[go: up one dir, main page]

CN116244754A - Computer target object verification method, device, storage medium and related devices - Google Patents

Computer target object verification method, device, storage medium and related devices Download PDF

Info

Publication number
CN116244754A
CN116244754A CN202211694160.1A CN202211694160A CN116244754A CN 116244754 A CN116244754 A CN 116244754A CN 202211694160 A CN202211694160 A CN 202211694160A CN 116244754 A CN116244754 A CN 116244754A
Authority
CN
China
Prior art keywords
computer
public key
processor
signature
target object
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211694160.1A
Other languages
Chinese (zh)
Inventor
陈善
应志伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hygon Information Technology Co Ltd
Original Assignee
Hygon Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hygon Information Technology Co Ltd filed Critical Hygon Information Technology Co Ltd
Priority to CN202211694160.1A priority Critical patent/CN116244754A/en
Publication of CN116244754A publication Critical patent/CN116244754A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the invention provides a method and a device for verifying a computer target object, a storage medium and a related device. The method for verifying the computer target object comprises the following steps: obtaining a public key signature, wherein the public key signature comprises a signature of a processor private key on a public key certificate, and the public key certificate at least comprises a computer public key; signing the public key signature by utilizing a processor public key which is fixedly arranged in the processor in advance; when the public key signature verification of the processor passes, the public key signature verification is performed on a target signature by using the computer public key, wherein the target signature is a signature of a target object by using a computer private key; and when the public key of the computer passes the signature verification of the target signature, the verification of the target object passes. Therefore, the verification method of the computer target object provided by the embodiment of the invention can be conveniently implemented by a computer while utilizing the trust root verification program or data set in the processor.

Description

计算机目标对象验证方法、装置、存储介质和相关装置Computer target object verification method, device, storage medium and related devices

技术领域technical field

本发明实施例涉及计算机技术领域,具体涉及一种计算机目标对象验证方法、装置、存储介质和相关装置。The embodiments of the present invention relate to the field of computer technology, and in particular to a computer target object verification method, device, storage medium and related devices.

背景技术Background technique

为了保证计算机安全,需要验证计算机中某些程序或数据是否被恶意篡改,为了实现快速验证,一种现有方式是利用处理器中设置的信任根对程序或数据进行验证。信任根是指信任的源头和基础,信任根不能也不需进行验证。In order to ensure computer security, it is necessary to verify whether certain programs or data in the computer have been maliciously tampered with. In order to realize fast verification, an existing method is to verify the program or data by using the root of trust set in the processor. The root of trust refers to the source and foundation of trust, and the root of trust cannot and does not need to be verified.

然而,现有的利用处理器中设置的信任根对程序或软件进行验证的方案不便于计算机实施。However, the existing solution for verifying a program or software using a root of trust set in a processor is not convenient for computer implementation.

可见,如何在利用处理器中设置的信任根验证程序或者数据的同时,方便计算机实施,成为本领域亟需解决的技术问题。It can be seen that how to use the root of trust set in the processor to verify the program or data and at the same time facilitate computer implementation has become a technical problem that needs to be solved urgently in this field.

发明内容Contents of the invention

有鉴于此,本发明实施例提供一种计算机目标对象验证方法、装置、存储介质和相关装置,以在利用处理器中设置的信任根验证固件等程序或者数据的同时,方便计算机实施。In view of this, the embodiments of the present invention provide a computer target object verification method, device, storage medium and related devices to facilitate computer implementation while using the root of trust set in the processor to verify programs or data such as firmware.

为实现上述目的,本发明实施例提供如下技术方案:In order to achieve the above purpose, embodiments of the present invention provide the following technical solutions:

第一方面,本发明实施例提供一种计算机目标对象验证方法,包括:In a first aspect, an embodiment of the present invention provides a method for verifying a computer target object, including:

获取公钥签名,所述公钥签名包括处理器私钥对公钥证书的签名,所述公钥证书至少包括计算机公钥;Obtain a public key signature, the public key signature includes the signature of the processor private key to the public key certificate, and the public key certificate includes at least the computer public key;

利用预先固设在所述处理器中的处理器公钥,对所述公钥签名进行验签;verifying the signature of the public key by using the processor public key pre-fixed in the processor;

当所述处理器公钥对所述公钥签名验签通过时,利用所述计算机公钥对目标签名进行验签,所述目标签名是计算机私钥对目标对象的签名;When the processor public key passes the verification of the public key signature, use the computer public key to verify the target signature, and the target signature is the signature of the computer private key on the target object;

当所述计算机公钥对所述目标签名验签通过时,所述目标对象的验证通过。When the computer public key passes the verification of the target signature, the verification of the target object passes.

可选的,所述目标对象包括计算机固件;若所述计算机固件的验证通过,启动对应所述计算机公钥的计算机系统。Optionally, the target object includes computer firmware; if the verification of the computer firmware passes, start the computer system corresponding to the computer public key.

可选的,所述利用所述计算机公钥对目标签名进行验签之前,还包括:Optionally, before using the computer public key to verify the target signature, it also includes:

判断与所述计算机公钥对应的计算机标识是否与预先固设在所述处理器中的处理器标识一致,所述处理器标识与所述计算机一一对应,计算机对应的处理器标识与所述计算机的计算机公钥对应的计算机标识相同;judging whether the computer identification corresponding to the computer public key is consistent with the processor identification pre-fixed in the processor, the processor identification corresponds to the computer one by one, and the processor identification corresponding to the computer corresponds to the processor identification The computer IDs corresponding to the computer public keys of the computers are the same;

当所述计算机标识与所述处理器标识不一致时,所述目标对象的验证未通过。When the computer identification is inconsistent with the processor identification, the verification of the target object fails.

可选的,所述公钥证书还包括所述计算机标识。Optionally, the public key certificate also includes the computer identifier.

可选的,所述利用所述计算机公钥对目标签名进行验签之前,还包括:Optionally, before using the computer public key to verify the target signature, it also includes:

判断与所述计算机公钥对应的计算机版本信息是否大于或等于预设在所述处理器中的公钥证书版本信息,所述计算机版本信息适于表示对应的计算机公钥的版本;judging whether the computer version information corresponding to the computer public key is greater than or equal to the public key certificate version information preset in the processor, and the computer version information is suitable for indicating the version of the corresponding computer public key;

当所述计算机版本信息小于所述公钥证书版本信息时,所述目标对象的验证未通过。When the computer version information is smaller than the public key certificate version information, the verification of the target object fails.

可选的,所述公钥证书还包括所述计算机版本信息。Optionally, the public key certificate also includes the computer version information.

可选的,所述处理器中配置有一次性可编程存储电路,所述一次性可编程存储电路用于预先设置所述处理器标识和/或所述公钥证书版本信息。Optionally, a one-time programmable storage circuit is configured in the processor, and the one-time programmable storage circuit is used to preset the processor identification and/or the public key certificate version information.

可选的,所述一次性可编程存储电路支持按位烧写,在读取所述一次性可编程存储电路时,仅读取烧写的数据。Optionally, the one-time programmable storage circuit supports bit-by-bit programming, and when the one-time programmable storage circuit is read, only the programmed data is read.

