+

CN115062292B - Equipment safety starting and authentication method and device based on hierarchical encryption - Google Patents

Equipment safety starting and authentication method and device based on hierarchical encryption

Info

Publication number
CN115062292B
CN115062292B CN202210677685.8A CN202210677685A CN115062292B CN 115062292 B CN115062292 B CN 115062292B CN 202210677685 A CN202210677685 A CN 202210677685A CN 115062292 B CN115062292 B CN 115062292B
Authority
CN
China
Prior art keywords
certificate
firmware
boot loader
encrypted
kernel
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210677685.8A
Other languages
Chinese (zh)
Other versions
CN115062292A (en
Inventor
蔡杨
徐涛
张海琦
高山
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Fenghuo Cloud Information Technology Co ltd
Fiberhome Telecommunication Technologies Co Ltd
Original Assignee
Chengdu Fenghuo Cloud Information Technology Co ltd
Fiberhome Telecommunication Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Fenghuo Cloud Information Technology Co ltd, Fiberhome Telecommunication Technologies Co Ltd filed Critical Chengdu Fenghuo Cloud Information Technology Co ltd
Priority to CN202210677685.8A priority Critical patent/CN115062292B/en
Publication of CN115062292A publication Critical patent/CN115062292A/en
Application granted granted Critical
Publication of CN115062292B publication Critical patent/CN115062292B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • G06F21/46Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to a device security starting and authenticating method and device based on hierarchical encryption. The method mainly comprises the steps of entering a boot loader of the SOC after equipment is powered on, sequentially pulling up the boot loader BL1, the boot loader BL2 and the boot loader BL3, sequentially checking the validity of equipment security information files, the validity of kernel firmware and the validity of file system firmware through the boot loader BL3, and after checking all the validity, pulling up the kernel by the boot loader BL3 and transmitting the equipment serial number and the MAC address to the kernel for network authentication of the equipment. The invention uses multiple sets of secret keys for hierarchical encryption, effectively prevents the falsification of equipment information, improves the safety of the system, and improves the flexibility due to the fact that the secret keys are replaceable.

