[go: up one dir, main page]

CN111695111A - Secure startup method and device of firmware program - Google Patents

Secure startup method and device of firmware program Download PDF

Info

Publication number
CN111695111A
CN111695111A CN202010542637.9A CN202010542637A CN111695111A CN 111695111 A CN111695111 A CN 111695111A CN 202010542637 A CN202010542637 A CN 202010542637A CN 111695111 A CN111695111 A CN 111695111A
Authority
CN
China
Prior art keywords
program
firmware
firmware program
target
security chip
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010542637.9A
Other languages
Chinese (zh)
Inventor
陆卫军
崔山
马纳
陈银桃
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Supcon Technology Co Ltd
Original Assignee
Zhejiang Supcon Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Supcon Technology Co Ltd filed Critical Zhejiang Supcon Technology Co Ltd
Priority to CN202010542637.9A priority Critical patent/CN111695111A/en
Publication of CN111695111A publication Critical patent/CN111695111A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • G06F21/46Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6281Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database at program execution time, where the protection is within the operating system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Stored Programmes (AREA)

Abstract

本发明涉及信息安全技术领域,特别是涉及一种固件程序的安全启动方法及装置,该方法包括:启动预先设置的可信程序,并应用所述可信程序将分布式控制系统DCS中的固件程序发送至预先设置的安全芯片;启用所述安全芯片检验所述固件程序是否为合法程序;当所述固件程序为合法程序时,启动所述固件程序;当所述固件程序非合法程序时,禁止启动所述固件程序。应用该方法,可以通过安全芯片对分布式控制系统DCS中的固件程序进行合法性检验,以保证该固件程序为合法程序时进行启动,提高DCS的安全性。

Figure 202010542637

The present invention relates to the technical field of information security, and in particular to a method and device for safely starting a firmware program. The method includes: starting a preset trusted program, and applying the trusted program to update firmware in a distributed control system DCS Send the program to a preset security chip; enable the security chip to check whether the firmware program is a legal program; when the firmware program is a legal program, start the firmware program; when the firmware program is not a legal program, The firmware program is inhibited from starting. By applying the method, the legality of the firmware program in the distributed control system DCS can be checked by the security chip, so as to ensure that the firmware program is started when it is a legal program, thereby improving the security of the DCS.

Figure 202010542637

Description

固件程序的安全启动方法及装置Method and device for secure booting of firmware program

技术领域technical field

本发明涉及信息安全技术领域,特别是涉及一种固件程序的安全启动方法及装置。The present invention relates to the technical field of information security, in particular to a method and device for safely starting a firmware program.

背景技术Background technique

在分布式控制系统DCS中,由DCS控制器实现该DCS的各个数据传输过程。但通过DCS控制器进行数据传输时,通常以明文的形式进行传输,使得DCS控制器无法验证数据的真实性,因此,在数据传输的过程中,可能会存在非法用户将木马或病毒等非法数据传输到DCS中,对DCS最终的固件程序进行攻击或篡改,导致固件程序内部发生改变。当被篡改的固件程序启动时,非法用户通过该被篡改的固件程序控制DCS的各个系统功能,使得DCS的安全性降低。In the distributed control system DCS, each data transmission process of the DCS is implemented by the DCS controller. However, when data is transmitted through the DCS controller, it is usually transmitted in plaintext, so that the DCS controller cannot verify the authenticity of the data. Therefore, in the process of data transmission, there may be illegal users sending illegal data such as Trojans or viruses. It is transmitted to the DCS, and the final firmware program of the DCS is attacked or tampered with, resulting in internal changes in the firmware program. When the tampered firmware program is started, an illegal user controls various system functions of the DCS through the tampered firmware program, which reduces the security of the DCS.

发明内容SUMMARY OF THE INVENTION

有鉴于此,本发明提供一种固件程序的安全启动方法,通过该方法,应用安全芯片对分布式控制系统DCS中的固件程序进行合法性检验,以保证该固件程序为合法程序时进行启动,提高DCS的安全性。In view of this, the present invention provides a method for safely starting a firmware program. By this method, a security chip is used to verify the validity of the firmware program in the distributed control system DCS, so as to ensure that the firmware program is started when it is a legal program. Improve the security of DCS.

本发明还提供了一种固件程序的安全启动装置,用以保证上述方法在实际中的实现及应用。The present invention also provides a secure boot device for a firmware program to ensure the actual implementation and application of the above method.

一种固件程序的安全启动方法,包括:A secure boot method for a firmware program, comprising:

启动预先设置的可信程序,并应用所述可信程序将分布式控制系统DCS中的固件程序发送至预先设置的安全芯片;Start a preset trusted program, and apply the trusted program to send the firmware program in the distributed control system DCS to a preset security chip;

启用所述安全芯片检验所述固件程序是否为合法程序;enabling the security chip to check whether the firmware program is a legitimate program;

当所述固件程序为合法程序时,启动所述固件程序;When the firmware program is a legal program, start the firmware program;

当所述固件程序非合法程序时,禁止启动所述固件程序。When the firmware program is not a legal program, it is prohibited to start the firmware program.

上述的方法,可选的,所述启用所述安全芯片检验所述固件程序是否为合法程序,包括:In the above method, optionally, the enabling of the security chip to check whether the firmware program is a legitimate program includes:

获取所述固件程序中包含的二进制码,并对所述二进制码进行计算获得所述固件程序对应的校验值;Obtain the binary code contained in the firmware program, and calculate the binary code to obtain the check value corresponding to the firmware program;

获取所述安全芯片中预先存储的哈希值;obtaining the hash value pre-stored in the security chip;

将所述校验值与所述哈希值进行匹配,若所述校验值与所述哈希值匹配,则确定所述固件程序为合法程序。The check value and the hash value are matched, and if the check value matches the hash value, it is determined that the firmware program is a legitimate program.

上述的方法,可选的,所述对所述二进制码进行计算获得所述固件程序对应的校验值,包括:In the above method, optionally, the calculation of the binary code to obtain the check value corresponding to the firmware program includes:

获取所述安全芯片中预先设置的哈希算法;obtaining a hash algorithm preset in the security chip;

应用所述哈希算法对所述二进制码进行哈希运算,获得所述固件程序对应的校验值。Hash operation is performed on the binary code by applying the hash algorithm to obtain a check value corresponding to the firmware program.

上述的方法,可选的,还包括:The above method, optionally, further includes:

当接收到预先设置的上位机发送的固件更新消息时,获取所述固件更新消息中包含的认证密钥;When receiving the firmware update message sent by the preset host computer, obtain the authentication key contained in the firmware update message;

调用预先设置的升级程序与所述上位机进行安全通讯,获取所述上位机中与所述固件更新消息对应的固件信息;Invoke a preset upgrade program to communicate securely with the host computer, and obtain firmware information corresponding to the firmware update message in the host computer;

应用所述认证密钥对所述固件信息进行身份验证;using the authentication key to authenticate the firmware information;

当通过对所述固件信息的身份验证时,获取所述固件信息中包含的待更新的目标固件程序,并将所述目标固件程序更新至所述DCS。When the authentication of the firmware information is passed, the target firmware program to be updated contained in the firmware information is acquired, and the target firmware program is updated to the DCS.

上述的方法,可选的,将所述目标固件程序更新至所述DCS后,还包括:The above method, optionally, after updating the target firmware program to the DCS, further includes:

获取所述目标固件程序中包含的目标二进制码;Obtain the target binary code contained in the target firmware program;

调用预先设置的哈希算法对所述目标二进制码进行计算,获得所述目标固件程序对应的目标校验值;Calling a preset hash algorithm to calculate the target binary code to obtain a target check value corresponding to the target firmware program;

将所述目标校验值确定为新的哈希值存储至所述安全芯片中。The target check value is determined as a new hash value and stored in the security chip.