第二方面,本发明实施例还提供一种计算机目标对象验证装置,包括:In the second aspect, the embodiment of the present invention also provides a computer target object verification device, including:

公钥签名获取单元,适于获取公钥签名,所述公钥签名包括处理器私钥对公钥证书的签名,所述公钥证书至少包括计算机公钥;A public key signature acquisition unit, adapted to acquire a public key signature, the public key signature including the signature of the processor private key on the public key certificate, the public key certificate at least including the computer public key;

公钥签名验签单元,适于利用预先固设在所述处理器中的处理器公钥,对所述公钥签名进行验签;The public key signature verification unit is adapted to verify the public key signature by using the processor public key pre-fixed in the processor;

目标签名验签单元,适于当所述处理器公钥对所述公钥签名验签通过时,利用所述计算机公钥对目标签名进行验签,所述目标签名是计算机私钥对目标对象的签名;当所述计算机公钥对所述目标签名验签通过时,所述目标对象的验证通过。The target signature verification unit is adapted to use the computer public key to verify the target signature when the processor public key passes the verification of the public key signature, and the target signature is the computer private key to the target object signature; when the computer public key passes the verification of the target signature, the verification of the target object passes.

可选的,所述目标对象包括计算机固件;若所述计算机固件的验证通过,启动对应所述计算机公钥的计算机系统。Optionally, the target object includes computer firmware; if the verification of the computer firmware passes, start the computer system corresponding to the computer public key.

可选的,还包括:Optionally, also include:

标识判断单元,适于在所述目标签名验签单元利用所述计算机公钥对目标签名进行验签之前,判断与所述计算机公钥对应的计算机标识是否与预先固设在所述处理器中的处理器标识一致,所述处理器标识与所述计算机一一对应,计算机对应的处理器标识与所述计算机的计算机公钥对应的计算机标识相同;当所述计算机标识与所述处理器标识不一致时,所述目标对象的验证未通过。The identification judging unit is adapted to judge whether the computer identification corresponding to the computer public key is fixed in advance in the processor before the target signature verification unit uses the computer public key to verify the target signature. The processor identification of the computer is consistent, and the processor identification corresponds to the computer one by one, and the processor identification corresponding to the computer is the same as the computer identification corresponding to the computer public key of the computer; when the computer identification and the processor identification If not, the verification of the target object fails.

可选的,还包括:Optionally, also include:

版本信息判断单元,适于在所述目标签名验签单元利用所述计算机公钥对目标签名进行验签之前,判断与所述计算机公钥对应的计算机版本信息是否大于或等于预设在所述处理器中的公钥证书版本信息,所述计算机版本信息适于表示对应的计算机公钥的版本;当所述计算机版本信息小于所述公钥证书版本信息时,所述目标对象的验证未通过。The version information judging unit is adapted to judge whether the computer version information corresponding to the computer public key is greater than or equal to the computer version information preset in the computer public key before the target signature verification unit uses the computer public key to verify the target signature. Public key certificate version information in the processor, the computer version information is suitable for representing the version of the corresponding computer public key; when the computer version information is smaller than the public key certificate version information, the verification of the target object fails .

第三方面,本发明实施例还提供一种存储介质,所述存储介质存储有程序,以实现如第一方面所述的计算机目标对象验证方法。In a third aspect, an embodiment of the present invention further provides a storage medium, the storage medium stores a program to implement the method for verifying a computer target object as described in the first aspect.

第四方面,本发明实施例还提供一种处理器,包括处理器公钥硬件电路,所述处理器公钥硬件电路是硬编码所述处理器公钥为集成在所述处理器的硬件电路,适于执行第一方面所述的计算机目标对象的验证方法。In the fourth aspect, the embodiment of the present invention also provides a processor, including a processor public key hardware circuit, and the processor public key hardware circuit is hard-coded with the processor public key as a hardware circuit integrated in the processor , suitable for performing the method for verifying a computer target object described in the first aspect.

第五方面,本发明实施例还提供一种电子设备,包括存储器,主板和主板上的至少一个处理器,所述主板存储有所述目标对象,所述存储器存储有程序,所述处理器调用所述程序,以执行如第一方面所述的计算机目标对象验证方法对所述目标对象进行验证。In the fifth aspect, the embodiment of the present invention also provides an electronic device, including a memory, a main board and at least one processor on the main board, the main board stores the target object, the memory stores a program, and the processor calls The program is used to execute the computer target object verification method described in the first aspect to verify the target object.

本发明实施例所提供的计算机目标对象验证方法,包括获取公钥签名,所述公钥签名包括处理器私钥对公钥证书的签名,所述公钥证书至少包括计算机公钥;利用预先固设在所述处理器中的处理器公钥,对所述公钥签名进行验签;当所述处理器公钥对所述公钥签名验签通过时,利用所述计算机公钥对目标签名进行验签,所述目标签名是计算机私钥对目标对象的签名;当所述计算机公钥对所述目标签名验签通过时,所述目标对象的验证通过。The computer target object verification method provided by the embodiment of the present invention includes obtaining a public key signature, the public key signature includes the signature of the processor private key on the public key certificate, and the public key certificate includes at least the computer public key; The processor public key set in the processor is used to verify the public key signature; when the processor public key passes the verification of the public key signature, use the computer public key to sign the target Perform signature verification, the target signature is the signature of the computer private key on the target object; when the computer public key passes the verification of the target signature, the verification of the target object passes.

可以理解的是,在计算机设备的生产过程中,处理器生产者在处理器的生产过程中以处理器公钥为信任根,不可更改地设置在处理器中,从而使不同的计算机整机生产者在获取处理器后,无需在处理器中不可更改地写入信任根(例如,计算机公钥),仅需通过处理器私钥提供其签名的公钥签名即可利用信任根对目标对象进行验证,从而方便计算机目标对象验证方法的实施。It can be understood that in the production process of computer equipment, processor producers use the processor public key as the root of trust in the processor production process, and set it in the processor unchangeably, so that different computer machines can be produced After obtaining the processor, the operator does not need to write the root of trust (for example, the computer public key) in the processor immutably, but only needs to provide the public key signature of its signature through the private key of the processor, so that the target object can be authenticated by the root of trust. Verification, thereby facilitating the implementation of computer target object verification methods.

可见,本发明实施例所提供的计算机目标对象验证方法,以处理器公钥为信任根,在处理器的生产阶段由处理器生产者设置于处理器中,可以不需要计算机整机生产者在得到处理器后再通过特定的工具将信任根写入处理器中,即可使计算机整机生产者生产的计算机基于信任根对目标对象进行验证,从而在利用处理器中设置的信任根验证程序或数据的同时,方便计算机实施;同时,处理器私钥不存储于计算机中,因此处理器私钥没有在计算机运行过程中被恶意软件窃取的风险,更加安全,避免了计算机私钥被窃取或篡改后,即需要更换计算机公钥和计算机私钥,又面临固设在处理器中作为信任根的计算机公钥无法被替换的困境。It can be seen that the computer target object verification method provided by the embodiment of the present invention uses the processor public key as the root of trust, and is set in the processor by the processor producer during the production stage of the processor. After obtaining the processor, write the root of trust into the processor through a specific tool, so that the computer produced by the computer manufacturer can verify the target object based on the root of trust, so that the root of trust verification program set in the processor can be used At the same time, the private key of the processor is not stored in the computer, so the private key of the processor does not have the risk of being stolen by malicious software during the operation of the computer, which is more secure and prevents the private key of the computer from being stolen or After tampering, the computer public key and computer private key need to be replaced, and the computer public key fixed in the processor as the root of trust cannot be replaced.