Description

Equipment safety starting and authentication method and device based on hierarchical encryption
Technical Field
The invention relates to the technical field of embedded equipment security, in particular to a method and a device for equipment security starting and authentication based on hierarchical encryption.
Background
With the widespread use of embedded systems, system security of embedded devices is increasingly receiving attention from manufacturers. In order to prevent embedded device System software from being maliciously tampered and protect intellectual property rights, chip manufacturers put forward a device safety starting solution based on an SOC Chip (SOC is an abbreviation of a System on Chip, called a System on Chip), and the solution adopts an RSA asymmetric encryption technology to carry out safety verification on all starting firmware, and the problems of single encryption/verification means and insufficient flexibility exist because a verification program is solidified in BL0 (boot loader 0) in the SOC.
In view of the above, how to overcome the defects existing in the prior art, and solve the problems that the means is single, the flexibility is insufficient, the secret key cannot be updated, and the device cannot be authenticated differently when all firmware in the security policy of the SOC manufacturer uses the same set of verification method, is a problem to be solved in the technical field.
Disclosure of Invention
Aiming at the defects or improvement demands of the prior art, the invention provides a device safe starting and authenticating method and device based on hierarchical encryption, which realize the safe check of the kernel and the file system firmware in BL3 (boot loader 3), and newly add a unique safe information file for each device as the check basis of the firmware to achieve the purposes of the hierarchical check of the firmware and the differential authentication of the devices. In addition, the BL3 security check can be realized, the problem of single encryption means is solved, and the security of the system is enhanced.
The embodiment of the invention adopts the following technical scheme:
in a first aspect, the present invention provides a device security starting and authenticating method based on hierarchical encryption, including:
After the equipment is powered on, entering a boot loader of the SOC, and sequentially pulling up the boot loader BL1, the boot loader BL2 and the boot loader BL3;
sequentially checking the validity of the equipment security information file, the validity of the kernel firmware and the validity of the file system firmware through a boot loader BL 3;
after checking all valid, the bootloader BL3 pulls up the kernel and transmits the device serial number and the MAC address to the kernel for network authentication of the device.
Further, the method also comprises the step of carrying out hierarchical encryption on the equipment information in the equipment production stage, and specifically:
Generating a private key and a certificate of a preset logarithm, wherein the private key and the certificate comprise a first private key and a first certificate, a second private key and a second certificate, a third private key and a third certificate which are mutually corresponding;
generating a device security information file, an encrypted firmware of a boot loader, an encrypted firmware of a kernel and an encrypted firmware of a file system according to the private key and the certificate;
And installing the generated device security information file and each piece of encryption firmware to the device, and writing the certificate and the device related information into the SOC.
Further, writing the certificate and the device-related information into the SOC specifically includes:
writing the hash value of the first certificate into a programmable read-only memory in the SOC;
calculating hash values of the device serial numbers and the MAC addresses, encrypting the hash values by using an AES algorithm and writing the hash values into a programmable read-only memory in the SOC;
the boot loader BL0 decrypts the encrypted value stored in the programmable read-only memory through an AES algorithm;
The hash value of the second certificate is encrypted by the AES algorithm and then written into the boot loader BL 3.
Further, the device security information file comprises one or more of a magic word, a device serial number, a MAC address, an encryption value of a third certificate, a digital signature and a second certificate, wherein the generation of the digital signature specifically comprises signing a specified number of fields of the security information file by using an RSA algorithm and a second private key, and the verification of the validity of the device security information file through a bootloader BL3 specifically comprises:
verifying the validity of the second certificate, and comparing and verifying the hash value of the second certificate with the AES encryption value in the boot loader BL3 through AES encryption;
Verifying the digital signature through RSA algorithm and the second certificate;
And calculating hash values of the equipment serial numbers and the MAC addresses, and comparing and checking the hash values with the encrypted values after AES decryption by the boot loader BL0 of the SOC.
Further, the generation of the encrypted firmware of the boot loader specifically includes respectively signing the three firmware of the boot loader BL1, the boot loader BL2 and the boot loader BL3 by using an RSA algorithm and a first private key, and respectively adding header description information and a first certificate to generate corresponding encrypted firmware.
Further, after the device is powered on, the boot loader entering the SOC sequentially pulls up the boot loader BL1, the boot loader BL2, and the boot loader BL3, which specifically include:
After the equipment is powered on, entering a boot loader BL0 of the SOC;
reading and checking a boot loader BL1 based on an SOC chip strategy, and pulling up BL1 after checking;
reading and checking a boot loader BL2 based on an SOC chip strategy, and pulling up BL2 after the verification is passed;
And reading and checking the boot loader BL3 based on the SOC chip strategy, and pulling up BL3 after the verification is passed.
Further, the generation of the encryption firmware of the kernel and the encryption firmware of the file system specifically includes respectively signing the firmware of the kernel and the firmware of the file system by using an RSA algorithm and a third private key, and respectively adding header description information and a third certificate to generate corresponding encryption firmware.
Further, verifying the validity of the kernel firmware by the boot loader BL3 specifically includes:
Analyzing the head description information of the encrypted firmware of the kernel, checking a third certificate in the encrypted firmware of the kernel, comparing and verifying the encrypted value of the hash value of the third certificate by using the AES (advanced encryption standard) with the encrypted value of the third certificate in the equipment security information file, and verifying the digital signature of the encrypted firmware of the kernel by using an RSA algorithm and the third certificate.
Further, verifying the validity of the file system firmware by the boot loader BL3 specifically includes:
Analyzing the head description information of the encrypted firmware of the file system, checking a third certificate in the encrypted firmware of the file system, comparing and verifying the hash value of the third certificate with the encrypted value of the third certificate in the equipment security information file by using the AES encrypted value, and verifying the digital signature of the encrypted firmware of the file system by using an RSA algorithm and the third certificate.
On the other hand, the invention provides a device security starting and authentication device based on hierarchical encryption, which specifically comprises at least one processor and a memory, wherein the at least one processor and the memory are connected through a data bus, the memory stores instructions executed by the at least one processor, and the instructions are used for completing the device security starting and authentication method based on hierarchical encryption in the first aspect after being executed by the processor.
Compared with the prior art, the invention has the beneficial effects that a plurality of sets of secret keys are used for hierarchical encryption, so that the falsification of equipment information is effectively prevented, the system safety is improved, the secret keys are replaceable, and the flexibility is improved. The method has the advantages that the safety verification of the kernel and the file system firmware is realized in BL3, the unique safety information file is newly added for each device to serve as a verification basis of the firmware, the purposes of grading verification of the firmware and distinguishing authentication of the devices are achieved, safe and reliable device authentication information is provided, reliable support is provided for network authentication of the devices, and the dependence on SOC manufacturers is reduced.
Drawings
In order to more clearly illustrate the technical solution of the embodiments of the present invention, the drawings that are required to be used in the embodiments of the present invention will be briefly described below. It is evident that the drawings described below are only some embodiments of the present invention and that other drawings may be obtained from these drawings without inventive effort for a person of ordinary skill in the art.
Fig. 1 is a flowchart of a device security start-up and authentication method based on hierarchical encryption provided in embodiment 1 of the present invention;
Fig. 2 is a flow chart of hierarchical encryption of device information provided in embodiment 1 of the present invention;
fig. 3 is a schematic structural diagram of an encryption firmware according to embodiment 1 of the present invention;
fig. 4 is a schematic diagram of the content of the device security information file according to embodiment 1 of the present invention;
FIG. 5 is a schematic flow chart of the production stage of the apparatus according to embodiment 2 of the present invention;
fig. 6 is a schematic flow chart of a device start-up phase provided in embodiment 2 of the present invention;
fig. 7 is a schematic structural diagram of a device security start-up and authentication device based on hierarchical encryption according to embodiment 3 of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present invention more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
The present invention is an architecture of a specific functional system, so that in a specific embodiment, functional logic relationships of each structural module are mainly described, and specific software and hardware implementations are not limited.
In addition, the technical features of the embodiments of the present invention described below may be combined with each other as long as they do not collide with each other. The invention will be described in detail below with reference to the drawings and examples.
Example 1:
as shown in fig. 1, embodiment 1 of the present invention provides a device security starting and authenticating method based on hierarchical encryption, which includes the following steps:
Step 100, after the device is powered on, the boot loader enters the SOC, and the boot loader BL1, the boot loader BL2 and the boot loader BL3 are pulled up in sequence. This step requires that the firmware of the bootloader BL1, the bootloader BL2, the bootloader BL3 is encrypted during the device production phase, respectively, to produce the corresponding encrypted firmware, and when entering the bootloader of the SOC, the bootloader BL0 is entered first, and then the bootloader BL1, the bootloader BL2 are verified and pulled in sequence until the bootloader BL3 is verified and pulled.
Step 200, verifying the validity of the device security information file, the validity of the kernel firmware and the validity of the file system firmware in sequence through the boot loader BL 3. The method comprises the steps of verifying the validity of a device security information file, a device kernel and a file system firmware in a boot loader BL3, firstly encrypting all information of the device, the device kernel firmware and the file system firmware in a device production stage to produce the device security information file, the encrypted firmware of the kernel and the encrypted firmware of the file system, and then respectively verifying the device security information file, the device kernel and the file system firmware after the boot loader BL3 is powered on and pulled up by the device.
Step 300, after checking that all the devices are valid, the boot loader BL3 pulls up the kernel and transmits the device serial number and the MAC address to the kernel for network authentication of the devices. The step is performed after the verification of step 100 and step 200 is determined to be valid, and after the bootloader BL3 transmits the device serial number and the MAC address to the kernel, the user can obtain the device serial number and the MAC address from the kernel for network authentication of the device.
By adopting the steps, the embodiment of the invention realizes the safety verification of the kernel and the file system firmware in BL3, newly adds a unique safety information file for each device as a verification basis of the firmware, achieves the purposes of grading verification of the firmware and distinguishing authentication of the devices, provides safe and reliable device authentication information, provides reliable support for network authentication of the devices, and reduces the dependence on SOC manufacturers.
It should be noted that, the above three steps are steps of device security start-up and authentication, and before that, the device information needs to be encrypted in a hierarchical manner in the device production stage, and specifically, as shown in fig. 2, the device information hierarchical encryption step specifically includes:
Step 10, generating RSA private keys and corresponding certificates of preset logarithms, wherein the RSA private keys and the corresponding certificates comprise a first private key and a first certificate, a second private key and a second certificate, and a third private key and a third certificate which are mutually corresponding. In this step, the pairs of RSA private key and certificate include, but are not limited to, the three pairs described above, and more pairs may be added to achieve more levels of encryption as needed. It should be noted that, instead of using the RSA private key and the corresponding certificate, other asymmetric encryption algorithms, such as DSA and ECC, may be used in the embodiment, and only the algorithm satisfies the conditions of asymmetric encryption, data encryption and decryption, and support of private key encryption and public key decryption. In addition, the use method of other algorithms also needs to be considered, and certain modification is needed when the encrypted firmware is generated, for example, an ECC encryption/decryption dependent elliptic curve needs to be newly added into the encrypted firmware. In this embodiment, only the RSA algorithm is described as an example.