一种固件程序的安全启动装置,包括:A secure boot device of a firmware program, comprising:

发送单元,用于启动预先设置的可信程序,并应用所述可信程序将分布式控制系统DCS中的固件程序发送至预先设置的安全芯片;a sending unit, configured to start a preset trusted program, and use the trusted program to send the firmware program in the distributed control system DCS to a preset security chip;

检验单元,用于启用所述安全芯片检验所述固件程序是否为合法程序;a checking unit, configured to enable the security chip to check whether the firmware program is a legitimate program;

启动单元,用于当所述固件程序为合法程序时,启动所述固件程序;a startup unit, configured to start the firmware program when the firmware program is a legal program;

禁止单元,用于当所述固件程序非合法程序时,禁止启动所述固件程序。A prohibiting unit, configured to prohibit starting the firmware program when the firmware program is not a legal program.

上述的装置,可选的,所述检验单元,包括:The above-mentioned device, optionally, the inspection unit includes:

计算子单元,用于获取所述固件程序中包含的二进制码,并对所述二进制码进行计算获得所述固件程序对应的校验值;A calculation subunit, used for obtaining the binary code contained in the firmware program, and calculating the binary code to obtain a check value corresponding to the firmware program;

第一获取子单元,用于获取所述安全芯片中预先存储的哈希值;a first obtaining subunit, used to obtain a pre-stored hash value in the security chip;

匹配子单元,用于将所述校验值与所述哈希值进行匹配,若所述校验值与所述哈希值匹配,则确定所述固件程序为合法程序。A matching subunit, configured to match the check value with the hash value, and if the check value matches the hash value, determine that the firmware program is a legitimate program.

上述的装置,可选的,所述检验单元,包括:The above-mentioned device, optionally, the inspection unit includes:

第二获取子单元,用于获取所述安全芯片中预先设置的哈希算法;应用所述哈希算法对所述二进制码进行哈希运算,获得所述固件程序对应的校验值。The second obtaining subunit is used for obtaining a hash algorithm preset in the security chip; applying the hash algorithm to perform a hash operation on the binary code to obtain a check value corresponding to the firmware program.

上述的装置,可选的,还包括:The above-mentioned device, optionally, also includes:

第一获取单元,用于当接收到预先设置的上位机发送的固件更新消息时,获取所述固件更新消息中包含的认证密钥;a first obtaining unit, configured to obtain an authentication key included in the firmware update message when receiving a firmware update message sent by a preset host computer;

通讯单元,用于调用预先设置的升级程序与所述上位机进行安全通讯,获取所述上位机中与所述固件更新消息对应的固件信息;a communication unit, configured to call a preset upgrade program to communicate securely with the host computer, and obtain firmware information corresponding to the firmware update message in the host computer;

验证单元,用于应用所述认证密钥对所述固件信息进行身份验证;a verification unit, configured to perform identity verification on the firmware information by applying the authentication key;

更新单元,用于当通过对所述固件信息的身份验证时,获取所述固件信息中包含的待更新的目标固件程序,并将所述目标固件程序更新至所述DCS。An update unit, configured to acquire a target firmware program to be updated contained in the firmware information when the firmware information is authenticated, and update the target firmware program to the DCS.

上述的装置,可选的,还包括:The above-mentioned device, optionally, also includes:

第二获取单元,用于获取所述目标固件程序中包含的目标二进制码;The second obtaining unit is used to obtain the target binary code included in the target firmware program;

计算单元,用于调用预先设置的哈希算法对所述目标二进制码进行计算,获得所述目标固件程序对应的目标校验值;a calculation unit, configured to call a preset hash algorithm to calculate the target binary code to obtain a target check value corresponding to the target firmware program;

存储单元,用于将所述目标校验值确定为新的哈希值存储至所述安全芯片中。A storage unit, configured to determine the target check value as a new hash value and store it in the security chip.

一种存储介质,所述存储介质包括存储的指令,其中,在所述指令运行时控制所述存储介质所在的设备执行上述的固件程序的安全启动方法。A storage medium, wherein the storage medium includes stored instructions, wherein when the instructions are executed, a device on which the storage medium is located is controlled to execute the above-mentioned secure booting method of a firmware program.

一种电子设备,包括存储器,以及一个或者一个以上的指令,其中一个或者一个以上指令存储于存储器中,且经配置以由一个或者一个以上处理器执行上述的固件程序的安全启动方法。An electronic device includes a memory and one or more instructions, wherein the one or more instructions are stored in the memory and configured to execute the above-mentioned secure boot method of a firmware program by one or more processors.

与现有技术相比,本发明包括以下优点:Compared with the prior art, the present invention includes the following advantages:

本发明提供了一种固件程序的安全启动方法,包括:启动预先设置的可信程序,并应用所述可信程序将分布式控制系统DCS中的固件程序发送至预先设置的安全芯片;启用所述安全芯片检验所述固件程序是否为合法程序;当所述固件程序为合法程序时,启动所述固件程序;当所述固件程序非合法程序时,禁止启动所述固件程序。应用该方法,可以通过安全芯片对分布式控制系统DCS中的固件程序进行合法性检验,以保证该固件程序为合法程序时进行启动,提高DCS的安全性。The present invention provides a method for safely starting a firmware program, comprising: starting a preset trusted program, and applying the trusted program to send the firmware program in the distributed control system DCS to a preset security chip; enabling all the trusted programs The security chip checks whether the firmware program is a legal program; when the firmware program is a legal program, starts the firmware program; when the firmware program is not a legal program, prohibits starting the firmware program. By applying the method, the legality of the firmware program in the distributed control system DCS can be checked by the security chip, so as to ensure that the firmware program is started when it is a legal program, thereby improving the security of the DCS.

附图说明Description of drawings

为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据提供的附图获得其他的附图。In order to explain the embodiments of the present invention or the technical solutions in the prior art more clearly, the following briefly introduces the accompanying drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only It is an embodiment of the present invention. For those of ordinary skill in the art, other drawings can also be obtained according to the provided drawings without creative work.

图1为本发明实施例提供的一种固件程序的安全启动方法的方法流程图;1 is a method flowchart of a method for safely booting a firmware program according to an embodiment of the present invention;

图2为本发明实施例提供的一种固件程序的安全启动方法的又一方法流程图;2 is another method flow chart of a method for safely booting a firmware program according to an embodiment of the present invention;

图3为本发明实施例提供的一种固件程序的安全启动方法的又一方法流程图;3 is another method flow chart of a method for safely booting a firmware program according to an embodiment of the present invention;

图4为本发明实施例提供的一种固件程序的安全启动方法的又一方法流程图;4 is a flowchart of another method of a method for safely booting a firmware program according to an embodiment of the present invention;

图5为本发明实施例提供的一种固件程序的安全启动装置的装置结构图;5 is a device structure diagram of a secure boot device for a firmware program provided by an embodiment of the present invention;

图6为本发明实施例提供的一种电子设备的结构示意图。FIG. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.

具体实施方式Detailed ways

下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only a part of the embodiments of the present invention, but not all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.

在本申请中,诸如第一和第二等之类的关系术语仅仅用来将一个实体或者操作与另一个实体或操作区分开来,而不一定要求或者暗示这些实体或操作之间存在任何这种实际的关系或者顺序,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括所述要素的过程、方法、物品或者设备中还存在另外的相同要素。In this application, relational terms such as first and second, etc. are only used to distinguish one entity or operation from another entity or operation, and do not necessarily require or imply that any such relationship exists between these entities or operations. The terms "comprising", "comprising" or any other variation thereof are intended to cover a non-exclusive inclusion such that a process, method, article or device comprising a series of elements includes not only those elements, but also Include other elements not expressly listed, or which are inherent to such a process, method, article or apparatus. Without further limitation, an element qualified by the phrase "comprising a..." does not preclude the presence of additional identical elements in a process, method, article or apparatus that includes the element.

本发明可用于众多通用或专用的计算装置环境或配置中。例如:个人计算机、服务器计算机、手持设备或便携式设备、平板型设备、多处理器装置、包括以上任何装置或设备的分布式计算环境等等。The present invention may be used in numerous general purpose or special purpose computing device environments or configurations. For example: personal computers, server computers, handheld or portable devices, tablet-type devices, multi-processor devices, distributed computing environments including any of the above, and the like.