附图说明Description of drawings

为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据提供的附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only It is an embodiment of the present invention, and those skilled in the art can also obtain other drawings according to the provided drawings without creative work.

图1为一种计算机目标对象验证方法的示意图;Fig. 1 is a schematic diagram of a computer target object verification method;

图2为本发明实施例所提供的计算机目标对象验证方法的实施示意图;2 is a schematic diagram of the implementation of the computer target object verification method provided by the embodiment of the present invention;

图3为本发明实施例所提供的计算机目标对象验证方法的一流程图;Fig. 3 is a flowchart of the computer target object verification method provided by the embodiment of the present invention;

图4为本发明实施例所提供的计算机目标对象验证方法的另一流程示意图;Fig. 4 is another schematic flowchart of the computer target object verification method provided by the embodiment of the present invention;

图5为本发明实施例所提供的计算机目标对象的验证方法的另一流程图;Fig. 5 is another flow chart of the verification method of the computer target object provided by the embodiment of the present invention;

图6为本发明实施例所提供的计算机目标对象验证装置的示意图。FIG. 6 is a schematic diagram of a computer target object verification device provided by an embodiment of the present invention.

具体实施方式Detailed ways

下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

为便于理解,首先提供一种计算机目标对象验证方法,请参考图1,图1为一种计算机目标对象验证方法的示意图。For ease of understanding, a method for verifying a computer target object is firstly provided, please refer to FIG. 1 , which is a schematic diagram of a method for verifying a computer target object.

如图所示,处理器中包括一次性可编程存储电路(One Time ProgrammableMemory;OTP),所述一次性可编程存储电路是可供一次性烧写,但烧写后便不可修改的永久存储空间。计算机首先烧写计算机公钥于处理器提供的一次性可编程存储电路中,之后利用计算机私钥对目标对象进行签名,从而可以利用处理器中的计算机公钥对目标对象的签名进行验签,当验签通过时,可以判断所述程序或数据未被篡改。这样,利用一次性可编程存储电路的不可更改性,可以保证处理器一次性可编程存储电路中的计算机公钥不会在计算机启动和运行阶段被恶意程序篡改,从而以所述处理器中计算机公钥为信任根。其中,所述目标对象为被信任根验证的计算机程序或数据;所述计算机是除处理器之外的整机。As shown in the figure, the processor includes a one-time programmable memory circuit (One Time Programmable Memory; OTP). The one-time programmable memory circuit is a permanent storage space that can be programmed once but cannot be modified after programming. . The computer first burns the computer public key into the one-time programmable storage circuit provided by the processor, and then uses the computer private key to sign the target object, so that the computer public key in the processor can be used to verify the signature of the target object. When the signature verification is passed, it can be judged that the program or data has not been tampered with. In this way, by utilizing the unchangeability of the one-time programmable storage circuit, it can be guaranteed that the computer public key in the one-time programmable storage circuit of the processor will not be tampered with by malicious programs during the startup and operation stages of the computer, so that the computer in the processor The public key is the root of trust. Wherein, the target object is a computer program or data verified by a root of trust; the computer is a complete machine except a processor.

可见,上述计算机目标对象的验证方法的实施需要处理器中提供未烧写状态的一次性可编程存储电路,计算机将计算机公钥作为信任根写入处理器的一次性可编程存储电路中,而烧写一次性可编程存储电路需要专门的烧写工具,且过程繁琐,因此上述计算机目标对象的验证方法实际上是不便于实施的。It can be seen that the implementation of the verification method for the above-mentioned computer target object requires a one-time programmable storage circuit in an unprogrammed state in the processor, and the computer writes the computer public key into the one-time programmable storage circuit of the processor as a root of trust, and Programming a one-time programmable memory circuit requires a special programming tool, and the process is cumbersome, so the above method for verifying a computer object is actually inconvenient to implement.

为了解决上述技术问题,本发明实施例提供一种计算机目标对象的验证方法,具体请参考图2和图3,图2为本发明实施例所提供的计算机目标对象验证方法的实施示意图;图3为本发明实施例所提供的计算机目标对象验证方法的一流程图。In order to solve the above-mentioned technical problems, an embodiment of the present invention provides a method for verifying a computer target object. For details, please refer to FIG. 2 and FIG. 3 . It is a flow chart of the computer target object verification method provided by the embodiment of the present invention.

如图3所示,本发明实施例所提供的计算机目标对象的验证方法,可以包括:As shown in Figure 3, the verification method of the computer target object provided by the embodiment of the present invention may include:

在步骤S11中,获取公钥签名,所述公钥签名包括处理器私钥对公钥证书的签名。In step S11, a public key signature is obtained, and the public key signature includes a signature of the processor private key on the public key certificate.

公钥签名包括处理器私钥对公钥证书的签名,所述公钥证书至少包括计算机公钥,计算机公钥是属于计算机的公钥,与同属于计算机的计算机私钥相对应。一台计算机只有一对计算机公钥和计算机私钥。所述计算机私钥可以存储于专门的签名服务器中,有被篡改或窃取的风险,一旦计算机私钥被篡改或窃取,计算机就要更新计算机私钥和计算机公钥。计算机公钥可以存储于计算机中,可以被发送至该计算机之外的设备。The public key signature includes the signature of the processor private key to the public key certificate, and the public key certificate includes at least the computer public key. The computer public key is a public key belonging to the computer and corresponds to a computer private key belonging to the computer. A computer has only one pair of computer public key and computer private key. The computer private key can be stored in a special signature server, and there is a risk of being tampered or stolen. Once the computer private key is tampered with or stolen, the computer will update the computer private key and the computer public key. A computer public key can be stored on a computer and sent to a device outside of the computer.

在一些实施例中,一对计算机公钥和计算机私钥只被一台计算机拥有,这样可以防止其他计算机中计算机私钥被窃取导致该台计算机的计算机私钥泄露,从而提高计算机私钥的安全性;在另一些实施例中,一对计算机公钥和计算机私钥可以被多台计算机共享,具体的,可以是同一型号的计算机或同一计算机整机生产者生产的计算机共享一对计算机公钥和计算机私钥,这样,可以设置较少的计算机私钥和计算机公钥管理大量的计算机,从而降低计算机私钥和计算机公钥的设置和管理成本。In some embodiments, a pair of computer public key and computer private key is only owned by one computer, which can prevent the computer private key of other computers from being stolen and cause the computer private key of this computer to be leaked, thereby improving the security of the computer private key In other embodiments, a pair of computer public keys and computer private keys can be shared by multiple computers, specifically, computers of the same model or computers produced by the same computer manufacturer can share a pair of computer public keys In this way, fewer computer private keys and computer public keys can be set to manage a large number of computers, thereby reducing the cost of setting and managing computer private keys and computer public keys.