And step 20, generating a device security information file, an encrypted firmware of a boot loader, an encrypted firmware of a kernel and an encrypted firmware of a file system according to the RSA private key and the certificate. The step is to encrypt the device information and each firmware according to the RSA private key and the certificate set in the step 10, and specifically includes encrypting the device information to generate a device security information file, encrypting the firmware of the boot loader BL1, the boot loader BL2, and the boot loader BL3 to generate the encrypted firmware of the boot loader BL1, the encrypted firmware of the boot loader BL2, and the encrypted firmware of the boot loader BL3, encrypting the kernel firmware of the device to generate the encrypted firmware of the kernel, and encrypting the file system firmware to generate the encrypted firmware of the file system.
And step 30, installing the generated device security information file and each piece of encryption firmware to the device, and writing the certificate and the device related information into the SOC. The step is to write the hash value of the certificate and the encrypted value of the device related information to be used in the SOC for the subsequent verification to call, and install the device security information file generated in the step 20 and the encrypted firmware of the boot loader BL1, the encrypted firmware of the boot loader BL2, the encrypted firmware of the boot loader BL3, the encrypted firmware of the kernel, and the encrypted firmware of the file system into the device for the subsequent verification to call.
For step 30 of this embodiment, writing the certificate and the device related information into the SOC specifically includes writing the hash value of the first certificate into the programmable read-only memory in the SOC, calculating the hash value of the device serial number and the MAC address, encrypting the hash value using the AES algorithm and writing the hash value into the programmable read-only memory in the SOC, decrypting the encrypted value stored in the programmable read-only memory by the bootloader BL0 through the AES algorithm, encrypting the hash value of the second certificate through the AES algorithm, and writing the encrypted hash value into the bootloader BL 3.
For step 20 of this embodiment, the generation of the encrypted firmware of the bootloader specifically includes signing the three firmware of the bootloader BL1, the bootloader BL2, and the bootloader BL3 by using the RSA algorithm and the first private key, and adding the header description information and the first certificate, respectively, to generate the corresponding encrypted firmware. Namely, the firmware of the boot loader BL1 is signed by using an RSA algorithm and a first private key and added with header description information and a first certificate to generate encrypted firmware of the boot loader BL1, the firmware of the boot loader BL2 is signed by using the RSA algorithm and the first private key and added with header description information and the first certificate to generate encrypted firmware of the boot loader BL2, and the firmware of the boot loader BL3 is signed by using the RSA algorithm and the first private key and added with header description information and the first certificate to generate encrypted firmware of the boot loader BL 3. The structure of each finally formed encrypted firmware is shown in fig. 3, and includes four information of header description, original firmware, digital signature and certificate. It should be noted that, for the encryption of the bootloader BL1, the bootloader BL2, and the bootloader BL3, different pairs of private key certificates (for example, two pairs of different private key certificates are added) may be used to encrypt the firmware of the bootloader BL1, the bootloader BL2, and the bootloader BL3, respectively, so that the hierarchical encryption of the present embodiment is more complex and reliable, and in this case, the bootloader BL1, the bootloader BL2 also need to have the capability of the hierarchical verification (similar to the capability of the bootloader BL 3).
Correspondingly, in step 100 of the embodiment, the boot loader entering the SOC after the device is powered on sequentially pulls up the boot loader BL1, the boot loader BL2 and the boot loader BL3, and specifically comprises the steps of entering the boot loader BL0 of the SOC after the device is powered on, reading and checking the boot loader BL1 based on the SOC chip policy, pulling up BL1 after the verification, reading and checking the boot loader BL2 based on the SOC chip policy, pulling up BL2 after the verification, reading and checking the boot loader BL3 based on the SOC chip policy, and pulling up BL3 after the verification. For verification of the bootloader BL1, the bootloader BL2, and the bootloader BL3, the following method can be specifically used. In the production phase, the encrypted firmware of the bootloader BL1, the bootloader BL2 and the bootloader BL3 comprises a header description, original firmware, a digital signature and a first certificate (refer to FIG. 3). In the verification stage, taking the boot loader BL1 as an example, the boot loader BL2 and the boot loader BL3 are the same to load the encrypted firmware BL1, comparing and verifying the first certificate through the certificate hash value stored in the SOC, and verifying the digital signature through the RSA algorithm and the first certificate.
For step 20 of the present embodiment, the generated device security information file has a composition as shown in fig. 4, and specifically includes a magic word, a device serial number, a MAC address, an encrypted value (hash value) of a third certificate, a digital signature, and a second certificate, where the encrypted value of the third certificate is obtained by hashing the third certificate and encrypting with AES, and the generation of the digital signature specifically includes signing a specified number of fields (the first 4 fields) of the security information file with an RSA algorithm and a second private key. The explanation and examples of the contents of each constituent of the device security information file are as follows. Magic word-format for marking device security information file, e.g. 0x7f454c66. Device serial number: hardware serial number of devices, serial number of each device is different, like identity card, for example 98328328432.MAC address: physical addresses of the network card, for example: 8d:2c:3d:56:0c:22. The device serial number and MAC address may uniquely identify a single device. And the hash value of the third certificate uses the encrypted value after AES encryption to verify the kernel encrypted firmware and the file system encrypted firmware.
Correspondingly, in step 200 of this embodiment, verifying the validity of the device security information file by the bootloader BL3 specifically includes the steps of verifying the validity of the second certificate, comparing and verifying the hash value of the second certificate with the AES encrypted value in the bootloader BL3 by AES encryption, verifying the digital signature by RSA algorithm and the second certificate, calculating the hash value of the device serial number and the MAC address, and comparing and verifying the value of the device related information stored in the programmable read-only memory of the SOC after AES decryption by the bootloader BL 0.