本发明实施例提供了一种固件程序的安全启动方法,该方法可以应用在多种系统平台,其执行主体可以为计算机终端或各种移动设备的处理器,所述方法的方法流程图如图1所示,具体包括:An embodiment of the present invention provides a method for securely booting a firmware program. The method can be applied to various system platforms, and the execution body of the method can be a computer terminal or a processor of various mobile devices. The method flowchart of the method is shown in the figure 1, including:

S101:启动预先设置的可信程序,并应用所述可信程序将分布式控制系统DCS中的固件程序发送至预先设置的安全芯片;S101: Start a preset trusted program, and apply the trusted program to send the firmware program in the distributed control system DCS to a preset security chip;

在本发明实施例中,分布式控制系统DCS中的固件程序在启动前,先启动该DCS中预先设置的可信程序,其中,该可信程序是通过可信计算技术进行编写获得的不可篡改的可信度量根程序,该可信程序固化于该DCS的控制器内部。可信程序可以将DCS中的固件程序发送至安全芯片,以通过该安全芯片对该固件程序进行安全检验。In the embodiment of the present invention, before the firmware program in the distributed control system DCS is started, a trusted program preset in the DCS is started first, wherein the trusted program is a non-tamperable program obtained by writing a trusted computing technology The trusted measurement root program is solidified in the controller of the DCS. The trusted program can send the firmware program in the DCS to the security chip, so that the security chip can perform security verification on the firmware program.

需要说明的是,本发明实施例中,该安全芯片可以是设置于该DCS的CPU内部的存储芯片,该安全芯片可以通过一定的加密算法或验证技术对固件程序进行安全性检验。It should be noted that, in this embodiment of the present invention, the security chip may be a memory chip disposed inside the CPU of the DCS, and the security chip may perform security verification on the firmware program through a certain encryption algorithm or verification technology.

S102:启用所述安全芯片检验所述固件程序是否为合法程序;S102: Enable the security chip to check whether the firmware program is a legitimate program;

在本发明实施例中,当应用该可信程序将该DCS中的固件程序发送到安全芯片后,启用该安全芯片,通过该安全芯片对该DCS中的固件程序进行检验,以确定该固件程序是否为合法程序。In the embodiment of the present invention, after applying the trusted program to send the firmware program in the DCS to the security chip, the security chip is enabled, and the firmware program in the DCS is checked by the security chip to determine the firmware program whether it is a legal process.

需要说明的是,该固件程序预先烧写在该DCS中,用于实现DCS数据传输的过程。由于DCS中的固件程序在没有进行升级更新时,每次启动的固件程序均为同一个程序,因此,DCS中的固件程序在每次启动之前,均需要应用可信程序及安全芯片检验该固件程序是否合法。It should be noted that the firmware program is pre-programmed in the DCS to implement the process of DCS data transmission. Since the firmware program in the DCS is not upgraded and updated, the firmware program is the same program every time it is started. Therefore, the firmware program in the DCS needs to be verified by the trusted program and the security chip before each startup. whether the program is legal.

S103:当所述固件程序为合法程序时,启动所述固件程序;S103: when the firmware program is a legal program, start the firmware program;

在本发明实施例中,当启用该安全芯片对该固件程序进行检验确定该固件程序为合法程序时,可以确定该固件程序在启动之前无非法用户对该固件程序进行攻击或篡改。因此,当该固件程序为合法程序时,可以对该固件程序进行安全启动。In this embodiment of the present invention, when the security chip is enabled to verify the firmware program and determine that the firmware program is a legitimate program, it can be determined that the firmware program has not been attacked or tampered with by an illegal user before the firmware program is started. Therefore, when the firmware program is a legal program, the firmware program can be safely booted.

S104:当所述固件程序非合法程序时,禁止启动所述固件程序。S104: When the firmware program is not a legal program, it is forbidden to start the firmware program.

在本发明实施例中,当该安全芯片对该固件程序进行检验确定该固件程序为非合法程序时,可以确定该固件程序在启动之前可能已经被非法用户进行攻击或篡改,当前的固件程序并非是原先烧写在该DCS中的固件程序。因此,当该固件程序为非合法程序时,需禁止该固件程序启动。In the embodiment of the present invention, when the security chip checks the firmware program and determines that the firmware program is an illegal program, it can be determined that the firmware program may have been attacked or tampered with by an illegal user before being started, and the current firmware program is not It is the firmware program originally programmed in the DCS. Therefore, when the firmware program is an illegal program, it is necessary to prohibit the startup of the firmware program.

本发明实施例提供的固件程序的安全启动方法中,在DCS中的固件程序启动之前,需要确定该固件程序是否已被非法用户进行攻击或篡改,并对该固件程序进行安全性检验。在DCS中写入不可篡改的可信程序,并将可信程序固化于的DCS的控制器内部,在启动固件程序之前,启动该可信程序,并应用该可信程序将该固件程序发送至预先设置的安全芯片中。启用该安全芯片对该固件程序进行检验,以确定该固件程序是否为合法程序。在确定该固件程序为合法程序时允许固件程序启动,反之,则禁止该固件程序启动。In the method for safely starting a firmware program provided by the embodiment of the present invention, before the firmware program in the DCS is started, it is necessary to determine whether the firmware program has been attacked or tampered with by an illegal user, and to perform a security check on the firmware program. Write a trusted program that cannot be tampered with in the DCS, and solidify the trusted program in the controller of the DCS. Before starting the firmware program, start the trusted program, and use the trusted program to send the firmware program to in the pre-set security chip. Enable the security chip to check the firmware program to determine whether the firmware program is a legitimate program. When it is determined that the firmware program is a legal program, the firmware program is allowed to start, otherwise, the firmware program is prohibited from being started.

本发明实施例提供的方法中,可选的,当该固件程序为非合法程序时,可以向预先设置的信息接收端反馈与非合法程序对应的提示消息。其中,该信息接收端可以是服务器、客户端等用于接收DCS反馈消息的设备。用户可以根据信息接收端的提示消息,更改固件程序,对DCS进行杀毒等操作。In the method provided by the embodiment of the present invention, optionally, when the firmware program is an illegal program, a prompt message corresponding to the illegal program may be fed back to a preset information receiving end. Wherein, the information receiving end may be a device such as a server, a client, and the like for receiving a DCS feedback message. Users can change the firmware program and perform anti-virus operations on the DCS according to the prompt message of the information receiving end.

应用本发明实施例提供的方法,在DCS中的固件程序启动之前,通过可信程序及安全芯片对该固件程序进行合法性检验,以保证该固件程序在启动时为合法程序,提高了DCS的安全性。By applying the method provided by the embodiment of the present invention, before the firmware program in the DCS is started, the validity of the firmware program is checked by the trusted program and the security chip, so as to ensure that the firmware program is a legal program when it is started, and the reliability of the DCS is improved. safety.

本发明实施例提供的方法中,基于上述步骤S102中的内容,在应用可信程序将该固件程序发送至安全芯片后,启用该安全芯片对该固件程序检验该固件程序是否为合法程序的过程如图2所示,具体可以包括:In the method provided by the embodiment of the present invention, based on the content in the above step S102, after the application trusted program sends the firmware program to the security chip, the security chip is enabled to verify the firmware program whether the firmware program is a legitimate program. As shown in Figure 2, it can specifically include:

S201:获取所述固件程序中包含的二进制码,并对所述二进制码进行计算获得所述固件程序对应的校验值;S201: Obtain the binary code contained in the firmware program, and calculate the binary code to obtain a check value corresponding to the firmware program;

在本发明实施例中,在DCS的固件程序中,设置该固件程序的二进制码,若固件程序被攻击或篡改,该二进制码将会发生改变。因此,当需要检验该固件程序的合法性时,获取该固件程序中的二进制码。对该二进制码进行计算,获得需要对该固件程序进行检验的校验值。其中,若固件程序中的二进制码发生改变,则其对应的校验值也将发生改变。In the embodiment of the present invention, the binary code of the firmware program is set in the firmware program of the DCS. If the firmware program is attacked or tampered with, the binary code will be changed. Therefore, when the legitimacy of the firmware program needs to be checked, the binary code in the firmware program is obtained. The binary code is calculated to obtain a check value that needs to be checked for the firmware program. Wherein, if the binary code in the firmware program changes, the corresponding check value will also change.

需要说明的是,本发明实施例中,该校验值实际可以是DCS中固件程序的二进制码的哈希值。It should be noted that, in this embodiment of the present invention, the check value may actually be a hash value of the binary code of the firmware program in the DCS.