处理器私钥是属于处理器的私钥,一个处理器只有一个处理器私钥和与该处理器私钥对应的一个处理器公钥。所述处理器私钥不存储于处理器中,一旦处理器私钥被篡改或窃取,计算机就要更新计算机私钥和计算机公钥。处理器公钥可以存储于处理器中,不可以被发送至该处理器之外的设备,或计算机中除该处理器之外的部分。The processor private key is a private key belonging to the processor, and a processor has only one processor private key and one processor public key corresponding to the processor private key. The processor private key is not stored in the processor. Once the processor private key is tampered with or stolen, the computer will update the computer private key and the computer public key. The processor public key can be stored in the processor, and cannot be sent to devices other than the processor, or parts of the computer other than the processor.

在一些实施例中,所述处理器私钥可以被生产该处理器私钥的处理器生产者唯一掌控和保存。In some embodiments, the processor private key may be uniquely controlled and kept by the processor producer that produces the processor private key.

值得注意的是,计算机是包括所述处理器的可以实现数据处理的计算机整机,但由于本发明实施例中计算机私钥不能被处理器获取,而处理器公钥不能存储于计算机除处理器之外部分中,因此为了便于理解,可以认为本发明实施例中所述的计算机是不包括处理器的计算机整机。It is worth noting that the computer is a complete computer that includes the processor and can implement data processing. However, in the embodiment of the present invention, the computer private key cannot be obtained by the processor, and the processor public key cannot be stored in the computer except the processor. In the other parts, therefore, for the sake of easy understanding, it can be considered that the computer described in the embodiment of the present invention is a complete computer without a processor.

在一些实施例中,一对处理器公钥和处理器私钥只被一个处理器拥有,这样可以防止其他处理器中处理器私钥被窃取导致该处理器的处理器私钥泄露,从而提高处理器私钥的安全性;在另一些实施例中,一对处理器公钥和处理器私钥可以被多个处理器共享,具体的,可以是同一型号的处理器或同一处理器生产者生产的处理器共享一对处理器公钥和处理器私钥,这样,可以设置较少的处理器私钥和处理器公钥管理大量的处理器,从而降低处理器私钥和处理器公钥的设置和管理成本。In some embodiments, a pair of processor public key and processor private key is only owned by one processor, which can prevent the processor private key of other processors from being stolen and cause the processor private key of this processor to leak, thereby improving The security of the processor private key; in some other embodiments, a pair of processor public key and processor private key can be shared by multiple processors, specifically, it can be the processor of the same model or the same processor producer The processors produced share a pair of processor public key and processor private key, so that fewer processor private keys and processor public keys can be set to manage a large number of processors, thereby reducing the number of processor private keys and processor public keys. setup and management costs.

公钥签名包括处理器私钥对包括计算机公钥的公钥证书的签名,由于处理器私钥被处理器生产者掌控,不存储于处理器或计算机中,因此处理器生产者需要预先获取该包括计算机公钥的公钥证书,从而可以利用处理器私钥对该包括计算机公钥的公钥证书进行签名,并在签名后将该公钥证书返还发送所述公钥证书的计算机。The public key signature includes the signature of the processor private key to the public key certificate including the computer public key. Since the processor private key is controlled by the processor producer and is not stored in the processor or the computer, the processor producer needs to obtain this key in advance. A public key certificate including the computer public key, so that the processor private key can be used to sign the public key certificate including the computer public key, and return the public key certificate to the computer that sent the public key certificate after signing.

处理器私钥对用户公钥进行签名,在一些实施方式中,可以是利用处理器私钥对该公钥证书进行加密运算,得到加密数据,该加密数据即为所述公钥签名;在另一些实施方式中,可以是首先利用哈希算法计算得到公钥证书的摘要,再利用处理器私钥对该公钥证书的摘要进行加密运算,得到加密数据,该加密数据即为所述公钥签名。The private key of the processor signs the public key of the user. In some embodiments, the private key of the processor can be used to encrypt the public key certificate to obtain encrypted data, and the encrypted data is the signature of the public key; in another In some implementations, the abstract of the public key certificate may be calculated first by using the hash algorithm, and then the private key of the processor is used to encrypt the abstract of the public key certificate to obtain encrypted data, and the encrypted data is the public key sign.

所述公钥签名存储于计算机中,具体的,可以存储于计算机主板的闪存(flash)芯片中。The public key signature is stored in the computer, specifically, it may be stored in a flash memory (flash) chip of the computer motherboard.

在步骤S12中,利用预先固设在所述处理器中的处理器公钥,对所述公钥签名进行验签。In step S12, the signature of the public key is verified by using the public key of the processor fixed in advance in the processor.

由于公钥签名是使用处理器私钥进行的签名,所以需要使用与该处理器私钥对应的处理器公钥对公钥签名进行验签,由于处理器公钥被预先固设在处理器中,难以被恶意软件等攻击者篡改,因此认为处理器公钥是本发明实施例所提供的目标对象验证方法的信任根。信任根是指信任的源头和基础,信任根不能也不需进行验证。Since the public key signature is signed using the processor's private key, it is necessary to use the processor's public key corresponding to the processor's private key to verify the public key signature, since the processor's public key is pre-installed in the processor , it is difficult to be tampered by attackers such as malicious software, so the public key of the processor is considered to be the root of trust of the target object verification method provided by the embodiment of the present invention. The root of trust refers to the source and foundation of trust, and the root of trust cannot and does not need to be verified.

所述验签,可以是利用处理器中的处理器公钥对公钥签名解密,得到解密数据,在一些实施例中,所述解密数据可以为公钥证书,当该解密数据与该公钥签名对应的公钥证书相同时,验签通过;在另一些实施方式中,所述解密数据可以为用哈希算法计算得到用户公钥的摘要,则计算机可以进一步通过相同的哈希算法计算该公钥签名对应的公钥证书得到一摘要,当该摘要与解密数据相同时,则验签通过。The signature verification may be to use the processor public key in the processor to decrypt the public key signature to obtain decrypted data. In some embodiments, the decrypted data may be a public key certificate. When the decrypted data and the public key When the public key certificates corresponding to the signatures are the same, the signature verification is passed; in other implementations, the decrypted data can be a summary of the user’s public key calculated using a hash algorithm, and the computer can further calculate the hash algorithm through the same hash algorithm. The public key certificate corresponding to the public key signature gets a digest, and when the digest is the same as the decrypted data, the signature verification is passed.

包括计算机公钥的公钥证书存储于计算机中,且位于处理器外部,在一些实施例,可以是与公钥签名一同存储于闪存芯片中。这样,公钥证书和公钥签名可以在处理器的启动阶段被自动从闪存芯片中读取。The public key certificate including the computer's public key is stored in the computer and is located outside the processor, and in some embodiments, may be stored in a flash memory chip together with the public key signature. In this way, the public key certificate and public key signature can be automatically read from the flash memory chip during the startup phase of the processor.

