaintext of the target image; Get the next subsystem image; run the next image plaintext.
  • multiple subsystem images of the operating system are loaded in series, that is, one subsystem image is loaded at a time.
  • the processing unit acquires one subsystem image, that is, the target subsystem image each time, and after running the plaintext of the target subsystem image, acquires the next subsystem image, and then runs the next image plaintext.
  • a subsystem image is attacked during the loading process, even if the subsystem image is cracked, other subsystem images are still safe, which can prevent the entire operating system from being cracked, thereby improving the operating system. Security during startup.
  • the above-mentioned processing unit is further configured to: obtain the target security certificate chain of the target subsystem image; among the above-mentioned multiple subsystem images, one subsystem image corresponds to one security certificate chain; from the target security certificate chain Or obtain the target key factor from the decrypted image plaintext, and configure the target key factor to the second storage unit.
  • the above-mentioned decrypted image plaintext is decrypted by the security engine in the above-mentioned multiple subsystem images before decrypting the target subsystem image. Other subsystem images are obtained.
  • the security engine may also verify the target security certificate chain, and after the verification is passed, the processing unit obtains the target key factor , where the target security certificate chain contains at least one level of security certificate, and each level of security certificate will be verified.
  • the manner in which the security engine obtains the target key factor includes: obtaining the target key factor from the target security certificate chain, or obtaining the target key factor from the decrypted image plaintext.
  • the security engine obtains the target key factor from the decrypted image plaintext, since the decrypted subsystem image is trusted, the target key factor obtained from the decrypted image plaintext is also trusted and secure ;
  • the security engine obtains the target key factor from the target security certificate chain, before obtaining the target key factor, the security engine can verify the target security certificate chain. Obtain the target key factor, and the verification process can ensure that the target key factor obtained by the security engine is trusted and secure.
  • the above-mentioned security processing apparatus further includes: a third storage unit, configured to store the above-mentioned multiple subsystem images and multiple security certificate chains corresponding to the multiple subsystem images respectively.
  • the above-mentioned third storage unit may be a readable and writable storage unit, and when the operating system is updated, the processing unit writes a plurality of new subsystems into the third storage unit Mirror to update the original subsystem mirror. Since the security holes in the original subsystem mirror are fixed in the new subsystem mirror, and the new subsystem mirror supports more system functions, it can effectively improve Security during operating system startup.
  • the above-mentioned security engine is specifically used for: decrypting the root key ciphertext to obtain the root key plaintext; according to LCS, ROTPK hash value, target key factor, operator information or product information At least one of the derivation factors is obtained; the target decryption key is generated based on the derivation factors and the root key plaintext.
  • the security engine can obtain the derivation factor of each subsystem image according to at least one of LCS, ROTPK hash value, key factor of each subsystem image, operator information or product information,
  • the decryption key of each subsystem image is generated based on the derivation factor of each subsystem image and the plaintext of the root key. Since the key factor of each subsystem image is different, the decryption key of each subsystem image is different, which improves the performance of each subsystem image.
  • the root key is stored in the first storage unit in the form of ciphertext, which improves the security of the root key and effectively prevents the root key After being leaked, it is used to generate the decryption key of each subsystem image, thereby improving the security of the operating system.
  • the above-mentioned processing unit is further configured to overwrite the target key factor with the first key factor after running the target image plaintext;
  • the above-mentioned security engine is further configured to clear the target decryption key; or use the first key factor to cover the target key factor;
  • the security decryption key or the first preset value of the target subsystem image covers the target decryption key, and the security decryption key is generated according to the first key factor and the first key information.
  • the security engine can overwrite or clear the key factor and decryption key of each subsystem image, because each subsystem image is loaded serially. Therefore, the key factor and decryption key of each subsystem image only exist in the decryption process of the subsystem image, which effectively improves the independence of each subsystem image decryption process and improves the security of the operating system image decryption process. sex.
  • the above-mentioned multiple subsystem images include a first subsystem image and a second subsystem image; during the startup of the operating system, the first subsystem image is decrypted once, and the second subsystem image is decrypted many times. Second-rate.
  • the first subsystem image is a type of subsystem image that is decrypted once during the operating system startup process
  • the second subsystem image is a type of subsystem image that is decrypted multiple times during the operating system startup process.
  • the number of times the subsystem image is decrypted is determined by a specific application scenario, and each second subsystem image uses the same key factor and decryption key during the multiple decryption process.
  • the subsystem image of the operating system may include the first subsystem image and the second font same image.
  • the number of times of decryption of the second subsystem image is determined by the specific application scenario.
  • the above-mentioned security processing apparatus further includes: a fourth storage unit, configured to provide storage space for running the plaintext of the target image.
  • the above-mentioned fourth storage unit may be a random storage unit, which is used to store the mirror images, data and intermediate results of each subsystem during the loading process of the mirror images of each subsystem, so as to ensure that the mirror images of each subsystem are stored. normal operation and smooth startup of the operating system.
  • an embodiment of the present application provides a security processing method, including: obtaining, by a processing unit, multiple subsystem images of an operating system image used for operating system startup respectively; storing, by a first storage unit, a first image of the operating system image Key information, the first key information includes at least one of root key ciphertext, life cycle status LCS, root of trust public key ROTPK hash value, operator information or product information; the second storage unit stores the above The target key factor of the target subsystem image in the multiple subsystem images; in the above multiple subsystem images, one subsystem image corresponds to one key factor, and different subsystem images have different key factors; key information and target key factor to generate the target decryption key of the target subsystem image; and use the target decryption key to decrypt the target subsystem image to obtain the target image plaintext of the target subsystem image; the processing unit runs the target image plaintext .
  • the method further includes: after the security engine decrypts the target subsystem image to obtain the plaintext of the target image, the security engine continues to decrypt the next subsystem image to obtain the next sub-system image.