S202:获取所述安全芯片中预先存储的哈希值;S202: Obtain a pre-stored hash value in the security chip;

在本发明实施例中,在安全芯片中存储着合法的固件程序对应的哈希值,该哈希值是合法的固件程序中包含的二进制码计算后获得的值。预先将该哈希值保存在安全芯片中,在需要检验固件程序是否为合法程序时,再获取该安全芯片中的哈希值进行检验。In the embodiment of the present invention, a hash value corresponding to a legal firmware program is stored in the security chip, and the hash value is a value obtained after the binary code included in the legal firmware program is calculated. The hash value is stored in the security chip in advance, and when it is necessary to verify whether the firmware program is a legitimate program, the hash value in the security chip is obtained for verification.

S203:将所述校验值与所述哈希值进行匹配,若所述校验值与所述哈希值匹配,则确定所述固件程序为合法程序。S203: Match the check value with the hash value, and if the check value matches the hash value, determine that the firmware program is a legitimate program.

在本发明实施例中,将该校验值与哈希值进行匹配。若该固件程序并未被非法用户进行攻击或篡改,该固件程序的二进制码将不会改变,获得的校验值也不会改变。若该校验值与哈希值一致,则可以确定该固件程序未遭受到攻击或篡改,该固件程序为合法程序。当该固件程序为合法程序时,则可以安全启动该固件程序。In this embodiment of the present invention, the check value is matched with the hash value. If the firmware program is not attacked or tampered with by an illegal user, the binary code of the firmware program will not be changed, and the obtained check value will not be changed. If the check value is consistent with the hash value, it can be determined that the firmware program has not been attacked or tampered with, and the firmware program is a legitimate program. When the firmware program is a legal program, the firmware program can be safely started.

本发明实施例提供的固件程序的安全启动方法中,为保证固件程序启动时DCS的安全性,通过安全芯片中预先存储的哈希值对该固件程序进行检验。通过获取该固件程序中包含的二进制码并对该二进制码进行计算,以获得对该固件程序进行安全性检验的校验值。获取该安全芯片中预先存储的哈希值,将该校验值与哈希值进行匹配,若匹配一致,则可以确定该固件程序为合法程序。可选的,若该校验值与该哈希值不匹配,即该校验值与该哈希值不一致,则确定该固件程序已经被篡改,为非合法程序。In the method for safely starting a firmware program provided by the embodiment of the present invention, in order to ensure the security of the DCS when the firmware program is started, the firmware program is checked by a hash value pre-stored in the security chip. By acquiring the binary code contained in the firmware program and calculating the binary code, a check value for performing security verification on the firmware program is obtained. The hash value pre-stored in the security chip is acquired, the check value is matched with the hash value, and if the matching is consistent, it can be determined that the firmware program is a legitimate program. Optionally, if the check value does not match the hash value, that is, the check value is inconsistent with the hash value, it is determined that the firmware program has been tampered with and is an illegal program.

基于上述实施例提供的方法中,在步骤S201中,获取该固件程序中的二进制码后,需对该二进制码进行计算,获得该固件程序对应的校验值,具体可以包括:In the method provided based on the above embodiment, in step S201, after obtaining the binary code in the firmware program, the binary code needs to be calculated to obtain the check value corresponding to the firmware program, which may specifically include:

获取所述安全芯片中预先设置的哈希算法;obtaining a hash algorithm preset in the security chip;

应用所述哈希算法对所述二进制码进行哈希运算,获得所述固件程序对应的校验值。Hash operation is performed on the binary code by applying the hash algorithm to obtain a check value corresponding to the firmware program.

本发明实施例提供的固件程序的安全启动方法中,在该安全芯片中设置有哈希算法,可以对该固件程序的二进制码进行哈希计算。在对固件程序的二进制码进行哈希运算时,该二进制码可以当做是一段二进制值,对该二进制值进行计算。若该二进制值中任意一个数值发生改变,则计算获得的校验值也将会改变。该校验值实际可以是该二进制值经由哈希算法进行哈希运算后得到的哈希值。因此,可以将该校验值与安全芯片中的哈希值进行匹配,以确定该校验值与哈希值是否一致,可以通过匹配校验值和哈希值,确定该固件程序是否被攻击或者被篡改。In the method for securely booting a firmware program provided by the embodiment of the present invention, a hash algorithm is set in the security chip, and a hash calculation can be performed on the binary code of the firmware program. When hashing the binary code of the firmware program, the binary code can be regarded as a segment of binary value, and the binary value is calculated. If any one of the binary values changes, the calculated check value will also change. The check value may actually be a hash value obtained by performing a hash operation on the binary value through a hash algorithm. Therefore, the check value can be matched with the hash value in the security chip to determine whether the check value is consistent with the hash value, and whether the firmware program is attacked can be determined by matching the check value and the hash value. or tampered with.

应用本发明实施例提供的方法,通过哈希算法计算该固件程序的二进制码,获得该固件程序的校验值,再获取该安全芯片中预先存储的合法的固件程序的哈希值,通过匹配校验值与哈希值确定该固件程序的合法性,以防非合法的固件程序在DCS中启动,保证了DCS的安全性。Using the method provided by the embodiment of the present invention, the binary code of the firmware program is calculated by a hash algorithm, the check value of the firmware program is obtained, and then the hash value of the legal firmware program pre-stored in the security chip is obtained. The check value and the hash value determine the legitimacy of the firmware program to prevent illegal firmware programs from being started in the DCS, which ensures the security of the DCS.

本发明实施例提供的方法中,固件程序是预先烧写在DCS中的程序,在固件程序未升级前,需要保证每次启动的固件程序是DCS中的合法程序。当需要升级该DCS中的固件程序时,需要执行与升级新的固件程序对应的更新过程,具体更新过程的流程图如图3所示,具体还可以包括:In the method provided by the embodiment of the present invention, the firmware program is a program pre-programmed in the DCS. Before the firmware program is upgraded, it is necessary to ensure that the firmware program that is started each time is a legal program in the DCS. When the firmware program in the DCS needs to be upgraded, an update process corresponding to the upgrade of the new firmware program needs to be performed. The flow chart of the specific update process is shown in Figure 3, which may further include:

S301:当接收到预先设置的上位机发送的固件更新消息时,获取所述固件更新消息中包含的认证密钥;S301: when receiving a firmware update message sent by a preset host computer, obtain an authentication key included in the firmware update message;

在本发明实施例中,当DCS中的固件程序需要升级时,上位机将会向DCS下发固件更新消息。当接收到上位机向DCS发送的固件更新消息时,获取该固件更新消息中包含的认证密钥。In the embodiment of the present invention, when the firmware program in the DCS needs to be upgraded, the host computer will deliver a firmware update message to the DCS. When receiving the firmware update message sent by the host computer to the DCS, obtain the authentication key included in the firmware update message.

需要说明的是,本发明实施例中的上位机可以是预先设置的为DCS下发固件更新消息的设备,用于配合DCS安全升级固件程序。It should be noted that, the host computer in the embodiment of the present invention may be a preset device that issues a firmware update message for the DCS, and is used to cooperate with the DCS to safely upgrade the firmware program.

S302:调用预先设置的升级程序与所述上位机进行安全通讯,获取所述上位机中与所述固件更新消息对应的固件信息;S302: Invoke a preset upgrade program to perform secure communication with the host computer, and obtain firmware information corresponding to the firmware update message in the host computer;

在本发明实施例中,DCS中设置了升级程序,用于与上位机进行安全通讯,配合上位机对固件程序进行升级。当通过升级程序与上位机进行安全通讯后,获取该固件更新消息对应的固件信息。In the embodiment of the present invention, an upgrade program is set in the DCS, which is used for safe communication with the upper computer, and upgrades the firmware program in cooperation with the upper computer. After secure communication with the host computer through the upgrade program, the firmware information corresponding to the firmware update message is obtained.

需要说明的是,为保证固件程序的升级过程的安全性,固件信息采用加密传输的方式进行传输。It should be noted that, in order to ensure the security of the firmware program upgrade process, the firmware information is transmitted in an encrypted transmission manner.