值得注意的是,由于作为信任根预先固设在处理器中的是处理器公钥,而处理器生产者拥有该处理器公钥,因此,处理器生产者可以在生产该处理器时即将该处理器公钥固设在处理器中。在一些实施例中,可以是在处理器中设置一次性可编程存储电路,并由处理器生产者在该一次性可编程电路中写入处理器公钥,这样,可以不在处理器中提供供计算机写入的一次性可编程电路,而是在处理器的生产阶段由处理器生产者设置于处理器中,从而可以不需要计算机整机生产者在得到处理器后再通过特定的工具将信任根写入处理器中。It is worth noting that since the processor public key is pre-fixed in the processor as the root of trust, and the processor producer owns the processor public key, the processor producer can immediately The processor public key is fixed in the processor. In some embodiments, a one-time programmable storage circuit may be set in the processor, and the processor public key may be written in the one-time programmable circuit by the processor producer. The one-time programmable circuit written by the computer is set in the processor by the processor producer during the production stage of the processor, so that it is not necessary for the computer machine producer to use specific tools to trust the processor after obtaining the processor. Root writes to the processor.

在另一些实施例中,可以是直接硬编码所述处理器公钥为集成在所述处理器的硬件电路,这样,可以不在处理器中为信任根设置一次性可编程电路,由于固设相同大小的处理器公钥可以占用更小的处理器面积,因此可以节省处理器空间;同时,也可以节省一次性可编程电路的资源,将本提供给信任根的一次性可编程电路提供给其他数据。In some other embodiments, the public key of the processor may be directly hard-coded as a hardware circuit integrated in the processor. In this way, a one-time programmable circuit for the root of trust may not be set in the processor, because the same fixed The smaller processor public key can occupy a smaller processor area, so it can save processor space; at the same time, it can also save the resources of the one-time programmable circuit, and provide the one-time programmable circuit originally provided to the root of trust to other data.

在步骤S13中,当所述处理器公钥对所述公钥签名验签通过时,利用所述计算机公钥对目标签名进行验签,所述目标签名是计算机私钥对目标对象的签名;当验签通过时,执行步骤S14,当验签未通过时,执行步骤S15。In step S13, when the processor public key passes the verification of the public key signature, use the computer public key to verify the target signature, and the target signature is the signature of the computer private key on the target object; When the signature verification is passed, step S14 is executed, and when the signature verification is not passed, step S15 is executed.

所述目标对象是作为被验证目标的程序或数据,在一些实施例中,所述目标对象可以是固件。固件是承担一个系统最基础最底层工作的程序(软件),例如计算机的操作系统。固件的重要性使得如果固件被篡改会导致严重的计算机安全问题,例如核心数据泄密或计算机直接无法运行,因此可以在固件启动前对固件进行验证,从而判断固件是否被篡改。当所述计算机固件验证通过时,启动对应所述计算机公钥的计算机系统。The target object is a program or data that is a target to be verified. In some embodiments, the target object may be firmware. Firmware is a program (software) that undertakes the most basic and lowest-level work of a system, such as the operating system of a computer. The importance of firmware is such that if the firmware is tampered with, it will cause serious computer security problems, such as core data leaks or the computer cannot run directly, so the firmware can be verified before the firmware is started, so as to determine whether the firmware has been tampered with. When the computer firmware is verified and passed, start the computer system corresponding to the computer public key.

当所述处理器公钥对所述公钥签名验签通过时,可以认为被处理器私钥签名的计算机公钥是没有被篡改,是安全的。从而可以使用该计算机公钥对目标签名进行验签,当目标签名验签通过时,可以进一步认为目标对象没有被篡改;相反,当目标签名验签未通过时,可以认为目标对象已经被篡改。When the public key of the processor passes the signature verification of the public key, it can be considered that the public key of the computer signed by the private key of the processor has not been tampered with and is safe. Therefore, the computer public key can be used to verify the target signature. When the target signature verification is passed, it can be further considered that the target object has not been tampered with; on the contrary, when the target signature verification fails, it can be considered that the target object has been tampered with.

在步骤S14中,通过所述目标对象的验证。In step S14, pass the verification of the target object.

当目标签名验签通过时,认为目标对象没有被篡改,因此通过对目标对象的验证,可以执行后续其他步骤。例如,当目标对象为固件时,在启动所述固件之前进行目标对象的验证,并验证通过后,可以启动所述固件,从而可以使计算机执行指令处理数据,完成各项计算机任务。When the verification of the target signature is successful, it is considered that the target object has not been tampered with, so through the verification of the target object, other subsequent steps can be performed. For example, when the target object is firmware, the target object is verified before starting the firmware, and after the verification is passed, the firmware can be started, so that the computer can execute instructions to process data and complete various computer tasks.

在步骤S15中,所述目标对象的验证未通过。In step S15, the verification of the target object fails.

当对目标对象的验签未通过时,可以判断目标对象已经被篡改,因此可以执行补救措施,在一些实施例中,可以是发送终止信号至处理器,使得处理器终止对所述目标对象的读取或启动。When the signature verification of the target object fails, it can be judged that the target object has been tampered with, so remedial measures can be performed. In some embodiments, a termination signal can be sent to the processor so that the processor terminates the verification of the target object. read or start.

可见,本发明实施例所提供的计算机目标对象验证方法,以处理器公钥为信任根,在处理器的生产阶段由处理器生产者设置于处理器中,可以不需要计算机整机生产者在得到处理器后再通过特定的工具将信任根写入处理器中,即可使计算机整机生产者生产的计算机基于信任根对目标对象进行验证,从而在利用处理器中设置的信任根验证程序或数据的同时,方便计算机实施;同时,由于计算机私钥被存储于计算机中,而处理器私钥不存储于计算机中,因此处理器私钥没有在计算机运行过程中被恶意软件窃取的风险,更加安全,避免了计算机私钥被窃取或篡改后,即需要更换计算机公钥和计算机私钥,又面临固设在处理器中作为信任根的计算机公钥无法被替换的困境。It can be seen that the computer target object verification method provided by the embodiment of the present invention uses the processor public key as the root of trust, and is set in the processor by the processor producer during the production stage of the processor. After obtaining the processor, write the root of trust into the processor through a specific tool, so that the computer produced by the computer manufacturer can verify the target object based on the root of trust, so that the root of trust verification program set in the processor can be used At the same time, it is convenient for computer implementation; at the same time, since the private key of the computer is stored in the computer, but the private key of the processor is not stored in the computer, there is no risk of the private key of the processor being stolen by malicious software during the operation of the computer. It is more secure and avoids the need to replace the computer public key and computer private key after the computer private key is stolen or tampered with, and faces the dilemma that the computer public key fixed in the processor as the root of trust cannot be replaced.