For step 20 of this embodiment, the generation of the kernel encrypted firmware and the file system encrypted firmware specifically includes signing the kernel and the file system firmware respectively using the RSA algorithm and the third private key, and adding header description information and the third certificate respectively to generate corresponding encrypted firmware. Namely, the RSA algorithm and the third private key are used for signing the firmware of the kernel and adding the header description information and the third certificate to generate the encrypted firmware of the kernel, and the RSA algorithm and the third private key are used for signing the firmware of the file system and adding the header description information and the third certificate to generate the encrypted firmware of the file system. The structure of the kernel encrypted firmware and the file system encrypted firmware is also shown in fig. 3, and includes four information, namely header description, original firmware, digital signature and certificate. It should be noted that, in order to implement hierarchical verification of more layers, the embodiment can further add a group of RSA private key and certificate pairs (the fourth private key and the fourth certificate), which are specially used for hierarchical encryption verification of the file system firmware, that is, the key pairs in the embodiment are extensible and replaceable, which is beneficial to improving flexibility of hierarchical encryption.
Correspondingly, in step 200 of this embodiment, verifying the validity of the kernel firmware by the bootloader BL3 specifically includes the steps of parsing header description information of the kernel encrypted firmware, verifying a third certificate in the kernel encrypted firmware, comparing and verifying the hash value of the third certificate with the encrypted value of the third certificate in the device security information file by using the encrypted value of the AES, and verifying the digital signature of the kernel encrypted firmware by using the RSA algorithm and the third certificate. The verification of the validity of the file system firmware by the boot loader BL3 specifically comprises the following steps of analyzing the header description information of the encrypted firmware of the file system, verifying a third certificate in the encrypted firmware of the file system, comparing and verifying the hash value of the third certificate with the encrypted value of the third certificate in the equipment security information file by using the AES encrypted value, and verifying the digital signature of the encrypted firmware of the file system by using an RSA algorithm and the third certificate. If the fourth private key and the fourth certificate are used in the encryption, the fourth certificate is also used in the verification.
In summary, through the steps, the embodiment of the invention uses multiple sets of secret keys for hierarchical encryption, thereby effectively preventing the falsification of equipment information, improving the system security, and improving the flexibility due to the fact that the secret keys are replaceable. The method has the advantages that the safety verification of the kernel and the file system firmware is realized in BL3, the unique safety information file is newly added for each device to serve as a verification basis of the firmware, the purposes of grading verification of the firmware and distinguishing authentication of the devices are achieved, safe and reliable device authentication information is provided, reliable support is provided for network authentication of the devices, and the dependence on SOC manufacturers is reduced.
Example 2:
based on the device security starting and authenticating method based on hierarchical encryption provided in embodiment 1, the difference between the device security starting and authenticating method based on hierarchical encryption and the traditional SOC security policy of the present invention is further embodied in the comparison manner in embodiment 2.
The SOC vendor security policy (conventional SOC security policy) of a certain router device is as follows.
Device production phase-a pair of RSA private keys (keys) and certificates (certs) are generated using OPENSSL tools. The encryption firmware is generated by signing the firmware by using RSA algorithm and private key and adding header description information and certificate cert, and the encryption firmware structure of FIG. 3 can be referred to. The hash value of certificate cert is written into programmable read only memory (FPROM) of the SOC chip. The encrypted firmware is installed to the device.
And in the device starting stage, after the device is powered on, the boot loader BL0 of the SOC is started. The bootloader BL1 is read and verified, and BL1 is pulled up after verification passes. And the same as the previous step, sequentially checking and pulling up the subsequent firmware. And stopping the starting flow if the verification fails.
Specific implementations of embodiments of the present invention are as follows.
As shown in fig. 5, in the plant production phase:
First, using OPENSSL tools, 3 sets of RSA private keys (first private key1, second private key2, third private key 3) and certificates (first certificate cert1, second certificate cert2, third certificate cert 3) are generated. It should be noted that the private key and the public key (certificate) are in one-to-one correspondence. For example, key1 corresponds to cert1, key2 corresponds to cert2, and Key3 corresponds to cert3. The private key and the public key are used for encrypting and decrypting data, for example, the private key1 encrypts the data, and the public key cert1 decrypts the data. In the embodiment, key1 is used for encrypting BL1, BL2 and BL3, cert1 is used for verifying BL1, BL2 and BL3, key2 is used for encrypting a device security information file, cert2 is used for verifying the file, key3 is used for encrypting kernel firmware and a file system, and cert3 is used for verifying kernel firmware and the file system.
A device security information file is generated, wherein the security information file comprises a magic word, a device serial number, a MAC Address (MAC), an encrypted value of a third certificate cert3 (cert 3 hashed and encrypted by using AES), a digital signature and a second certificate cert2, and the digital signature content specifically comprises that the first 4 fields of the security information file are signed by using an RSA algorithm and a second private key2, and reference can be made to the device security information file content of fig. 2. The device security information file in this embodiment may be updated, and by means of updating the security information file, the purpose of replacing the RSA key pair of the system firmware may be achieved.
The encryption firmware of the boot loader is generated by signing the three firmware of the boot loader BL1, the boot loader BL2 and the boot loader BL3 by using an RSA algorithm and a first private key1, and adding the head description information and a first certificate cert1 respectively to generate corresponding encryption firmware, and the encryption firmware structure of FIG. 3 can be referred to.