S303:应用所述认证密钥对所述固件信息进行身份验证;S303: Use the authentication key to perform identity verification on the firmware information;

在本发明实施例中,在获得固件信息后,应用该固件更新消息中包含的认证密钥对已加密的固件信息进行身份验证,以保证获得的固件信息合法性。In the embodiment of the present invention, after the firmware information is obtained, the authentication key included in the firmware update message is used to authenticate the encrypted firmware information, so as to ensure the legality of the obtained firmware information.

S304:当通过对所述固件信息的身份验证时,获取所述固件信息中包含的待更新的目标固件程序,并将所述目标固件程序更新至所述DCS。S304: When the authentication of the firmware information is passed, acquire the target firmware program to be updated contained in the firmware information, and update the target firmware program to the DCS.

在本发明实施例中,当通过该固件信息的身份验证时,表征该固件信息的来源是合法的,并从该固件信息中获取需要目标固件程序,将该目标固件程序更新到DCS中,完成对该DCS中固件程序的升级。In the embodiment of the present invention, when the identity verification of the firmware information is passed, the source representing the firmware information is legal, and the required target firmware program is obtained from the firmware information, and the target firmware program is updated to the DCS. An upgrade of the firmware program in the DCS.

本发明实施例提供的固件程序的安全启动方法中,当DCS中的固件程序需要进行升级时,通过上位机向DCS下发固件更新消息,上位机在固件更新消息中设置认证密钥。当接收到上位机向DCS发送固件更新消息后,获取该固件更新消息中包含的认证密钥,再通过升级程序与上位机进行安全通讯,以在安全通讯过程中获得与该固件更新消息对应的固件信息。其中,该固件信息是采用加密传输的方式,由上位机与升级程序在进行安全通讯后,获取该上位机中的固件信息。通过预先获取的认证密钥对该固件信息进行身份认证,进一步确定该固件信息的安全性,防止固件信息在传输过程中被攻击或篡改,保证对固件程序升级的来源的安全性。若通过身份认证,则可以获取该固件信息中包含的目标固件程序,并将该固件程序更新到DCS中,完成DCS中固件程序的升级。In the method for safely starting the firmware program provided by the embodiment of the present invention, when the firmware program in the DCS needs to be upgraded, a firmware update message is sent to the DCS through the host computer, and the host computer sets the authentication key in the firmware update message. After receiving the firmware update message sent by the host computer to the DCS, obtain the authentication key contained in the firmware update message, and then perform secure communication with the host computer through the upgrade program, so as to obtain the corresponding firmware update message during the secure communication process. Firmware information. The firmware information is encrypted and transmitted, and the firmware information in the host computer is acquired by the host computer and the upgrade program after secure communication. The firmware information is authenticated by the pre-acquired authentication key, the security of the firmware information is further determined, the firmware information is prevented from being attacked or tampered with during the transmission process, and the security of the source of firmware program upgrade is guaranteed. If the identity authentication is passed, the target firmware program contained in the firmware information can be obtained, and the firmware program can be updated to the DCS, so as to complete the upgrade of the firmware program in the DCS.

需要说明的是,当完成对固件程序的升级后,原先的固件程序可以进行删除处理,原先存储于该安全芯片的哈希值也可以进行删除。It should be noted that, after the firmware program is upgraded, the original firmware program can be deleted, and the hash value originally stored in the security chip can also be deleted.

应用本发明实施例提供的方法,固件程序需要更新时,需要通过升级程序与上位机进行安全通讯,并在获取固件信息后,应用认证密钥进行身份验证,以保证升级固件程序的过程中,固件程序来源的安全性,防止非法用户在固件程序升级的过程中篡改目标固件程序,进一步提高了DCS的安全性。By applying the method provided by the embodiment of the present invention, when the firmware program needs to be updated, it is necessary to carry out secure communication with the host computer through the upgrade program, and after obtaining the firmware information, the authentication key is used for identity verification, so as to ensure that during the process of upgrading the firmware program, The security of the firmware program source prevents illegal users from tampering with the target firmware program during the firmware program upgrade process, further improving the security of the DCS.

本发明实施例提供的方法中,基于上述实施例对固件程序进行升级的过程中,将目标固件程序更新到DCS后,也需要将该目标固件程序的哈希值保存至安全芯片中,以保证在后续启动该目标固件程序时,对该目标固件程序进行安全性检验。将新的哈希值存储至安全芯片的过程具体如图4所示,还可以包括:In the method provided by the embodiment of the present invention, in the process of upgrading the firmware program based on the above-mentioned embodiment, after the target firmware program is updated to the DCS, the hash value of the target firmware program also needs to be saved in the security chip to ensure that When the target firmware program is subsequently started, the security check is performed on the target firmware program. The specific process of storing the new hash value to the security chip is shown in Figure 4, and may also include:

S401:获取所述目标固件程序中包含的目标二进制码;S401: Obtain the target binary code contained in the target firmware program;

在本发明实施例中,在将目标固件程序更新至该DCS中后,需要将该安全芯片中的哈希值也进行更新。因此,需获取该目标固件程序中的目标二进制码。由于固件程序已更新,因此目标固件程序与原先的固件程序的二进制码不同。In the embodiment of the present invention, after the target firmware program is updated to the DCS, the hash value in the security chip needs to be updated as well. Therefore, it is necessary to obtain the target binary code in the target firmware program. Since the firmware program has been updated, the binary code of the target firmware program is different from the original firmware program.

S402:调用预先设置的哈希算法对所述目标二进制码进行计算,获得所述目标固件程序对应的目标校验值;S402: Invoke a preset hash algorithm to calculate the target binary code, and obtain a target check value corresponding to the target firmware program;

在本发明实施例中,当获取到目标固件程序的目标二进制码后,调用预先设置的哈希算法对该目标二进制码进行计算。其中,该哈希算法可以是在安全芯片中预先设置的哈希算法,也可以是DCS的安全芯片外另外设置的哈希算法。当该哈希算法为安全芯片内设置的哈希算法时,可以将该目标二进制码发送至安全芯片中,应用安全芯片中的哈希算法对该目标二进制码进行哈希运算。对该目标二进制码进行哈希运算后,获得该目标固件程序对应的目标校验值。In the embodiment of the present invention, after the target binary code of the target firmware program is obtained, a preset hash algorithm is invoked to calculate the target binary code. Wherein, the hash algorithm may be a hash algorithm preset in the security chip, or may be a hash algorithm additionally set outside the security chip of the DCS. When the hash algorithm is the hash algorithm set in the security chip, the target binary code can be sent to the security chip, and the target binary code can be hashed by applying the hash algorithm in the security chip. After hash operation is performed on the target binary code, a target check value corresponding to the target firmware program is obtained.

S403:将所述目标校验值确定为新的哈希值存储至所述安全芯片中。S403: Determine the target check value as a new hash value and store it in the security chip.

在本发明实施例中,将该目标校验值确定为该目标固件程序的新的哈希值,并将该新的哈希值存储至该安全芯片中。In this embodiment of the present invention, the target check value is determined as a new hash value of the target firmware program, and the new hash value is stored in the security chip.

可选的,本发明实施例提供的方法中,当将该新的哈希值存储至该安全芯片中后,该DCS需要启动该目标固件程序时,可执行如上述步骤S101~S104的具体实施过程,此处将不复赘述。Optionally, in the method provided by the embodiment of the present invention, after the new hash value is stored in the security chip, when the DCS needs to start the target firmware program, the specific implementation of the above steps S101 to S104 may be performed. The process will not be repeated here.

本发明实施例提供的固件程序的安全启动方法中,为保证DCS的安全性,在更新目标固件程序后,需要将该目标固件程序对应的新的哈希值存储至安全芯片中。通过获取该目标固件程序中的目标二进制码,并调用预先设置的哈希算法对该目标二进制码进行哈希运算获得目标校验值。将该目标校验值确定为新的哈希值保存在安全芯片中,保证在每次启动目标固件程序前,通过安全芯片中新的哈希值对该目标固件程序进行安全性检验。In the method for safely booting the firmware program provided by the embodiment of the present invention, in order to ensure the security of the DCS, after the target firmware program is updated, a new hash value corresponding to the target firmware program needs to be stored in the security chip. The target check value is obtained by acquiring the target binary code in the target firmware program and calling a preset hash algorithm to perform a hash operation on the target binary code. The target check value is determined as a new hash value and stored in the security chip, so as to ensure that the target firmware program is checked for security through the new hash value in the security chip before each time the target firmware program is started.