值得注意的是,当处理器公钥和处理器私钥是属于多个处理器时,该多个处理器可能被设置于多台计算机中,而每台计算机中的计算机公钥和计算机私钥可能不相同,因此可能存在其中一台计算机用自己的公钥签名篡改其他计算机中的公钥签名的风险,由于二者是被相同的处理器私钥签名,因此可能同样被处理器公钥验签通过,从而计算机利用错误的计算机公钥进行验签,从而可能误判认为目标对象已经被篡改,或者使错误的目标对象通过验证。It is worth noting that when the processor public key and processor private key belong to multiple processors, the multiple processors may be set in multiple computers, and the computer public key and computer private key in each computer may not be the same, so there may be a risk that one of the computers signs with its own public key to tamper with the public key signatures of other computers. Since the two are signed by the same processor private key, they may also be verified by the processor public key. If the signature is passed, the computer uses the wrong computer public key to verify the signature, which may misjudge that the target object has been tampered with, or make the wrong target object pass the verification.

为了避免上述情况的发生,在一具体实施方式中,请参考图4,图4为本发明实施例所提供的计算机目标对象验证方法的另一流程示意图。In order to avoid the occurrence of the above situation, in a specific implementation manner, please refer to FIG. 4 , which is another schematic flowchart of a method for verifying a computer target object provided by an embodiment of the present invention.

如图所示,在步骤S21中,获取公钥签名,所述公钥签名包括处理器私钥对公钥证书的签名。As shown in the figure, in step S21, a public key signature is obtained, and the public key signature includes the signature of the processor private key on the public key certificate.

步骤S21的相关内容参考上述步骤S11的相关描述。For the relevant content of step S21, refer to the relevant description of the above-mentioned step S11.

在步骤S22中,判断与所述计算机公钥对应的计算机标识是否与预先固设在所述处理器中的处理器标识一致;当一致时,执行步骤S23,当不一致时,执行步骤S26。In step S22, it is judged whether the computer identification corresponding to the computer public key is consistent with the processor identification pre-fixed in the processor; if they are consistent, step S23 is performed; when they are not consistent, step S26 is performed.

所述计算机公钥是步骤S21中公钥签名所对应的计算机公钥。The computer public key is the computer public key corresponding to the public key signature in step S21.

所述处理器标识与所述计算机一一对应,计算机对应的处理器标识与所述计算机的计算机公钥对应的计算机标识相同,当计算机公钥对应的计算机标识与处理器标识相同时,可以判断该计算机公钥是当计算机的计算机公钥,而非被用相同处理器私钥加密的其他计算机的计算机公钥;当计算机公钥对应的计算机标识与处理器标识不相同时,可以判断该计算机公钥并非计算机的计算机公钥,而是被用相同处理器私钥加密的其他计算机的计算机公钥。The processor ID corresponds to the computer one by one, and the processor ID corresponding to the computer is the same as the computer ID corresponding to the computer public key of the computer. When the computer ID corresponding to the computer public key is the same as the processor ID, it can be judged The computer public key is the computer public key of the computer, not the computer public key of other computers encrypted with the same processor private key; when the computer identification corresponding to the computer public key is different from the processor identification, it can be judged that the computer The public key is not the computer's public computer key, but the computer's public keys of other computers encrypted with the same processor's private key.

通过将处理器标识预先固设在所述处理器中,可以避免所述处理器标识在计算机运行阶段被恶意软件篡改。By fixing the processor identifier in the processor in advance, the processor identifier can be prevented from being tampered with by malicious software during the running phase of the computer.

在一些实施例中,可以在处理器的生产阶段中设置所述处理器标识于所述处理器中,这样,可以不需要计算机整机生产者在得到处理器后再通过特定的工具将信任根写入处理器中,便于本发明实施例所提供的计算机目标对象验证方法的实施。In some embodiments, the processor identification can be set in the processor during the production stage of the processor. In this way, it is not necessary for the complete computer manufacturer to pass the root of trust through a specific tool after obtaining the processor. It is written into the processor to facilitate the implementation of the computer target object verification method provided by the embodiment of the present invention.

为了固设所述处理器标识,在一些实施例中,可以在处理器中内置一次性可编程存储器,从而不可更改地在所述处理器中设置与该处理器标识计算机一一对应的处理器标识。In order to fix the processor identification, in some embodiments, a one-time programmable memory can be built in the processor, so that the processor corresponding to the processor identification computer can be set in the processor in a one-to-one manner. logo.

为了获取与计算机公钥对应的计算机标识,在一些实施例中,所述公钥证书除包括计算机公钥外,还包括计算机标识。这样,记载于公钥证书中的计算机公钥对应的计算机标识即是记载于同一公钥证书的计算机标识。In order to obtain the computer identification corresponding to the computer public key, in some embodiments, the public key certificate also includes the computer identification in addition to the computer public key. In this way, the computer identification corresponding to the computer public key recorded in the public key certificate is the computer identification recorded in the same public key certificate.

具体的,可以通过处理器私钥对所述计算机标识和所述计算机公钥的整体进行加密计算,从而得到可以判断计算机标识和计算机公钥整体是否被篡改的公钥签名。Specifically, the entirety of the computer identification and the computer public key may be encrypted and calculated with the private key of the processor, so as to obtain a public key signature that can determine whether the entirety of the computer identification and the computer public key has been tampered with.

在一些实施例中,所述处理器标识的长度可以等于8位,也即1个字节。当然,具体位数可以根据需要设置。In some embodiments, the length of the processor identifier may be equal to 8 bits, that is, 1 byte. Of course, the specific number of digits can be set as required.

在步骤S23中,利用预先固设在所述处理器中的处理器公钥,对所述公钥签名进行验签。In step S23, the public key signature is verified by using the processor public key pre-fixed in the processor.

公钥证书除了包括计算机公钥外,还包括计算机标识,对公钥证书的公钥签名进行验签,可以判断计算机标识和计算机公钥整体是否被篡改。In addition to the computer public key, the public key certificate also includes the computer identification, and the verification of the public key signature of the public key certificate can determine whether the computer identification and the computer public key as a whole have been tampered with.

在步骤S24中,当所述处理器公钥对所述公钥签名验签通过时,利用所述计算机公钥对目标签名进行验签,所述目标签名是计算机私钥对目标对象的签名;当验签通过时,执行步骤S25,当验签未通过时,执行步骤S26。In step S24, when the processor public key passes the verification of the public key signature, use the computer public key to verify the target signature, and the target signature is the signature of the computer private key on the target object; When the signature verification is passed, step S25 is executed, and when the signature verification is not passed, step S26 is executed.

在步骤S25中,所述目标对象的验证通过。In step S25, the verification of the target object is passed.

在步骤S26中,所述目标对象的验证未通过。In step S26, the verification of the target object fails.

当所述计算机标识与所述处理器标识不一致时,禁止利用所述计算机公钥对所述目标签名进行验签。When the computer identification is inconsistent with the processor identification, it is forbidden to use the computer public key to verify the target signature.

步骤S23至步骤S26的具体内容请参考上述步骤S12至步骤S15的相关描述。For the specific content of step S23 to step S26, please refer to the related description of above step S12 to step S15.