And generating encryption firmware of the kernel and the file system, namely respectively signing the kernel and the file system firmware by using an RSA algorithm and a third private key3, respectively adding header description information and a third certificate cert3, and generating corresponding encryption firmware, wherein the encryption firmware structure of FIG. 3 can be referred to.
The hash value of the first certificate cert1 is written to programmable read only memory (FPROM) in the SOC.
The hash value of the device serial number, MAC address is calculated, encrypted using AES algorithm and written to programmable read only memory (FPROM) in the SOC.
And installing the encrypted firmware and the encrypted equipment security information file generated in the steps to equipment.
The hash value of the second certificate cert2 is encrypted by the AES algorithm and then written into the bootloader BL 3. The bootloader BL3 in this embodiment needs to have the capability of resolving the disk security file, the capability of verifying the RSA algorithm, and the capability of encrypting the AES algorithm.
The encrypted value stored in the programmable read only memory (FPROM) is decrypted by the AES algorithm. The boot loader BL0 of the present embodiment needs to support AES decryption capability.
As shown in fig. 6, in the device start-up phase:
after the device is powered up, the boot loader BL0 of the SOC is entered.
And verifying the validity of the boot loader BL1 based on the SOC chip strategy, and pulling up BL1. Specifically, the bootloader BL1 is read and checked, and after the check passes, the bootloader BL1 is pulled up.
And verifying the validity of the boot loader BL2 based on the SOC chip strategy, and pulling up BL2. Specifically, the bootloader BL2 is read and checked, and after the check passes, the bootloader BL2 is pulled up.
And verifying the validity of the boot loader BL3 based on the SOC chip strategy, and pulling up BL3. Specifically, the bootloader BL3 is read and checked, and after the check passes, the bootloader BL3 is pulled up.
The bootloader BL3 verifies the device security information file by verifying the validity of the second certificate cert2 (comparing the hash value of the second certificate cert2 with the AES encrypted value in the bootloader BL3 by AES encryption), by verifying the digital signature by RSA algorithm + the second certificate cert2, calculating the hash value of the device serial number, MAC address and comparing it with the AES decrypted encrypted value in the SOC (corresponding to the last step of the device production phase).
The boot loader BL3 verifies the validity of the kernel firmware by analyzing the header description information of the kernel encrypted firmware, verifying the third certificate cert3 in the encrypted firmware (comparing and verifying the encrypted value of the third certificate cert3 after the hash value of the third certificate cert3 is encrypted by AES with the encrypted value of the third certificate cert3 in the equipment security information file), and verifying the digital signature of the encrypted firmware by using an RSA algorithm and the third certificate cert 3.
The boot loader BL3 verifies the validity of the file system firmware by analyzing the encrypted firmware header description information of the file system, verifying the third certificate cert3 in the encrypted firmware (comparing and verifying the encrypted value of the third certificate cert3 after the hash value of the third certificate cert3 is encrypted by using AES with the encrypted value of the third certificate cert3 in the equipment security information file), and verifying the digital signature of the encrypted firmware by using the RSA algorithm and the third certificate cert 3.
The boot loader BL3 pulls up the kernel and transmits the effective equipment serial number and the MAC address to the kernel, the kernel provides the user program with the equipment serial number and the MAC address which are effective based on chip-level verification, and the user can acquire the equipment serial number and the MAC address from the kernel for network authentication of the equipment.
In summary, the embodiment of the present invention realizes the hierarchical encryption verification capability of the firmware through the development of the bootloader BL3 and the use of multiple RSA key pairs. The embodiment of the invention can achieve the purpose of replacing the RSA key pair of the system firmware by updating the security information file. The embodiment of the invention can be combined with the SOC manufacturer strategy to realize the device authentication strategy based on the chip level. Embodiments of the present invention include implementing a hierarchical encryption check on all firmware after the bootloader BL3, for example, adding a set of RSA private key pairs (fourth private key4 and fourth certificate cert 4) for the hierarchical encryption check of file system firmware.
Example 3:
On the basis of the device security starting and authenticating method based on hierarchical encryption provided in the above embodiment 1 and embodiment 2, the present invention further provides a device security starting and authenticating device based on hierarchical encryption, which can be used to implement the method, as shown in fig. 7, and is a schematic device architecture diagram of the embodiment of the present invention. The device security start-up and authentication apparatus based on hierarchical encryption of the present embodiment includes one or more processors 21 and a memory 22. In fig. 7, a processor 21 is taken as an example.
The processor 21 and the memory 22 may be connected by a bus or otherwise, which is illustrated in fig. 7 as a bus connection.
The memory 22 is used as a non-volatile computer readable storage medium for storing non-volatile software programs, non-volatile computer executable programs, and modules, such as the hierarchical encryption based device security initiation and authentication methods of embodiments 1, 2. The processor 21 executes various functional applications and data processing of the hierarchical encryption-based device security boot and authentication apparatus by running the nonvolatile software programs, instructions, and modules stored in the memory 22, that is, implements the hierarchical encryption-based device security boot and authentication method of embodiments 1, 2.
The memory 22 may include high-speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid-state storage device. In some embodiments, memory 22 may optionally include memory located remotely from processor 21, which may be connected to processor 21 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
Program instructions/modules are stored in the memory 22 that, when executed by the one or more processors 21, perform the hierarchical encryption based device security initiation and authentication methods of embodiments 1, 2 described above, e.g., performing the various steps shown in fig. 1-2, 5-6 described above.
Those of ordinary skill in the art will appreciate that all or part of the steps in the various methods of the embodiments may be implemented by a program to instruct related hardware, and the program may be stored in a computer readable storage medium, where the storage medium may include a Read Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and so on.
The foregoing description of the preferred embodiments of the invention is not intended to be limiting, but rather is intended to cover all modifications, equivalents, and alternatives falling within the spirit and principles of the invention. What is not described in detail in this specification is prior art known to those skilled in the art.