应用本发明实施例提供的方法,对目标固件程序更新后,重新存储新的哈希值,保证目标固件程序在每次启动时能够进行安全性检验,进一步保证DCS的安全性。By applying the method provided by the embodiment of the present invention, after updating the target firmware program, a new hash value is re-stored, so as to ensure that the target firmware program can be checked for security every time it is started, and further ensure the security of the DCS.

上述各个实施例的具体实施过程及其衍生方式,均在本发明的保护范围之内。The specific implementation process of each of the above-mentioned embodiments and the derivatives thereof are all within the protection scope of the present invention.

与图1所述的方法相对应,本发明实施例还提供了一种固件程序的安全启动装置,用于对图1中方法的具体实现,本发明实施例提供的固件程序的安全启动装置可以应用计算机终端或各种移动设备中,其结构示意图如图5所示,具体包括:Corresponding to the method described in FIG. 1 , an embodiment of the present invention also provides a secure boot device for a firmware program, which is used for the specific implementation of the method in FIG. 1 . The secure boot device for a firmware program provided by the embodiment of the present invention may be When applied to a computer terminal or various mobile devices, a schematic diagram of its structure is shown in Figure 5, which specifically includes:

发送单元501,用于启动预先设置的可信程序,并应用所述可信程序将分布式控制系统DCS中的固件程序发送至预先设置的安全芯片;A sending unit 501, configured to start a preset trusted program, and apply the trusted program to send the firmware program in the distributed control system DCS to a preset security chip;

检验单元502,用于启用所述安全芯片检验所述固件程序是否为合法程序;A checking unit 502, configured to enable the security chip to check whether the firmware program is a legitimate program;

启动单元503,用于当所述固件程序为合法程序时,启动所述固件程序;A startup unit 503, configured to start the firmware program when the firmware program is a legal program;

禁止单元504,用于当所述固件程序非合法程序时,禁止启动所述固件程序。The prohibiting unit 504 is configured to prohibit starting the firmware program when the firmware program is not a legal program.

本发明实施例提供的固件程序的安全启动方法中,在启动可信程序后,由发送单元应用可信程序将固件程序发送至安全芯片,并通过检验单元检验该固件程序是否为合法程序,若为合法程序则由启动单元启动该固件程序,若为非合法程序则由禁止单元禁止启动该固件程序,以保证DCS的安全。In the method for securely booting a firmware program provided by the embodiment of the present invention, after the trusted program is started, the sending unit applies the trusted program to send the firmware program to the security chip, and the checking unit checks whether the firmware program is a legal program. If it is a legal program, the startup unit starts the firmware program, and if it is an illegal program, the prohibition unit prohibits the firmware program from starting, so as to ensure the safety of the DCS.

本发明实施例提供的装置中,所述检验单元502,包括:In the apparatus provided by the embodiment of the present invention, the inspection unit 502 includes:

计算子单元,用于获取所述固件程序中包含的二进制码,并对所述二进制码进行计算获得所述固件程序对应的校验值;A calculation subunit, used for obtaining the binary code contained in the firmware program, and calculating the binary code to obtain a check value corresponding to the firmware program;

第一获取子单元,用于获取所述安全芯片中预先存储的哈希值;a first obtaining subunit, used to obtain a pre-stored hash value in the security chip;

匹配子单元,用于将所述校验值与所述哈希值进行匹配,若所述校验值与所述哈希值匹配,则确定所述固件程序为合法程序。A matching subunit, configured to match the check value with the hash value, and if the check value matches the hash value, determine that the firmware program is a legitimate program.

本发明实施例提供的装置中,所述检验单元502,包括:In the apparatus provided by the embodiment of the present invention, the inspection unit 502 includes:

第二获取子单元,用于获取所述安全芯片中预先设置的哈希算法;应用所述哈希算法对所述二进制码进行哈希运算,获得所述固件程序对应的校验值。The second obtaining subunit is used for obtaining a hash algorithm preset in the security chip; applying the hash algorithm to perform a hash operation on the binary code to obtain a check value corresponding to the firmware program.

本发明实施例提供的装置中,还包括:In the device provided by the embodiment of the present invention, it also includes:

第一获取单元,用于当接收到预先设置的上位机发送的固件更新消息时,获取所述固件更新消息中包含的认证密钥;a first obtaining unit, configured to obtain an authentication key included in the firmware update message when receiving a firmware update message sent by a preset host computer;

通讯单元,用于调用预先设置的升级程序与所述上位机进行安全通讯,获取所述上位机中与所述固件更新消息对应的固件信息;a communication unit, configured to call a preset upgrade program to communicate securely with the host computer, and obtain firmware information corresponding to the firmware update message in the host computer;

验证单元,用于应用所述认证密钥对所述固件信息进行身份验证;a verification unit, configured to perform identity verification on the firmware information by applying the authentication key;

更新单元,用于当通过对所述固件信息的身份验证时,获取所述固件信息中包含的待更新的目标固件程序,并将所述目标固件程序更新至所述DCS。An update unit, configured to acquire a target firmware program to be updated contained in the firmware information when the firmware information is authenticated, and update the target firmware program to the DCS.

本发明实施例提供的装置中,还包括:In the device provided by the embodiment of the present invention, it also includes:

第二获取单元,用于获取所述目标固件程序中包含的目标二进制码;The second obtaining unit is used to obtain the target binary code included in the target firmware program;

计算单元,用于调用预先设置的哈希算法对所述目标二进制码进行计算,获得所述目标固件程序对应的目标校验值;a calculation unit, configured to call a preset hash algorithm to calculate the target binary code to obtain a target check value corresponding to the target firmware program;

存储单元,用于将所述目标校验值确定为新的哈希值存储至所述安全芯片中。A storage unit, configured to determine the target check value as a new hash value and store it in the security chip.

以上本发明实施例公开的固件程序的安全启动装置中各个单元及子单元的具体工作过程,可参见本发明上述实施例公开的固件程序的安全启动方法中的对应内容,这里不再进行赘述。For the specific working process of each unit and sub-unit in the secure boot device of the firmware program disclosed in the above embodiments of the present invention, reference may be made to the corresponding content in the secure boot method of the firmware program disclosed by the above embodiments of the present invention, which will not be repeated here.

本发明实施例还提供了一种存储介质,所述存储介质包括存储的指令,其中,在所述指令运行时控制所述存储介质所在的设备执行上述固件程序的安全启动方法。An embodiment of the present invention further provides a storage medium, where the storage medium includes stored instructions, wherein when the instructions are executed, the device where the storage medium is located is controlled to execute the above-mentioned secure boot method of the firmware program.

本发明实施例还提供了一种电子设备,其结构示意图如图6所示,具体包括存储器601,以及一个或者一个以上的指令602,其中一个或者一个以上指令602存储于存储器601中,且经配置以由一个或者一个以上处理器603执行所述一个或者一个以上指令602进行以下操作:An embodiment of the present invention also provides an electronic device, the schematic structural diagram of which is shown in FIG. 6 , and specifically includes a memory 601 and one or more instructions 602 , wherein one or more instructions 602 are stored in the memory 601 and are processed through the memory 601 . The one or more instructions 602 are configured to be executed by one or more processors 603 to:

启动预先设置的可信程序,并应用所述可信程序将分布式控制系统DCS中的固件程序发送至预先设置的安全芯片;Start a preset trusted program, and apply the trusted program to send the firmware program in the distributed control system DCS to a preset security chip;

启用所述安全芯片检验所述固件程序是否为合法程序;enabling the security chip to check whether the firmware program is a legitimate program;

当所述固件程序为合法程序时,启动所述固件程序;When the firmware program is a legal program, start the firmware program;

当所述固件程序非合法程序时,禁止启动所述固件程序。When the firmware program is not a legal program, it is prohibited to start the firmware program.