这样,可以区分请求验签的公钥签名对应的计算机公钥是否属于其他计算机,当处理器公钥和处理器私钥是属于多个处理器,该多个处理器可能被设置于多台计算机中,而每台计算机中的计算机公钥和计算机私钥可能不相同时,可以避免被其他计算机用自己的公钥签名篡改的公钥签名验签通过。In this way, it can be distinguished whether the computer public key corresponding to the public key signature of the request for signature verification belongs to other computers. When the processor public key and processor private key belong to multiple processors, the multiple processors may be set on multiple computers. However, when the computer public key and computer private key in each computer may be different, it can avoid the public key signature tampered with by other computers using their own public key signatures to pass the verification.

值得注意的是,当恶意软件窃取计算机私钥导致计算机更新计算机私钥和计算机公钥时,虽然固设于处理器中的处理器公钥不需要更新,但恶意软件可能利用窃取的计算机私钥对篡改后的目标对象进行签名,再利用计算机更新前的计算机公钥和公钥签名欺骗处理器使该篡改后的目标对象通过验证。It is worth noting that when malicious software steals the computer private key and causes the computer to update the computer private key and computer public key, although the processor public key fixed in the processor does not need to be updated, the malicious software may use the stolen computer private key Sign the tampered target object, and then use the computer public key and public key signature before the computer is updated to deceive the processor to make the tampered target object pass the verification.

为了区分更新后的计算机私钥和计算机公钥,以及根据该更新后的计算机公钥重新申请的更新后的公钥签名,请参考图5,图5为本发明实施例所提供的计算机目标对象的验证方法的另一流程图。In order to distinguish between the updated computer private key and computer public key, and the updated public key signature re-applied based on the updated computer public key, please refer to Figure 5, which is the computer target object provided by the embodiment of the present invention Another flowchart of the verification method.

如图5所示,本发明实施例所提供的计算机目标对象的验证方法包括:As shown in Figure 5, the verification method of the computer target object provided by the embodiment of the present invention includes:

在步骤S31中,获取公钥签名,所述公钥签名包括处理器私钥对公钥证书的签名。In step S31, a public key signature is obtained, and the public key signature includes the signature of the processor private key on the public key certificate.

在步骤S32中,判断与所述计算机公钥对应的计算机版本信息是否大于或等于预设在所述处理器中的公钥证书版本信息;当大于或等于时,执行步骤S33,当小于时,执行步骤S36。In step S32, it is judged whether the computer version information corresponding to the computer public key is greater than or equal to the public key certificate version information preset in the processor; when greater than or equal to, execute step S33, and when less than, Execute step S36.

所述计算机版本信息适于表示对应的计算机公钥的版本,当所述计算机版本信息小于处理器中的公钥证书版本信息,则认为与该计算机版本信息对应的计算机公钥是版本过于落后的,因此该目标对象不得通过验证。The computer version information is suitable for indicating the version of the corresponding computer public key, and when the computer version information is smaller than the public key certificate version information in the processor, it is considered that the computer public key corresponding to the computer version information is too backward in version , so the target object must not pass validation.

为了在处理器中设置计算机版本信息,在一些实施例中,所述处理器中配置有一次性可编程存储电路,所述一次性可编程存储电路用于预先设置所述公钥证书版本信息。进一步,为了在实现固设的同时,还允许更新,在一具体实施方式中,所述一次性可编程存储电路还支持按位烧写,在读取所述一次性可编程存储电路时,仅读取烧写的数据,这样,可以在处理器中设置公钥证书版本信息时,逐位烧写处理器中一次性可编程电路的数据位。具体的,所提供的一次性可编程电路在烧写前每个数据位可以都为“0”,作为第一版本的计算机公钥的公钥证书版本信息。在每次更新计算机公钥和计算机私钥后,都对处理器的一次性可编程电路中的下一数据位烧写为“1”,以表示不同的版本。In order to set the computer version information in the processor, in some embodiments, the processor is configured with a one-time programmable storage circuit, and the one-time programmable storage circuit is used to preset the version information of the public key certificate. Further, in order to allow updating while realizing the fixed setting, in a specific embodiment, the one-time programmable storage circuit also supports bit-by-bit programming, and when reading the one-time programmable storage circuit, only Read the programmed data, so that when the public key certificate version information is set in the processor, the data bits of the one-time programmable circuit in the processor can be programmed bit by bit. Specifically, each data bit of the provided one-time programmable circuit may be "0" before programming, as the public key certificate version information of the first version of the computer public key. After updating the computer public key and the computer private key each time, the next data bit in the one-time programmable circuit of the processor is programmed as "1" to represent different versions.

在一些实施例中,所述一次性可编程电路可以为一个字节大小,即具有八个待烧写的数据位,则“00000000”表示初始版本,该初始版本的计算机公钥有对应的计算机版本信息同样为“000000000”。当计算机中的计算机公钥和计算机私钥由于被窃取等原因,需要进行版本更新时,更新后的计算机公钥和计算机私钥的可以通过烧写工具烧写该一次性可编程电路的一个数据位,使之更新为“00000001”,这样,攻击者在利用窃取的旧版本的计算机公钥构成公钥签名时,由于该公钥签名对应的公钥证书的计算机公钥的计算机版本信息为“00000000”,小于处理器中的公钥证书版本信息“00000001”,因此判断验证未通过。当需要再次更新公钥证书版本信息时,按位依次写入“1”,因此,当一次性可编程电路为1个字节时,一共可以最多更新8个版本。In some embodiments, the one-time programmable circuit can be one byte in size, that is, has eight data bits to be programmed, then "00000000" represents the initial version, and the computer public key of the initial version has a corresponding computer The version information is also "000000000". When the computer public key and computer private key in the computer need to be updated due to reasons such as being stolen, the updated computer public key and computer private key can be used to burn a data of the one-time programmable circuit through the programming tool bit, to update it to "00000001", so that when an attacker uses the stolen old version of the computer public key to form a public key signature, the computer version information of the computer public key of the public key certificate corresponding to the public key signature is " 00000000", which is smaller than the public key certificate version information "00000001" in the processor, so it is judged that the verification has not passed. When the version information of the public key certificate needs to be updated again, "1" is written bit by bit sequentially. Therefore, when the one-time programmable circuit is 1 byte, a total of up to 8 versions can be updated.

在一些实施例中,与计算机的计算机公钥对应的计算机版本信息与该计算机的处理器中的公钥证书版本信息可以相同,当更新计算机公钥和计算机私钥时,同时更新公钥证书版本信息和计算机版本信息,使得更新后的公钥证书版本信息和计算机版本信息保持一致。In some embodiments, the computer version information corresponding to the computer public key of the computer may be the same as the public key certificate version information in the processor of the computer. When the computer public key and the computer private key are updated, the public key certificate version is updated at the same time. Information and computer version information, so that the updated public key certificate version information is consistent with the computer version information.

在另一些实施例中,与计算机的计算机公钥对应的计算机版本信息可以大于公钥证书版本信息,这样,虽然当公钥证书版本信息没有更新时,无法防止攻击者利用上述泄密的旧版本的计算机版本信息进行验证,但可以避免更新后的计算机版本信息无法通过验证。In other embodiments, the computer version information corresponding to the computer public key of the computer may be greater than the version information of the public key certificate. In this way, although the version information of the public key certificate is not updated, it is impossible to prevent attackers from using the leaked old version The computer version information is verified, but it can prevent the updated computer version information from failing the verification.