  • the above-mentioned obtaining, by the processing unit, the multiple subsystem images of the operating system image used for starting the operating system respectively includes: obtaining, by the processing unit, the target subsystem image from the above-mentioned multiple subsystem images; After mirroring the plaintext, the processing unit continues to obtain the next subsystem mirror from the multiple subsystem mirrors; after the processing unit runs the target mirroring plaintext, the security processing method further includes: running the next mirroring plaintext.
  • the above method further includes: acquiring, by the processing unit, a target security certificate chain of the target subsystem image; among the above-mentioned multiple subsystem images, one subsystem image corresponds to one security certificate chain; Obtain the target key factor from the target security certificate chain or the decrypted image plaintext, and configure the target key factor to the second storage unit.
  • generating the target decryption key of the target subsystem image by the security engine according to the first key information and the target key factor includes: decrypting the ciphertext of the root key to obtain the root key Plaintext; splicing one or more of the LCS, ROTPK hash value, target key factor, operator information and product information to obtain the derivation factor; based on the derivation factor and the root key plaintext to generate the target decryption of the target subsystem image key.
  • the above-mentioned method further includes: storing, by a third storage unit, the above-mentioned multiple subsystem images and multiple security certificate chains corresponding to the above-mentioned multiple subsystem images respectively.
  • the method further includes: the processing unit overwrites the target key factor of the target subsystem image with the first key factor; Clearing the target decryption key; or overwriting the target decryption key with the security decryption key of the target subsystem image or the first preset value, where the security decryption key is generated according to the first key factor and the first key information.
  • the above-mentioned multiple subsystem images include a first subsystem image and a second subsystem image; during the startup of the operating system, the first subsystem image is decrypted once, and the second subsystem image is decrypted many times. Second-rate.
  • the above method further includes: providing, by the fourth storage unit, a storage space for running the plaintext of the target image.
  • the present application provides a chip system, where the chip system includes the security processing device provided in any one of the implementation manners of the foregoing first aspect, for implementing the security described in any one of the foregoing second aspect
  • the chip system further includes a memory, and the memory is used for saving necessary or related program instructions and data of the above-mentioned security processing method.
  • the chip system may be composed of chips, or may include chips and other discrete devices.
  • an embodiment of the present application provides a terminal device, including the security processing device provided by any one of the implementations of the foregoing first aspect, and a discrete device coupled to the security processing device.
  • the present application provides a computer storage medium, where the computer storage medium stores a computer program, and when the computer program is executed by a security processing device, implements the security processing method flow described in any one of the above-mentioned second aspects.
  • an embodiment of the present invention provides a computer program, where the computer program includes instructions, when the computer program is executed by the security processing device, the security element can perform the security processing described in any one of the above-mentioned second aspects. method flow.
  • FIG. 1 is a schematic structural diagram of a security processing device provided by an embodiment of the present application.
  • FIG. 2 is a schematic structural diagram of another security processing device provided by an embodiment of the present application.
  • FIG. 3 is a schematic structural diagram of another security processing device provided by an embodiment of the present application.
  • FIG. 4 is a schematic flowchart of a configuration flow of a target key factor of an operating system subsystem image provided by an embodiment of the present application
  • FIG. 5 is a schematic diagram of hierarchical division of a subsystem image of an operating system provided by an embodiment of the present application.
  • FIG. 6 is a schematic diagram of hierarchical division of a subsystem image of another operating system provided by an embodiment of the present application.
  • FIG. 7 is a schematic diagram of a derivation process of a target decryption key of each subsystem image provided by an embodiment of the present application.
  • FIG. 8 is a schematic flowchart of a security processing method provided by an embodiment of the present application.
  • a process, method, system, product or device comprising a series of steps or units is not limited to the listed steps or units, but optionally also includes unlisted steps or units, or optionally also includes For other steps or units inherent to these processes, methods, products or devices.
  • Reference herein to an "embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the present application.
  • the appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor a separate or alternative embodiment that is mutually exclusive of other embodiments. It is explicitly and implicitly understood by those skilled in the art that the embodiments described herein may be combined with other embodiments.
  • a component may be, but is not limited to, a process running on a processor, a processor, an object, an executable, a thread of execution, a program, and/or a computer.
  • an application running on a computing device and the computing device may be components.
  • One or more components may reside within a process and/or thread of execution, and a component may be localized on one computer and/or distributed between 2 or more computers.
  • these components can execute from various computer readable media having various data structures stored thereon.
  • a component may, for example, be based on a signal having one or more data packets (eg, data from two components interacting with another component between a local system, a distributed system, and/or a network, such as the Internet interacting with other systems via signals) Communicate through local and/or remote processes.
  • data packets eg, data from two components interacting with another component between a local system, a distributed system, and/or a network, such as the Internet interacting with other systems via signals
  • a system on chip also known as a system-on-chip, is an integrated circuit that includes a processor, memory, and on-chip logic.
  • LCS Life cycle status
  • CM Chip Manufacture
  • DM Device Manufacturing
  • Secure Mode Secure Mode
  • KDF key derivation function
  • ROTPK trusted public key
  • Operator information which is used to provide information on network service providers. For example, in the terminal equipment using China Mobile and China Telecom, the operator information is correspondingly different.
  • Operating system image the operating system is a program that manages hardware and software resources on the terminal device, and the operating system image is a file containing the program; the operating system image includes multiple subsystem images, and the multiple subsystem images refer to each subsystem image ciphertext.
  • FIG. 1 is a schematic structural diagram of a security processing device provided by an embodiment of the present application.
  • the security processing device 10 may include a processing unit 101, a security engine 102, a first storage unit 103, and a second storage unit 104. And the processing unit 101, the security engine 102, the first storage unit 103 and the second storage unit 104 may be integrated in the SOC chip.
  • the processing unit 101 is configured to obtain a plurality of subsystem images of the operating system image for operating the operating system respectively.