Claims (10)

1. The equipment safety starting and authenticating method based on hierarchical encryption is characterized by comprising the following steps:
After the equipment is powered on, entering a boot loader of the SOC, and sequentially pulling up the boot loader BL1, the boot loader BL2 and the boot loader BL3;
sequentially checking the validity of the equipment security information file, the validity of the kernel firmware and the validity of the file system firmware through a boot loader BL 3;
after checking all valid, the bootloader BL3 pulls up the kernel and transmits the device serial number and the MAC address to the kernel for network authentication of the device.
2. The hierarchical encryption-based device security initiation and authentication method of claim 1, further comprising, in a device production phase, performing hierarchical encryption on device information, specifically:
Generating a private key and a certificate of a preset logarithm, wherein the private key and the certificate comprise a first private key and a first certificate, a second private key and a second certificate, a third private key and a third certificate which are mutually corresponding;
generating a device security information file, an encrypted firmware of a boot loader, an encrypted firmware of a kernel and an encrypted firmware of a file system according to the private key and the certificate;
And installing the generated device security information file and each piece of encryption firmware to the device, and writing the certificate and the device related information into the SOC.
3. The device security initiation and authentication method based on hierarchical encryption according to claim 2, wherein writing the certificate and the device-related information into the SOC specifically comprises:
writing the hash value of the first certificate into a programmable read-only memory in the SOC;
calculating the hash value of the equipment serial number and the MAC address, encrypting the hash value of the MAC address by using an AES algorithm and writing the hash value into a programmable read-only memory (ROM) in the SOC;
the boot loader BL0 decrypts the encrypted value stored in the programmable read-only memory through an AES algorithm;
The hash value of the second certificate is encrypted by the AES algorithm and then written into the boot loader BL 3.
4. The hierarchical encryption-based device security initiation and authentication method according to claim 2, wherein the configuration content of the device security information file includes one or more of a magic word, a device serial number, a MAC address, an encrypted value of a third certificate, a digital signature, and a second certificate, wherein the generation of the digital signature specifically includes signing a specified number of fields of the security information file using an RSA algorithm and a second private key, and the corresponding verification of the validity of the device security information file by the bootloader BL3 specifically includes:
verifying the validity of the second certificate, and comparing and verifying the hash value of the second certificate with the AES encryption value in the boot loader BL3 through AES encryption;
Verifying the digital signature through RSA algorithm and the second certificate;
And calculating hash values of the equipment serial numbers and the MAC addresses, and comparing and checking the hash values with the encrypted values after AES decryption by the boot loader BL0 of the SOC.
5. The method for securely starting and authenticating a hierarchical encryption based device according to claim 2, wherein the generating of the encrypted firmware of the bootloader specifically includes signing three firmware of the bootloader BL1, the bootloader BL2 and the bootloader BL3 by using an RSA algorithm and a first private key, and adding header description information and a first certificate, respectively, to generate the corresponding encrypted firmware.
6. The method for securely starting and authenticating a hierarchical encryption-based device according to claim 5, wherein after the device is powered on, entering a boot loader of the SOC, sequentially pulling up the boot loader BL1, the boot loader BL2, and the boot loader BL3, specifically comprises:
After the equipment is powered on, entering a boot loader BL0 of the SOC;
reading and checking a boot loader BL1 based on an SOC chip strategy, and pulling up BL1 after checking;
reading and checking a boot loader BL2 based on an SOC chip strategy, and pulling up BL2 after the verification is passed;
And reading and checking the boot loader BL3 based on the SOC chip strategy, and pulling up BL3 after the verification is passed.
7. The method for securely starting and authenticating a hierarchical encryption based device according to claim 2, wherein the generating of the encrypted firmware of the kernel and the encrypted firmware of the file system comprises signing the firmware of the kernel and the firmware of the file system respectively by using an RSA algorithm and a third private key, and adding header description information and a third certificate respectively to generate the corresponding encrypted firmware.
8. The hierarchical encryption based device secure boot and authentication method according to claim 7, wherein verifying the validity of the kernel firmware by the bootloader BL3 specifically comprises:
Analyzing the head description information of the encrypted firmware of the kernel, checking a third certificate in the encrypted firmware of the kernel, comparing and verifying the encrypted value of the hash value of the third certificate by using the AES (advanced encryption standard) with the encrypted value of the third certificate in the equipment security information file, and verifying the digital signature of the encrypted firmware of the kernel by using an RSA algorithm and the third certificate.
9. The method for secure boot and authentication of a hierarchical encryption based device according to claim 7, wherein verifying the validity of the file system firmware by the bootloader BL3 comprises:
Analyzing the head description information of the encrypted firmware of the file system, checking a third certificate in the encrypted firmware of the file system, comparing and verifying the hash value of the third certificate with the encrypted value of the third certificate in the equipment security information file by using the AES encrypted value, and verifying the digital signature of the encrypted firmware of the file system by using an RSA algorithm and the third certificate.
10. The utility model provides a safe start-up of equipment and authentication device based on hierarchical encryption which characterized in that:
Comprising at least one processor and a memory connected by a data bus, the memory storing instructions for execution by the at least one processor, the instructions, when executed by the processor, for performing the hierarchical encryption based device security initiation and authentication method of any one of claims 1-9.
CN202210677685.8A 2022-06-16 2022-06-16 Equipment safety starting and authentication method and device based on hierarchical encryption Active CN115062292B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210677685.8A CN115062292B (en) 2022-06-16 2022-06-16 Equipment safety starting and authentication method and device based on hierarchical encryption