本说明书中的各个实施例均采用递进的方式描述,各个实施例之间相同相似的部分互相参见即可,每个实施例重点说明的都是与其他实施例的不同之处。尤其,对于系统或系统实施例而言,由于其基本相似于方法实施例,所以描述得比较简单,相关之处参见方法实施例的部分说明即可。以上所描述的系统及系统实施例仅仅是示意性的,其中所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部模块来实现本实施例方案的目的。本领域普通技术人员在不付出创造性劳动的情况下,即可以理解并实施。Each embodiment in this specification is described in a progressive manner, and the same and similar parts between the various embodiments may be referred to each other, and each embodiment focuses on the differences from other embodiments. In particular, for the system or the system embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and reference may be made to the partial description of the method embodiment for related parts. The systems and system embodiments described above are only illustrative, wherein the units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, It can be located in one place, or it can be distributed over multiple network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution in this embodiment. Those of ordinary skill in the art can understand and implement it without creative effort.

专业人员还可以进一步意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、计算机软件或者二者的结合来实现。Professionals may further realize that the units and algorithm steps of each example described in conjunction with the embodiments disclosed herein can be implemented in electronic hardware, computer software, or a combination of the two.

为了清楚地说明硬件和软件的可互换性,在上述说明中已经按照功能一般性地描述了各示例的组成及步骤。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本发明的范围。In order to clearly illustrate the interchangeability of hardware and software, the components and steps of each example have been generally described in terms of functions in the foregoing description. Whether these functions are performed in hardware or software depends on the specific application and design constraints of the technical solution. Skilled artisans may implement the described functionality using different methods for each particular application, but such implementations should not be considered beyond the scope of the present invention.

对所公开的实施例的上述说明,使本领域专业技术人员能够实现或使用本发明。对这些实施例的多种修改对本领域的专业技术人员来说将是显而易见的,本文中所定义的一般原理可以在不脱离本发明的精神或范围的情况下,在其它实施例中实现。因此,本发明将不会被限制于本文所示的这些实施例,而是要符合与本文所公开的原理和新颖特点相一致的最宽的范围。The above description of the disclosed embodiments enables any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be implemented in other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein, but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (10)

1.一种固件程序的安全启动方法,其特征在于,包括:1. a safe booting method of firmware program, is characterized in that, comprises: 启动预先设置的可信程序,并应用所述可信程序将分布式控制系统DCS中的固件程序发送至预先设置的安全芯片;Start a preset trusted program, and apply the trusted program to send the firmware program in the distributed control system DCS to a preset security chip; 启用所述安全芯片检验所述固件程序是否为合法程序;enabling the security chip to check whether the firmware program is a legitimate program; 当所述固件程序为合法程序时,启动所述固件程序;When the firmware program is a legal program, start the firmware program; 当所述固件程序非合法程序时,禁止启动所述固件程序。When the firmware program is not a legal program, it is prohibited to start the firmware program. 2.根据权利要求1所述的方法,其特征在于,所述启用所述安全芯片检验所述固件程序是否为合法程序,包括:2. The method according to claim 1, wherein said enabling the security chip to check whether the firmware program is a legitimate program comprises: 获取所述固件程序中包含的二进制码,并对所述二进制码进行计算获得所述固件程序对应的校验值;Obtain the binary code contained in the firmware program, and calculate the binary code to obtain the check value corresponding to the firmware program; 获取所述安全芯片中预先存储的哈希值;obtaining the hash value pre-stored in the security chip; 将所述校验值与所述哈希值进行匹配,若所述校验值与所述哈希值匹配,则确定所述固件程序为合法程序。The check value and the hash value are matched, and if the check value matches the hash value, it is determined that the firmware program is a legitimate program. 3.根据权利要求2所述的方法,其特征在于,所述对所述二进制码进行计算获得所述固件程序对应的校验值,包括:3. The method according to claim 2, wherein the step of calculating the binary code to obtain a check value corresponding to the firmware program comprises: 获取所述安全芯片中预先设置的哈希算法;obtaining a hash algorithm preset in the security chip; 应用所述哈希算法对所述二进制码进行哈希运算,获得所述固件程序对应的校验值。Hash operation is performed on the binary code by applying the hash algorithm to obtain a check value corresponding to the firmware program. 4.根据权利要求1所述的方法,其特征在于,还包括:4. The method of claim 1, further comprising: 当接收到预先设置的上位机发送的固件更新消息时,获取所述固件更新消息中包含的认证密钥;When receiving the firmware update message sent by the preset host computer, obtain the authentication key contained in the firmware update message; 调用预先设置的升级程序与所述上位机进行安全通讯,获取所述上位机中与所述固件更新消息对应的固件信息;Invoke a preset upgrade program to communicate securely with the host computer, and obtain firmware information corresponding to the firmware update message in the host computer; 应用所述认证密钥对所述固件信息进行身份验证;using the authentication key to authenticate the firmware information; 当通过对所述固件信息的身份验证时,获取所述固件信息中包含的待更新的目标固件程序,并将所述目标固件程序更新至所述DCS。When the authentication of the firmware information is passed, the target firmware program to be updated contained in the firmware information is acquired, and the target firmware program is updated to the DCS. 5.根据权利要求4所述的方法,其特征在于,将所述目标固件程序更新至所述DCS后,还包括:5. The method according to claim 4, wherein after updating the target firmware program to the DCS, the method further comprises: 获取所述目标固件程序中包含的目标二进制码;Obtain the target binary code contained in the target firmware program; 调用预先设置的哈希算法对所述目标二进制码进行计算,获得所述目标固件程序对应的目标校验值;Calling a preset hash algorithm to calculate the target binary code to obtain a target check value corresponding to the target firmware program; 将所述目标校验值确定为新的哈希值存储至所述安全芯片中。The target check value is determined as a new hash value and stored in the security chip. 6.一种固件程序的安全启动装置,其特征在于,包括:6. A safety boot device of a firmware program, characterized in that, comprising: 发送单元,用于启动预先设置的可信程序,并应用所述可信程序将分布式控制系统DCS中的固件程序发送至预先设置的安全芯片;a sending unit, configured to start a preset trusted program, and use the trusted program to send the firmware program in the distributed control system DCS to a preset security chip; 检验单元,用于启用所述安全芯片检验所述固件程序是否为合法程序;a checking unit, configured to enable the security chip to check whether the firmware program is a legitimate program; 启动单元,用于当所述固件程序为合法程序时,启动所述固件程序;a startup unit, configured to start the firmware program when the firmware program is a legal program; 禁止单元,用于当所述固件程序非合法程序时,禁止启动所述固件程序。A prohibiting unit, configured to prohibit starting the firmware program when the firmware program is not a legal program. 7.根据权利要求6所述的装置,其特征在于,所述检验单元,包括:7. The device according to claim 6, wherein the inspection unit comprises: 计算子单元,用于获取所述固件程序中包含的二进制码,并对所述二进制码进行计算获得所述固件程序对应的校验值;A calculation subunit, used for obtaining the binary code contained in the firmware program, and calculating the binary code to obtain a check value corresponding to the firmware program; 第一获取子单元,用于获取所述安全芯片中预先存储的哈希值;a first obtaining subunit, used to obtain a pre-stored hash value in the security chip; 匹配子单元,用于将所述校验值与所述哈希值进行匹配,若所述校验值与所述哈希值匹配,则确定所述固件程序为合法程序。A matching subunit, configured to match the check value with the hash value, and if the check value matches the hash value, determine that the firmware program is a legitimate program. 8.根据权利要求6所述的装置,其特征在于,所述检验单元,包括:8. The device according to claim 6, wherein the inspection unit comprises: 第二获取子单元,用于获取所述安全芯片中预先设置的哈希算法;应用所述哈希算法对所述二进制码进行哈希运算,获得所述固件程序对应的校验值。The second obtaining subunit is used for obtaining a hash algorithm preset in the security chip; applying the hash algorithm to perform a hash operation on the binary code to obtain a check value corresponding to the firmware program. 9.根据权利要求6所述的装置,其特征在于,还包括:9. The apparatus of claim 6, further comprising: 第一获取单元,用于当接收到预先设置的上位机发送的固件更新消息时,获取所述固件更新消息中包含的认证密钥;a first obtaining unit, configured to obtain an authentication key included in the firmware update message when receiving a firmware update message sent by a preset host computer; 通讯单元,用于调用预先设置的升级程序与所述上位机进行安全通讯,获取所述上位机中与所述固件更新消息对应的固件信息;a communication unit, configured to call a preset upgrade program to communicate securely with the host computer, and obtain firmware information corresponding to the firmware update message in the host computer; 验证单元,用于应用所述认证密钥对所述固件信息进行身份验证;a verification unit, configured to perform identity verification on the firmware information by applying the authentication key; 更新单元,用于当通过对所述固件信息的身份验证时,获取所述固件信息中包含的待更新的目标固件程序,并将所述目标固件程序更新至所述DCS。An update unit, configured to acquire a target firmware program to be updated contained in the firmware information when the firmware information is authenticated, and update the target firmware program to the DCS. 10.根据权利要求9所述的装置,其特征在于,还包括:10. The apparatus of claim 9, further comprising: 第二获取单元,用于获取所述目标固件程序中包含的目标二进制码;The second obtaining unit is used to obtain the target binary code included in the target firmware program; 计算单元,用于调用预先设置的哈希算法对所述目标二进制码进行计算,获得所述目标固件程序对应的目标校验值;a calculation unit, configured to call a preset hash algorithm to calculate the target binary code to obtain a target check value corresponding to the target firmware program; 存储单元,用于将所述目标校验值确定为新的哈希值存储至所述安全芯片中。A storage unit, configured to determine the target check value as a new hash value and store it in the security chip.
CN202010542637.9A 2020-06-15 2020-06-15 Secure startup method and device of firmware program Pending CN111695111A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010542637.9A CN111695111A (en) 2020-06-15 2020-06-15 Secure startup method and device of firmware program