  • the processing unit 101 may include multiple processors, and the multiple processors may be respectively used to drive the security engine 102 to obtain different subsystem images, and the processors may be a central processing unit (CPU) or other processing cores,
  • the multiple processors may be heterogeneous processors, that is, processors of different types, and the specific implementation scheme of the processors is not described in this embodiment.
  • the security engine 102 obtains one subsystem image of the above-mentioned multiple subsystem images at a time.
  • the operating system image is a program in the non-volatile memory of the memory, and the operating system is, for example, an Android, Windows, or iOS system, which is not limited in this embodiment.
  • the first storage unit 103 is configured to store the first key information of the operating system image, where the first key information may include the root key ciphertext, the life cycle state LCS, and the root-of-trust public key ROTPK hash value , at least one of carrier information or product information.
  • the first key information is programmed into the first storage unit 103 during the production process of the security processing device 10, and cannot be changed thereafter to ensure the security of the first key information.
  • the first storage unit 103 may be a one-time programmable (one-time programmable, OTP) device, such as an electronic fuse eFuse or other memory with similar functions that can only be programmed once.
  • OTP one-time programmable
  • the hash value can be obtained by using a secure hash algorithm (SHA), such as SHA-256, or other hash algorithms, and different devices Manufacturers use different ROTPKs.
  • SHA secure hash algorithm
  • the first key information stored in the first storage unit 103 may also include the above five types of key information.
  • the first key information stored in the first storage unit 103 may also include the above five types of key information.
  • the second storage unit 104 is configured to store the target key factor of the target subsystem image among the multiple subsystem images.
  • one subsystem image corresponds to one key factor, and the keys of different subsystem images factors are different.
  • the second storage unit 104 only stores one key factor at a time, that is, stores the key factor (ie, the target key factor) of the subsystem image (ie, the target subsystem image) currently to be decrypted.
  • the images are loaded in sequence, and the key factor in the second storage unit 104 will also change accordingly.
  • the second storage unit 104 may be a writable and readable storage unit, such as a register or random access memory (random access memory, RAM), such as static random access memory (static random access memory, SRAM), dynamic Random access memory (dynamic random access memory, DRAM) or synchronous dynamic random access memory (synchronous DRAM, SDRAM), double rate SDRAM (dual data rate SDRAM, DDR SDRAM), etc.
  • RAM random access memory
  • static random access memory static random access memory
  • DRAM dynamic random access memory
  • DRAM synchronous dynamic random access memory
  • SDRAM synchronous DRAM
  • double rate SDRAM double rate SDRAM
  • the security engine 102 is used to generate a target decryption key of the target subsystem image according to the first key information and the target key factor; and use the target decryption key to decrypt the target subsystem image to obtain the target of the target subsystem image.
  • the first key information stored in the first storage unit 103 may include root key ciphertext, LCS, ROTPK hash value, operator information and product information, a total of five , then for the target subsystem image to be decrypted currently, the process of generating the target key factor by the security engine 102 may be as shown in FIG.
  • the security engine 102 first decrypts the root key ciphertext to obtain the root key plaintext, , ROTPK hash value, operator information, product information and target key factor are concatenated to obtain a derivation factor. Finally, based on KDF, the target decryption key of the target subsystem image is obtained according to the root key plaintext and the derivation factor.
  • the first key information stored in the first storage unit is different, the first key information obtained by the security engine 102 is also different; in addition, during the decryption process of each subsystem image, the security engine 102 generates a The first key information used in the decryption key of the image is the same.
  • the security engine 102 may execute software through hardware to implement any steps implemented by the security engine 102 described in the embodiments of the present application. Since the security engine 102 in the form of hardware is independent of the processing unit 101, it is dedicated to implementing related security. Processing, decryption, or verification functions, which help improve performance when decrypting operating system images.
  • the security engine 102 may obtain the first key information from the first storage unit 103 when decrypting the first subsystem image of the operating system, and then save the first key information in the In the security engine 102; when decrypting the subsequent subsystem image, the first key information is no longer obtained from the first storage unit 103, but the first key information saved in the security engine 102 is used to generate the subsequent The decryption key for the subsystem image.
  • the security engine 102 may also obtain the first key information from the first storage unit 103 before generating the decryption key of each subsystem image.
  • the security engine 102 can obtain the target key factor of the target subsystem image from the second storage unit 104 by means of hard-wired transmission;
  • the first key information is obtained from a storage unit 103 .
  • the key factor of each subsystem image stored in the second storage unit 104 can only be read by the security engine 102 in a hard-wired manner, It cannot be read by software or other means, which can effectively prevent the key factor of each subsystem image from being leaked and used to decrypt the corresponding subsystem image, thereby effectively improving the security of the operating system image.
  • the processing unit 101 is further configured to run the plaintext of the target image. Specifically, after the security engine 102 decrypts the target image plaintext of the target subsystem image, the processing unit 101 obtains the target image plaintext and runs it to complete the loading of the target subsystem image. It should be understood that the loading of each subsystem image of the operating system includes: Decryption of each subsystem image, and operation of the plaintext of each subsystem image.
  • the processing unit 101 drives the security engine 102 to obtain the target subsystem image, the security engine 102 decrypts the target subsystem image to obtain the target image plaintext, and the processing unit 101 runs the target image plaintext; after the processing unit 101 runs the target image plaintext, The processing unit 101 continues to obtain the next subsystem image from the above-mentioned multiple subsystem images, the security engine 102 continues to decrypt the next subsystem image to obtain the next image plaintext of the next subsystem image, and the processing unit 101 executes the next subsystem image.
  • the plaintext of the next image where the next subsystem image is the subsequent subsystem image of the target subsystem image in the above-mentioned multiple subsystem images.
  • each subsystem image has a different decryption key during the decryption process. Therefore, when the decryption keys of some subsystem images in the operating system are leaked, since the decryption keys of each subsystem image are different, other subsystem images whose decryption keys have not been leaked cannot be decrypted, preventing the operating system from being completely attacked. Thereby improving the security of the operating system.
  • the first key information includes one or more of the root key ciphertext, the life cycle state LCS, the trusted root public key ROTPK hash value, the operator information and the product information, it can further ensure that different subsystems
  • the decryption keys of each subsystem image generated by the image according to its corresponding key factor and the first key information are different.