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210677685.8A CN115062292B (en) 2022-06-16 2022-06-16 Equipment safety starting and authentication method and device based on hierarchical encryption

Publications (2)

Publication Number Publication Date
CN115062292A CN115062292A (en) 2022-09-16
CN115062292B true CN115062292B (en) 2025-07-22

Family

ID=83200702

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210677685.8A Active CN115062292B (en) 2022-06-16 2022-06-16 Equipment safety starting and authentication method and device based on hierarchical encryption

Country Status (1)

Country Link
CN (1) CN115062292B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115643060B (en) * 2022-10-11 2025-09-23 武汉光迅科技股份有限公司 Method and device for executing firmware file
CN116506176A (en) * 2023-04-27 2023-07-28 江苏汤谷智能科技有限公司 Programmable network communication method and system
CN116611075A (en) * 2023-07-18 2023-08-18 深圳市楠菲微电子有限公司 Detection method, os detection firmware and system for preventing attack chip during XIP starting
CN117290839A (en) * 2023-09-11 2023-12-26 太仓市同维电子有限公司 Method, device, equipment and medium for Secure Boot loader

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104794393A (en) * 2015-04-24 2015-07-22 杭州字节信息技术有限公司 Embedded type partition image security certification and kernel trusted boot method and equipment thereof
KR20200020627A (en) * 2018-08-16 2020-02-26 경희대학교 산학협력단 SECURE BOOT METHOD OF IoT DEVICE USING AN INTEGRATED SECURITY SoC

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104156659B (en) * 2014-08-14 2017-02-01 电子科技大学 Embedded system secure start method
US10855462B2 (en) * 2016-06-14 2020-12-01 Honeywell International Inc. Secure in-band upgrade using key revocation lists and certificate-less asymmetric tertiary key pairs
CN112269609A (en) * 2020-11-20 2021-01-26 深圳市友华通信技术有限公司 Safe starting method and device of embedded linux equipment

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104794393A (en) * 2015-04-24 2015-07-22 杭州字节信息技术有限公司 Embedded type partition image security certification and kernel trusted boot method and equipment thereof
KR20200020627A (en) * 2018-08-16 2020-02-26 경희대학교 산학협력단 SECURE BOOT METHOD OF IoT DEVICE USING AN INTEGRATED SECURITY SoC

Also Published As

Publication number Publication date
CN115062292A (en) 2022-09-16

Similar Documents

Publication Publication Date Title
CN115062292B (en) Equipment safety starting and authentication method and device based on hierarchical encryption
US11876791B2 (en) Message authentication with secure code verification
US11601268B2 (en) Device attestation including attestation-key modification following boot event
US11184164B2 (en) Secure crypto system attributes
CN111723383B (en) Data storage and verification method and device
JP6371919B2 (en) Secure software authentication and verification
US9064129B2 (en) Managing data
CN108616504B (en) A sensor node identity authentication system and method based on the Internet of Things
US12289417B2 (en) Establishing provenance of applications in an offline environment
US10853472B2 (en) System, apparatus and method for independently recovering a credential
JP2014505943A (en) System and method for tamper resistant boot processing
CN111814132B (en) Security authentication method and device, security authentication chip, storage medium
CN110287654A (en) Media Client Device Authentication Using Hardware Root of Trust
US20080104402A1 (en) Countermeasure against fault-based attack on RSA signature verification
CN113259123B (en) Block chain data writing and accessing method and device
US20200396054A1 (en) Secure Memory Read
WO2023236720A1 (en) Device certification method and apparatus, device verification method and apparatus, and device and storage medium
WO2023134576A1 (en) Data encryption method, attribute authorization center, and storage medium
CN118157946A (en) Hybrid encryption and decryption method, device, equipment and medium for data integrity verification
CN116388992A (en) Remote authentication method and device for distributed TEE application
CN114049121A (en) Block chain based account resetting method and equipment
WO2020215572A1 (en) Authentication communication method and device, storage medium, and computer device
KR101492514B1 (en) Method, apparatus and system for employing a secure content protection system
US8499357B1 (en) Signing a library file to verify a callback function
CN114942729A (en) Data safety storage and reading method for computer system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载