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010542637.9A CN111695111A (en) 2020-06-15 2020-06-15 Secure startup method and device of firmware program

Publications (1)

Publication Number Publication Date
CN111695111A true CN111695111A (en) 2020-09-22

Family

ID=72481044

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010542637.9A Pending CN111695111A (en) 2020-06-15 2020-06-15 Secure startup method and device of firmware program

Country Status (1)

Country Link
CN (1) CN111695111A (en)

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1553349A (en) * 2003-05-29 2004-12-08 联想(北京)有限公司 Safety chip and information safety processor and processing method
US20080222368A1 (en) * 2005-01-07 2008-09-11 Christian Gehrmann Updating Memory Contents of a Processing Device
CN103093141A (en) * 2013-01-17 2013-05-08 北京华大信安科技有限公司 Download method, guidance method and device of safe main control chip Coolcloud system (COS)
US20140250291A1 (en) * 2013-03-01 2014-09-04 Nicholas J. Adams Continuation of trust for platform boot firmware
CN107273150A (en) * 2017-05-10 2017-10-20 深圳市金百锐通信科技有限公司 Preload firmware and download wiring method and device
CN108229132A (en) * 2017-12-27 2018-06-29 北京和利时系统工程有限公司 A kind of safe starting method and device, terminal
KR20180092596A (en) * 2017-02-10 2018-08-20 경희대학교 산학협력단 METHOD AND SYSTEM FOR SECURE BOOTING OF IoT DEVICE PLATFORM USING EMBEDDED SECURE MODULE
CN109063489A (en) * 2018-08-28 2018-12-21 郑州云海信息技术有限公司 A kind of starting method and device
CN109144584A (en) * 2018-07-27 2019-01-04 浪潮(北京)电子信息产业有限公司 A kind of programmable logic device and its starting method, system and storage medium
CN109951284A (en) * 2017-12-20 2019-06-28 北京可信华泰信息技术有限公司 A kind of authenticating safe state method and terminal
CN110110526A (en) * 2019-05-08 2019-08-09 郑州信大捷安信息技术股份有限公司 A kind of safety starting device and method based on safety chip
CN111124453A (en) * 2019-12-25 2020-05-08 哈尔滨新中新电子股份有限公司 Method for upgrading firmware program of terminal equipment

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1553349A (en) * 2003-05-29 2004-12-08 联想(北京)有限公司 Safety chip and information safety processor and processing method
US20080222368A1 (en) * 2005-01-07 2008-09-11 Christian Gehrmann Updating Memory Contents of a Processing Device
CN103093141A (en) * 2013-01-17 2013-05-08 北京华大信安科技有限公司 Download method, guidance method and device of safe main control chip Coolcloud system (COS)
US20140250291A1 (en) * 2013-03-01 2014-09-04 Nicholas J. Adams Continuation of trust for platform boot firmware
KR20180092596A (en) * 2017-02-10 2018-08-20 경희대학교 산학협력단 METHOD AND SYSTEM FOR SECURE BOOTING OF IoT DEVICE PLATFORM USING EMBEDDED SECURE MODULE
CN107273150A (en) * 2017-05-10 2017-10-20 深圳市金百锐通信科技有限公司 Preload firmware and download wiring method and device
CN109951284A (en) * 2017-12-20 2019-06-28 北京可信华泰信息技术有限公司 A kind of authenticating safe state method and terminal
CN108229132A (en) * 2017-12-27 2018-06-29 北京和利时系统工程有限公司 A kind of safe starting method and device, terminal
CN109144584A (en) * 2018-07-27 2019-01-04 浪潮(北京)电子信息产业有限公司 A kind of programmable logic device and its starting method, system and storage medium
CN109063489A (en) * 2018-08-28 2018-12-21 郑州云海信息技术有限公司 A kind of starting method and device
CN110110526A (en) * 2019-05-08 2019-08-09 郑州信大捷安信息技术股份有限公司 A kind of safety starting device and method based on safety chip
CN111124453A (en) * 2019-12-25 2020-05-08 哈尔滨新中新电子股份有限公司 Method for upgrading firmware program of terminal equipment

Similar Documents

Publication Publication Date Title
US11258605B2 (en) Out-of-band remote authentication
CN106168899B (en) Method for updating embedded control equipment and updating gateway
US8789037B2 (en) Compatible trust in a computing device
CN108255505A (en) A kind of firmware update, device, equipment and computer readable storage medium
TW201516733A (en) System and method for verifying changes to UEFI authenticated variables
WO2006113167A2 (en) Secure boot
JP2005182789A (en) Method and system to ensure that software updates can be installed or run only on a specific device or class of devices
EP3966713A1 (en) Securing firmware installation on usb input device
CN112257086B (en) User privacy data protection method and electronic equipment
CN112148314B (en) Mirror image verification method, device and equipment of embedded system and storage medium
CN109992966B (en) Memory subsystem, secure client device, and authentication method thereof
WO2022160697A1 (en) Authorization authentication and software development kit generation methods and apparatuses, and electronic device
CN111177709A (en) A terminal trusted component execution method, device and computer equipment
CN107172100A (en) A kind of local security updates the method and device of BIOS mirror images
CN116776317A (en) System validity verification method and device and electronic equipment
EP3176723B1 (en) Computer system and operating method therefor
CN114143197B (en) OTA (over the air) upgrading method, device and equipment for Internet of things equipment and readable storage medium
CN109241728B (en) Method and device for acquiring password information, computer equipment and storage medium
WO2014183643A1 (en) Check method and check device for chip having secure startup function
CN115329321A (en) A firmware startup method, chip and computing device
CN117874784B (en) Vehicle encryption system and method
CN111695111A (en) Secure startup method and device of firmware program
CN112861137A (en) Secure firmware
US11271935B2 (en) Blind authenticator
CN119760737A (en) Kernel module verification system, method, electronic device and readable medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Country or region after: China

Address after: No. 309 Liuhe Road, Binjiang District, Hangzhou City, Zhejiang Province (High tech Zone)

Applicant after: Zhongkong Technology Co.,Ltd.

Address before: No. six, No. 309, Binjiang District Road, Hangzhou, Zhejiang

Applicant before: ZHEJIANG SUPCON TECHNOLOGY Co.,Ltd.

Country or region before: China

CB02 Change of applicant information
RJ01 Rejection of invention patent application after publication

Application publication date: 20200922

RJ01 Rejection of invention patent application after publication