  • the terminal device is in different life cycle states (such as chip manufacturing CM mode, device manufacturing DM mode and secure SM mode)
  • its LCS value is different
  • the ROTPK of different device manufacturers is different, so the ROTPK hash value is also different
  • the operator information or product information corresponding to terminal devices of different network operators or terminal devices of different models are also different.
  • the decryption key in the embodiment of the present application can effectively prevent the decryption key of the operating system image in a certain life cycle state from being leaked and be used to decrypt the operating system image in other life cycle states; at the same time, it can also prevent some devices from being leaked.
  • the manufacturer's ROTPK is leaked and used to decrypt other device manufacturers' terminal device operating system images; and to prevent the same type of terminal device, or the decryption key of the same operator's terminal device operating system image from being leaked and used to decrypt other devices.
  • Operating system images of terminal devices of different models or terminal devices using other operators thus ensuring the independence of operating system images between terminal devices of different life cycle states, manufactured by different device manufacturers, using different operators, or different models , thereby improving the security of the operating system.
  • FIG. 5 is a schematic diagram of hierarchical division of a subsystem image of an operating system according to an embodiment of the present application. It should be understood that the type of the subsystem image of the operating system and the hierarchical division method of the subsystem image of the operating system (including the specific number of layers, and the subsystem images included in each layer) are determined by the actual application scenario, and the embodiments of the present application are for this No specific limitation is made.
  • Fig. 5 can be used as an example of the hierarchical division of the subsystem image of the operating system of the mobile terminal device. As shown in Fig.
  • the subsystem image of the operating system is divided into four layers: the first layer of subsystem image (Layer0: ROM image) , the ROM image is solidified in the read-only storage unit on the SOC or other storage units during the manufacturing process of the security processing device 10, and cannot be changed; the second-layer subsystem image (Layer1: bootloader image); third Layer subsystem images include Layer2-0: rich execution environment (REE) image, Layer2-1: Trusted execution environment (TEE) image, Layer2-2: Sensor hub Sensorhub image and Layer2- 3: Low-power Lowpower image; the fourth-layer subsystem image includes Layer3-0: Modem Modem image, Layer3-1: High-fidelity (HiFi) image and Layer3-2: Image signal processing (image signal processor, ISP) image, the four-layer subsystem images shown in Figure 5 are all sensitive to security and need to be decrypted.
  • Layer0 rich execution environment
  • TEE Trusted execution environment
  • Layer2-2 Sensor hub Sensorhub image
  • Layer2- 3 Low-power Lowpower image
  • the fourth-layer subsystem image
  • the processing unit 101 first acquires a ROM image, and runs the ROM image.
  • a subsystem image stored in plaintext.
  • the processing unit 101 drives the security engine 102 to obtain the Bootloader image; the security engine 102 obtains the first key information and the Bootloader image from the first storage unit 103 and the second storage unit 104 respectively. key factor, and generate the decryption key of the Bootloader image according to the first key information and the key factor of the Bootloader image; the security engine 102 uses the decryption key of the Bootloader image to decrypt the Bootloader image to obtain the plaintext of the Bootloader image; processing unit 101 Get and run the plaintext of the Bootloader image.
  • the processing unit 101 sequentially obtains the subsequent REE images, TEE images, Sensorhub images, Lowpower images, and Modem images in the sequence shown in FIG. 5 .
  • HiFi image and ISP image the security engine 102 decrypts the above subsystem images according to the above sequence, to obtain the plaintext of each subsystem image; the processing unit 101 sequentially runs the decrypted plaintext of each subsystem image according to the above sequence.
  • the Sensorhub image is the image related to sensor control
  • Lowpower is the image related to power management
  • Modem is the image related to communication
  • HiFi is the image related to audio
  • ISP is the image related to image and video
  • the security processing device 10 loads each subsystem image in sequence according to a preset order, so as to realize serial loading of the subsystem images during the operating system startup process, that is, each time a subsystem image is loaded, After the current subsystem image is loaded, the next subsystem image is loaded. In this case, if a subsystem image is attacked during the loading process, even if the subsystem image is cracked, other subsystem images are still safe, which can prevent the entire operating system from being cracked, thereby improving the operating system. Security during startup.
  • FIG. 2 is a schematic structural diagram of another security processing device 10 provided by an embodiment of the present application.
  • the security processing device 10 includes the processing unit 101, the security engine 102, and the first storage unit 103 in FIG. 1 in addition to and the second storage unit 104, and perform the corresponding functions of the above-mentioned embodiment in FIG. 1, may also include a third storage unit 105, a fourth storage unit 106 and a fifth storage unit 107, and the fifth storage unit 107
  • the unit 101, the security engine 102, the first storage unit 103, and the second storage unit 104 are jointly integrated in the SOC chip.
  • the third storage unit 105 is configured to store other subsystem images except the first subsystem image among the above-mentioned multiple subsystem images, and store multiple security certificate chains corresponding to each subsystem image respectively.
  • the third storage unit may include non-volatile memory (non-volatile memory), such as flash memory (flash memory), programmable read-only memory (programmable read-only memory, PROM), electrically rewritable memory Read-only memory (electrically alterable read only memory, EAROM), erasable programmable read only memory (EPROM), electrically erasable programmable read only memory (electrically erasable programmable read only memory, EEPROM), and Combinations of the types of memories described above may be included.
  • the third storage unit 105 is used to permanently store the above-mentioned other subsystem images, multiple security certificate chains, and other data or programs that need to be maintained.
  • the above-mentioned processing unit 101 acquires the target subsystem image, further comprising: the processing unit 101 acquires the target subsystem image from the third storage unit 105 or the read-only storage unit in the SOC, and converts the target subsystem image to the The system image is stored in the fourth storage unit 106, and this process is also called loading.
  • the processing unit 101 drives the security engine 102 to acquire the target subsystem image from the fourth storage unit 106 .
  • the security engine 102 before the security engine 102 generates the target decryption key of the target subsystem image according to the first key information and the target key factor, the security engine 102 obtains the target subsystem image from the security certificate chain or The target key factor is obtained from the decrypted image plaintext, and the target key factor is configured in the second storage unit 104.
  • the above-mentioned decrypted image plaintext is that the security engine 102 decrypts the above-mentioned multiple subsystem images before decrypting the target subsystem image. obtained by mirroring other subsystems in the .
  • the processing unit 101 when the LCS in the first key information is SM, the processing unit 101 obtains the target security certificate chain from the third storage unit 105 and stores the target security certificate chain in the fourth The storage unit 106; the processing unit 101 drives the security engine 102 to verify the target security certificate chain. After the verification is passed, the processing unit 101 obtains the target password from the target security certificate chain of the fourth storage unit 106 or the decrypted image plaintext. key factor and configure the target key factor into the second storage unit 104; wherein, the target security certificate chain includes at least a first-level security certificate; it should be understood that, except for the target subsystem image, the security certificate chains of other subsystem images All also include at least a Level 1 security certificate.
  • each level of security certificate in the security certificate chain corresponding to each subsystem mirror is verified level by level.
  • the security certificate of each subsystem mirror is verified. The verification of the chain passes accordingly.
  • the processing unit 101 obtains from the third storage unit 105
  • the target security certificate chain is stored in the fourth storage unit 106; the processing unit 101 obtains the target key factor from the target security certificate chain in the fourth storage unit or the decrypted image plaintext and stores the target key factor configured into the second storage unit 104 .
  • the processing unit 101 after the processing unit 101 runs the target image plaintext, the processing unit 101 overwrites the target key factor with the first key factor; the security engine 102 can clear the generated target decryption key, or use the target key factor
  • the security decryption key of the subsystem image or the first preset value covers the target decryption key, and the security decryption key is generated according to the first key factor and the first key information.
  • each subsystem image corresponds to a different first key factor
  • the first key factor of the target subsystem image can be any value except the target key factor
  • the first preset value can be any different from the target key factor.
  • the numerical value of the decryption key is the numerical value of the decryption key.
  • the target key factor can be prevented from being left in the process of loading the next subsystem image, ensuring that each subsystem image key factor is This ensures the security of the operating system image; at the same time, after decrypting the target subsystem image with the target decryption key, clearing or overwriting the target decryption key can prevent the target decryption key from leaking. It is then used to decrypt the system image, thereby further ensuring the security of the operating system image.
  • the above-mentioned multiple subsystem images include a first subsystem image and a second subsystem image; during the startup process of the operating system, the first subsystem image is decrypted once, and the second subsystem image is decrypted once. Decrypt multiple times.
  • FIG. 5 is a schematic diagram of hierarchical division of a subsystem image of an operating system of a mobile terminal device according to an embodiment of the present application. As shown in Figure 5, the subsystem images of the first layer, the second layer and the third layer are loaded once during the operating system startup process, which is the first subsystem image, and the subsystem image of the fourth layer is loaded during the operating system startup process. Loaded multiple times to mirror the second subsystem.
  • the specific loading times of the second subsystem image is determined by the actual application scenario. For example, when the terminal device shown in Figure 5 is a mobile phone, after the Lowpower image is loaded, its Modem image starts to be loaded. After the loading is completed, the mobile phone has Communication function, when the user turns on the mobile phone in airplane mode, the communication function is unavailable. When the user turns off the airplane mode, the Modem image is loaded again, and the communication function of the mobile phone is restored. In this scenario, the Modem image is loaded twice; the same For ISP mirroring, when the user enables the camera on the mobile phone, the ISP mirroring starts to load. At this time, the terminal device has the function of video recording or photographing. When the user closes the camera program, the video recording or photographing function is unavailable. When the camera is turned on again, the ISP mirroring will be loaded again. It should be understood that for the second subsystem image, the key factor used in each loading process is the same.
  • the security processing apparatus 10 may further include a fourth storage unit 106 for providing storage space for running the plaintext of the target image.
  • the fourth storage unit 106 may be a random access memory RAM or a power-down volatile storage device, such as static random access memory SRAM, dynamic random access memory DRAM or synchronous dynamic random access memory SDRAM, double rate SDRAM Wait.
  • the fourth storage unit 106 is used to provide the space required for the execution of data or instructions.
  • the security processing apparatus 10 may further include a fifth storage unit 107 , when the target subsystem image is the first subsystem image, the fifth storage unit 107 is used to back up the data in the second storage unit 104 data.
  • the data in the second storage unit 104 can be changed in a monotonically increasing or monotonically decreasing manner, that is, the data written in the second storage unit 104 can only be The currently stored data is large or small.
  • the fifth storage unit 107 can be used to back up the data in the second storage unit 104; when the target subsystem image is the second subsystem image, the second storage unit 104 writes The entered data can be any specified value, and is not affected by the current stored data. In this case, the data in the fifth storage unit 107 remains unchanged.
  • the fifth storage unit 107 may be the same memory as the second storage unit 104 .
  • FIG. 6 is a schematic diagram of hierarchical division of another subsystem image of an operating system provided by an embodiment of the present application.
  • FIG. 6 may be a schematic diagram of the subsystem image level division of the operating system image of the monitor.
  • the monitor starts the video recording function when it is powered on, so its ISP image has a higher priority, and its ISP image is deployed to the image in FIG. 6 .
  • the second layer shown is loaded so that the video recording function can be turned on as soon as possible.
  • the operating system includes N-layer subsystem images: the first-layer subsystem image (Layer0: ROM image); the second-layer subsystem image includes Layer1-0: Bootloader image and Layer1-1: Image signal processing ISP mirror; Layer 3 subsystem mirrors include Layer2-0: Rich Execution Environment REE mirror, Layer2-1: Trusted Execution Environment TEE mirror and Layer2-2: Lowpower mirror; Layer 4 subsystem mirror (Layer3: Modem mirror) ; F layer subsystem image (contained specific subsystem images are not shown); N-1 layer image includes M+1 subsystem images, wherein, from the fifth layer to the subsystems included in the N-1 layer Mirrors are not shown, and N and M are positive integers.
  • Layer0 ROM image
  • the second-layer subsystem image includes Layer1-0: Bootloader image and Layer1-1: Image signal processing ISP mirror
  • Layer 3 subsystem mirrors include Layer2-0: Rich Execution Environment REE mirror, Layer2-1: Trusted Execution Environment TEE mirror and Layer2-2: Lowpower mirror
  • Layer 4 subsystem mirror Layer
  • the processing unit 101 first obtains a ROM image, and runs the ROM image, which is solidified inside the SOC.
  • the first subsystem image is stored in plaintext; the fourth storage unit 106 provides storage space for the operation of the ROM image.
  • the processing unit 101 After the processing unit 101 runs the plaintext of the ROM image, the processing unit 101 acquires the Bootloader image from the third storage unit 105, stores the Bootloader image in the fourth storage unit 106, and the processing unit 101 drives the security engine 102 from the fourth storage unit 106.
  • the security engine 102 obtains the first key information from the first storage unit 103, if the first key information at this time includes the life cycle state LCS, and the LCS is SM, the security engine 102 needs Verify the safety certificate chain corresponding to the Bootloader image; the safety engine 102 obtains the safety certificate chain of the Bootloader image from the third storage unit 105 and stores it in the fourth storage unit 106, and the safety engine 102 starts to verify the Bootloader image.
  • the safety certificate chain is verified; after the verification of the safety certificate chain of the Bootloader image is passed, the processing unit 101 obtains the key factor of the Bootloader image from the safety certificate chain of the Bootloader image or the ROM image, and configures it into the second storage In unit 104; the security engine 102 obtains the key factor of the Bootloader image from the second storage unit 104 by hard-wired, and generates the decryption key of the Bootloader image according to the key factor of the Bootloader image and the first key information; the security engine 102 decrypts the bootloader image by using the decryption key of the bootloader image to obtain the plaintext of the bootloader image; the processing unit 101 runs the plaintext of the bootloader image, and the fourth storage unit 106 provides storage space for the operation of the bootloader image.
  • FIG. 4 is a schematic diagram of the configuration flow of the key factor of the operating system subsystem image.
  • the process of changing data in the second storage unit 104 and the fifth storage unit 107 during the operating system startup process will be described below with reference to FIG. 4 .
  • the second storage unit 104 and the fifth storage unit 107 may be registers, and when the target subsystem mirror is the first subsystem mirror, the data in the second storage unit 104 is monotonically increasing
  • the processing unit 101 configures the second storage unit 104 to monotonically increase each time, the data in the second storage unit 104 is increased by a preset value K based on the current data, where the preset value K can be arbitrarily larger than A positive integer of 0. As shown in FIG.
  • FIG. 4 includes three subsystem images, the A subsystem image and the C subsystem image are the first subsystem image, and the B subsystem image is the second subsystem image.
  • the following will describe in detail the process of changing data in the second storage unit 104 and the fifth storage unit 107 during the sequential loading process of the above three subsystem images:
  • the A subsystem image at this time may also be called the target subsystem image.
  • the processing unit 101 starts to load the A subsystem image, the data stored in the second storage unit 104 and the fifth storage unit 107 is the first key factor saved in the previous subsystem image loading process.
  • the processing unit 101 first takes out the first key factor in the fifth storage unit 107 of the previous subsystem image, adds nK to obtain the second key factor corresponding to the A subsystem image, and the first key factor of the A subsystem image.
  • the second key factor is written into the second storage unit 104 and the fifth storage unit 107, and n is a positive integer greater than 0; wherein, when the previous subsystem mirror of the A subsystem mirror is the first subsystem mirror, the previous The first key factor in the second storage unit 104 and the fifth storage unit 107 of the subsystem mirror is the same; when the previous subsystem mirror of the A subsystem mirror is the second subsystem mirror, the The first key factors in the second storage unit 104 and the fifth storage unit 107 are different.
  • the processing unit 101 After the processing unit 101 writes the second key factor of the A subsystem image into the second storage unit 104 and the fifth storage unit 107, the processing unit 101 writes the second key factor of the A subsystem image and the A subsystem image according to the second key factor of the A subsystem image and the A subsystem image.
  • the difference between the target key factors of the second storage unit 104 is configured to monotonically increase, and the above-mentioned preset value K is incremented each time, until the value in the second storage unit 104 is incremented to the target key factor of the A subsystem image, At this time, the processing unit 101 may also write the target key factor of the A subsystem image into the fifth storage unit 107 .
  • the processing unit 101 can drive the second storage unit 104 to monotonically increase three times, each time increasing by 2, until The value in the second storage unit 104 becomes the target key factor 12 of the A subsystem mirror.
  • the processing unit 101 uses the first key factor of the A subsystem image to overwrite the target key factor of the A subsystem image in the second storage unit 104 and the fifth storage unit 107 , specifically, the processing unit 101 configures the second storage unit 104 to monotonically increase according to the difference between the first key factor of the A subsystem image and the target key factor of the A subsystem image, until the second storage unit 104 The value of is incremented to the first key factor of the A subsystem image, and the processing unit 101 simultaneously writes the first key factor of the A subsystem image into the fifth storage unit 107 .
  • the B subsystem image may also be called the target subsystem image at this time. Since the B subsystem image is the second subsystem image, the processing unit 101 directly writes the target key factor of the B subsystem image into the second storage unit 104, and the data in the fifth storage unit 107 remains unchanged. is the first key factor of the A subsystem image. For example, if the first key factor corresponding to the A subsystem image is 16, and the target key factor of the B subsystem image is 10, at this time, the processing unit 101 writes the target key factor 10 of the B subsystem image into the second key factor In the storage unit 104, the data in the fifth storage unit 107 remains unchanged, and is still the first key factor 16 of the A subsystem image.
  • the processing unit 101 After the processing unit 101 runs the image plaintext of the B subsystem image, the processing unit 101 writes the first key factor of the B subsystem image into the second storage unit 104 to cover the target key factor of the B subsystem image.
  • the data in the fifth storage unit 107 remains unchanged, and is the first key factor of the mirror image of the A subsystem; wherein, the first key factor of the mirror image of the B subsystem can be other than the target key factor of the mirror image of the B subsystem any value.
  • the C subsystem image at this time may also be called the target subsystem image. Since the C subsystem image is the first subsystem image, it can be known from the above loading process of the B subsystem image that the second storage unit 104 stores the first key factor of the B subsystem image, and the fifth storage unit 107 stores the first key factor of the B subsystem image. Stored in is the first key factor of the A subsystem image.
  • the steps for the subsequent processing unit 101 to configure the target key factor of the C subsystem image are the same as the corresponding steps in the A subsystem image loading process, which will not be repeated here.
  • the processing unit 101 stores the first key factor.
  • the first key factor of the mirror image of the A subsystem in the fifth storage unit 107 is taken out, and mK is added to obtain the second key factor of the mirror image of the C subsystem, and the second key factor of the mirror image of the C subsystem is written into the In the second storage unit 104 and the fifth storage unit 107, m is a positive integer greater than 0; then on the basis of the second key factor of the C subsystem image, the processing unit 101 begins to configure the second storage unit 104 to monotonically increase data changes locally.
  • the data in the second storage unit 104 is backed up by the fifth storage unit 107, and during the loading process of multiple non-consecutive first subsystem images, the keys of each subsystem image
  • the factor can be continuously monotonically increased, and the key factor of the loaded first subsystem image will not appear again in the subsequent loading process of the first subsystem image, which can effectively prevent the leakage of the key factor and improve the system during the startup of the operating system.
  • Mirror security
  • the above-mentioned second storage unit 104 stores the key factors of each subsystem image in a monotonically increasing manner, in order to ensure that the key factors of each subsystem image are different, thereby ensuring that different subsystem images correspond to different decryption encryption keys. key, and different subsystem images use different decryption keys for decryption.
  • the above-mentioned monotonically increasing manner is only an example listed in the embodiment of the present application, and those skilled in the art may also adopt other manners, such as monotonically decreasing manner, to ensure that different subsystem images correspond to different key factors, Therefore, different subsystem images are decrypted using different decryption keys, which is not specifically limited in this embodiment of the present application.
  • FIG. 3 is a schematic structural diagram of yet another security processing device 10 provided by an embodiment of the present invention, as a partial function of the security processing device 10 in FIG. 1 or FIG. 2 . Refinement of modules.
  • the security engine 102 may include a first engine 1021 , a key management module 1022 and a second engine 1023 .
  • the first engine 1021 is configured to verify the target security certificate chain of the target subsystem image.
  • the key management module 1022 is used to decrypt the root key ciphertext in the first key information to obtain the root key plaintext; then at least one of LCS, ROTPK hash value, operator information, product information and the target The key factors are spliced to obtain a derivation factor; finally, based on the KDF, the target decryption key of the target subsystem image is obtained according to the root key plaintext and the derivation factor.
  • the second engine 1023 is configured to obtain the target subsystem image and the target decryption key, and use the target decryption key to decrypt the target subsystem image to obtain the target image plaintext.
  • FIG. 8 is a schematic flowchart of a security processing method provided by an embodiment of the present invention.
  • the security processing method is applicable to any security processing device in the above-mentioned FIG. 1 to FIG. 3 and including the above-mentioned security processing device. device of.
  • the method may include the following steps S801-S803, wherein, in step S801, a processing unit is used to separately acquire a plurality of subsystem images of an operating system image used for operating the operating system.
  • Step S803 the second storage unit stores the target key factor of the target subsystem image in the multiple subsystem images; in the multiple subsystem images, one subsystem image corresponds to one key factor, and the keys of different subsystem images factors are different.
  • Step S804 the security engine generates the target decryption key of the target subsystem image according to the first key information and the target key factor; and uses the target decryption key to decrypt the target subsystem image to obtain the target of the target subsystem image.
  • Mirror plaintext Step S805: Run the target image plaintext by the processing unit.
  • the method further includes: after the security engine decrypts the target subsystem image to obtain the plaintext of the target image, the security engine continues to decrypt the next subsystem image to obtain the next sub-system image.
  • the above-mentioned obtaining, by the processing unit, the multiple subsystem images of the operating system image used for starting the operating system respectively includes: obtaining, by the processing unit, the target subsystem image from the above-mentioned multiple subsystem images; After mirroring the plaintext, the processing unit continues to obtain the next subsystem mirror from the multiple subsystem mirrors; after the processing unit runs the target mirroring plaintext, the security processing method further includes: running the next mirroring plaintext.
  • the above method further includes: acquiring, by the processing unit, a target security certificate chain of the target subsystem image; among the above-mentioned multiple subsystem images, one subsystem image corresponds to one security certificate chain; Obtain the target key factor from the target security certificate chain or the decrypted image plaintext, and configure the target key factor to the second storage unit.
  • generating the target decryption key of the target subsystem image by the security engine according to the first key information and the target key factor includes: decrypting the ciphertext of the root key to obtain the root key Plaintext; splicing one or more of the LCS, ROTPK hash value, target key factor, operator information and product information to obtain the derivation factor; based on the derivation factor and the root key plaintext to generate the target decryption of the target subsystem image key.
  • the above-mentioned method further includes: storing, by a third storage unit, the above-mentioned multiple subsystem images and multiple security certificate chains corresponding to the above-mentioned multiple subsystem images respectively.
  • the method further includes: the processing unit overwrites the target key factor of the target subsystem image with the first key factor; Clearing the target decryption key; or overwriting the target decryption key with the security decryption key of the target subsystem image or the first preset value, where the security decryption key is generated according to the first key factor and the first key information.
  • the above-mentioned multiple subsystem images include a first subsystem image and a second subsystem image; during the startup of the operating system, the first subsystem image is decrypted once, and the second subsystem image is decrypted many times. Second-rate.
  • the above method further includes: providing, by the fourth storage unit, a storage space for running the plaintext of the target image.
  • the embodiment of the present application further provides a computer storage medium, wherein the computer storage medium can store a computer program, when part of the program in the computer program is executed by the processing unit 101, the processing unit 101 can execute the above method embodiments Part or all of any one of the steps implemented by the processing unit 101 described in; when part of the program in the computer program is executed by the processing unit 101, the processing unit 101 can also be caused to drive the security engine 102 to execute the above method embodiments Some or all of any of the steps described in and implemented by the security engine 102.
  • the above-mentioned computer storage medium may be the third storage unit 105 in the embodiment of the present application, or a read-only storage unit for storing a ROM image.
  • Embodiments of the present application also provide a computer program, where the computer program includes instructions.
  • the processing unit 101 may execute any part or all of the steps implemented by the processing unit 101 as described in the above method embodiments;
  • the processing unit 101 may also be caused to drive the security engine 102 to execute any part or all of the steps implemented by the security engine 102 as described in the above method embodiments.
  • the disclosed apparatus may be implemented in other manners.
  • the device embodiments described above are only illustrative.
  • the division of the above-mentioned units is only a logical function division.
  • multiple units or components may be combined or integrated. to another system, or some features can be ignored, or not implemented.
  • the shown or discussed mutual coupling or direct coupling or communication connection may be through some interfaces, indirect coupling or communication connection of devices or units, and may be in electrical or other forms.
  • the units described above as separate components may or may not be physically separated, and components shown as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution in this embodiment.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Facsimile Transmission Control (AREA)

Abstract

Un appareil de traitement de sécurité et un procédé de traitement de sécurité sont divulgués. L'appareil de traitement de sécurité comprend une unité de traitement, un moteur de sécurité, une première unité de stockage et une seconde unité de stockage. L'unité de traitement est utilisée pour acquérir respectivement une pluralité de miroirs de sous-système d'un miroir de système d'exploitation pour le démarrage d'un système d'exploitation. La première unité de stockage est utilisée pour stocker des premières informations de clé du miroir de système d'exploitation. La seconde unité de stockage est utilisée pour stocker un facteur de clé cible d'un miroir de sous-système cible parmi la pluralité de miroirs de sous-système. Différents miroirs de sous-système ont des facteurs clés différents. Le moteur de sécurité est utilisé pour générer une clé de décryptage cible en fonction des premières informations de clé et du facteur de clé cible, et pour décrypter le miroir de sous-système cible à l'aide de la clé de décryptage cible pour obtenir un texte en clair de miroir cible. L'unité de traitement est en outre utilisée pour exécuter le texte en clair de miroir cible. L'utilisation de modes de réalisation de la présente demande peut améliorer la sécurité du miroir de système lors du démarrage du système d'exploitation.
PCT/CN2020/125977 2020-11-02 2020-11-02 Appareil de traitement de sécurité, procédé de traitement de la sécurité et dispositif associé Ceased WO2022088194A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2020/125977 WO2022088194A1 (fr) 2020-11-02 2020-11-02 Appareil de traitement de sécurité, procédé de traitement de la sécurité et dispositif associé
CN202080006698.1A CN114731272B (zh) 2020-11-02 2020-11-02 一种安全处理装置、安全处理方法及相关设备

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2020/125977 WO2022088194A1 (fr) 2020-11-02 2020-11-02 Appareil de traitement de sécurité, procédé de traitement de la sécurité et dispositif associé

Publications (1)

Publication Number Publication Date
WO2022088194A1 true WO2022088194A1 (fr) 2022-05-05

Family

ID=81381677

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/125977 Ceased WO2022088194A1 (fr) 2020-11-02 2020-11-02 Appareil de traitement de sécurité, procédé de traitement de la sécurité et dispositif associé

Country Status (2)

Country Link
CN (1) CN114731272B (fr)
WO (1) WO2022088194A1 (fr)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060015946A1 (en) * 2004-07-16 2006-01-19 Hitachi, Ltd. Method and apparatus for secure data mirroring a storage system
US20160125187A1 (en) * 2014-11-03 2016-05-05 Rubicon Labs, Inc. System and Method for a Renewable Secure Boot
CN107483590A (zh) * 2017-08-22 2017-12-15 郑州云海信息技术有限公司 云数据系统中云化管理系统和方法
WO2019075622A1 (fr) * 2017-10-16 2019-04-25 华为技术有限公司 Élément de sécurité et dispositif associé
CN109995522A (zh) * 2019-03-08 2019-07-09 东南大学 一种具有密钥协商功能的安全数据镜像方法

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102594568A (zh) * 2012-03-23 2012-07-18 南京小网科技有限责任公司 基于多级数字证书的保障移动设备软件镜像安全的方法
CN110806919B (zh) * 2019-09-25 2021-11-02 苏州浪潮智能科技有限公司 一种云环境下保护虚拟机镜像的方法及系统

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060015946A1 (en) * 2004-07-16 2006-01-19 Hitachi, Ltd. Method and apparatus for secure data mirroring a storage system
US20160125187A1 (en) * 2014-11-03 2016-05-05 Rubicon Labs, Inc. System and Method for a Renewable Secure Boot
CN107483590A (zh) * 2017-08-22 2017-12-15 郑州云海信息技术有限公司 云数据系统中云化管理系统和方法
WO2019075622A1 (fr) * 2017-10-16 2019-04-25 华为技术有限公司 Élément de sécurité et dispositif associé
CN109995522A (zh) * 2019-03-08 2019-07-09 东南大学 一种具有密钥协商功能的安全数据镜像方法

Also Published As

Publication number Publication date
CN114731272A (zh) 2022-07-08
CN114731272B (zh) 2024-03-26

Similar Documents

Publication Publication Date Title
US10943013B2 (en) Maintaining keys for trusted boot code
JP7769018B2 (ja) ファームウェアのセキュアな検証
US9935945B2 (en) Trusted management controller firmware
US10877806B2 (en) Method and apparatus for securely binding a first processor to a second processor
US8719585B2 (en) Secure update of boot image without knowledge of secure key
US11876900B2 (en) System and method for trusted control flow enforcement using derived encryption keys
EP3757848A1 (fr) Moteur cryptographique convergé
US20170372076A1 (en) Technologies for provisioning and managing secure launch enclave with platform firmware
US11068599B2 (en) Secure initialization using embedded controller (EC) root of trust
US20200371695A1 (en) NVDIMM Serial Interface for Out-of-Band Management by a Baseboard Management Controller and Method Therefor
US12488111B2 (en) Computer system, trusted function component, and running method
KR20160113693A (ko) 하드웨어 플랫폼에 대한 펌웨어의 인-시스템 프로비저닝
US11423150B2 (en) System and method for booting processors with encrypted boot image
US20250265343A1 (en) System method for fractional secure boot by validating secure enclave using instructions of pre-drivers stored in memory by manufacturer
US11468200B2 (en) System and method for cryptographically coupling a media controller to a baseboard management controller
JP2020004390A (ja) 自動検証方法及びシステム
WO2025232078A1 (fr) Procédé, système et dispositif de démarrage sécurisé pour système d'info-divertissement embarqué, et support et véhicule
CN117009284A (zh) 系统单芯片架构及其数据保护方法
US11966748B2 (en) Dynamic boot configuration
WO2022088194A1 (fr) Appareil de traitement de sécurité, procédé de traitement de la sécurité et dispositif associé
TW202446030A (zh) 兩個測量狀態之間的對偶密鑰建立
CN115292709B (zh) 一种基于sm3算法的云平台信任链构建方法
US12455695B2 (en) Reserved persistent random access memory
US12362919B2 (en) Enforcing access control for embedded controller resources and interfaces
US20250307412A1 (en) Seamless and secured device startup after device part replacement

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20959354

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20959354

Country of ref document: EP

Kind code of ref document: A1