当计算机公钥对应的计算机版本信息大于或等于公钥证书版本信息时,可以判断该计算机公钥是当前版本的计算机公钥,而非已经泄露版本的计算机公钥;反之,可以判断该计算机公钥并非当前版本,而是已经泄露版本的计算机公钥,为恶意软件窃取计算机私钥后对计算机的攻击行为,不能通过验证。When the computer version information corresponding to the computer public key is greater than or equal to the version information of the public key certificate, it can be judged that the computer public key is the current version of the computer public key, not the computer public key of the leaked version; otherwise, it can be judged that the computer public key The key is not the current version, but the public key of the computer that has been leaked. The attack on the computer after stealing the private key of the computer by malicious software cannot pass the verification.

为了获取与计算机公钥对应的计算机版本信息,在一些实施例中,所述公钥证书除包括公钥签名和计算机公钥外,还包括计算机版本信息。这样,记载于公钥证书中的计算机公钥对应的计算机版本信息即是记载于同一公钥证书的计算机版本信息。In order to obtain computer version information corresponding to the computer public key, in some embodiments, the public key certificate includes computer version information in addition to the public key signature and the computer public key. In this way, the computer version information corresponding to the computer public key recorded in the public key certificate is the computer version information recorded in the same public key certificate.

在一些实施例中,所述公钥签名还包括所述处理器私钥对所述计算机版本信息的签名。这样,在对公钥签名进行验签时,还可以判断在步骤S32中进行判断的计算机版本信息是否被篡改。具体的,可以通过处理器私钥对所述计算机版本信息和所述计算机公钥的整体进行加密计算,从而得到可以判断计算机版本信息和计算机公钥整体是否被篡改的公钥签名。In some embodiments, the public key signature further includes a signature of the processor private key on the computer version information. In this way, when verifying the public key signature, it can also be judged whether the computer version information judged in step S32 has been tampered with. Specifically, the entirety of the computer version information and the computer public key can be encrypted and calculated with the private key of the processor, so as to obtain a public key signature that can determine whether the computer version information and the computer public key as a whole have been tampered with.

在一些实施例中,所述公钥证书版本信息的长度可以小于或等于8位,也即1个字节。当然,具体位数可以根据需要设置。In some embodiments, the length of the public key certificate version information may be less than or equal to 8 bits, that is, 1 byte. Of course, the specific number of digits can be set as required.

在步骤S33中,利用预先固设在所述处理器中的处理器公钥,对所述公钥签名进行验签。In step S33, the public key signature is verified by using the processor public key pre-fixed in the processor.

在步骤S34中,当所述处理器公钥对所述公钥签名验签通过时,利用所述计算机公钥对目标签名进行验签,所述目标签名是计算机私钥对目标对象的签名;当验签通过时,执行步骤S35,当验签未通过时,执行步骤S36。In step S34, when the processor public key passes the verification of the public key signature, use the computer public key to verify the target signature, and the target signature is the signature of the computer private key to the target object; When the signature verification is passed, step S35 is executed, and when the signature verification is not passed, step S36 is executed.

在步骤S35中,所述目标对象的验证通过。In step S35, the verification of the target object is passed.

在步骤S36中,所述目标对象的验证未通过。In step S36, the verification of the target object fails.

步骤S33至步骤S36的具体内容请参考上述步骤S12至步骤S15的相关描述。For the specific content of step S33 to step S36, please refer to the related description of above step S12 to step S15.

这样,可以防止恶意软件利用窃取的计算机私钥对篡改后的目标对象进行签名,再利用计算机更新前的计算机公钥和公钥签名欺骗处理器使该篡改后的目标对象通过验证。In this way, malicious software can be prevented from using the stolen computer private key to sign the tampered target object, and then using the computer public key and the public key signature before the computer is updated to deceive the processor so that the tampered target object passes verification.

为解决前述问题,本发明实施例还提供一种计算机目标对象验证装置,请参考图6,图6为本发明实施例所提供的计算机目标对象验证装置的示意图。In order to solve the foregoing problems, an embodiment of the present invention further provides a computer target object verification device, please refer to FIG. 6 , which is a schematic diagram of a computer target object verification device provided by an embodiment of the present invention.

如图所示,本发明实施例所提供的计算机目标对象验证装置,包括:As shown in the figure, the computer target object verification device provided by the embodiment of the present invention includes:

公钥签名获取单元1,适于获取公钥签名,所述公钥签名包括处理器私钥对公钥证书的签名,所述公钥证书至少包括计算机公钥;The public key signature obtaining unit 1 is adapted to obtain a public key signature, the public key signature includes the signature of the processor private key to the public key certificate, and the public key certificate includes at least the computer public key;

公钥签名验签单元2,适于利用预先固设在所述处理器中的处理器公钥,对所述公钥签名进行验签;The public key signature verification unit 2 is adapted to verify the public key signature by using the processor public key pre-fixed in the processor;

目标签名验签单元3,适于当所述处理器公钥对所述公钥签名验签通过时,利用所述计算机公钥对目标签名进行验签,所述目标签名是计算机私钥对目标对象的签名;当所述计算机公钥对所述目标签名验签通过时,所述目标对象的验证通过。The target signature verification unit 3 is adapted to use the computer public key to verify the target signature when the processor public key passes the verification of the public key signature, and the target signature is the computer private key to the target signature. The signature of the object; when the computer public key passes the verification of the target signature, the verification of the target object passes.

可见,本发明实施例所提供的计算机目标对象验证装置,以处理器公钥为信任根,在处理器的生产阶段由处理器生产者设置于处理器中,可以不需要计算机整机生产者在得到处理器后再通过特定的工具将信任根写入处理器中,即可使计算机整机生产者生产的计算机基于信任根对目标对象进行验证,从而在利用处理器中设置的信任根验证程序或数据的同时,方便计算机实施;同时,处理器私钥不存储于计算机中,因此处理器私钥没有在计算机运行过程中被恶意软件窃取的风险,更加安全,避免了计算机私钥被窃取或篡改后,即需要更换计算机公钥和计算机私钥,又面临固设在处理器中作为信任根的计算机公钥无法被替换的困境。It can be seen that the computer target object verification device provided by the embodiment of the present invention uses the processor public key as the root of trust, and is set in the processor by the processor producer during the production stage of the processor. After obtaining the processor, write the root of trust into the processor through a specific tool, so that the computer produced by the computer manufacturer can verify the target object based on the root of trust, so that the root of trust verification program set in the processor can be used At the same time, the private key of the processor is not stored in the computer, so the private key of the processor does not have the risk of being stolen by malicious software during the operation of the computer, which is more secure and prevents the private key of the computer from being stolen or After tampering, the computer public key and computer private key need to be replaced, and the computer public key fixed in the processor as the root of trust cannot be replaced.

在一具体实施方式中,所述目标对象包括计算机固件;若所述计算机固件的验证通过,启动对应所述计算机公钥的计算机系统。In a specific implementation manner, the target object includes computer firmware; if the verification of the computer firmware passes, start the computer system corresponding to the computer public key.

在一具体实施方式中,本发明实施例提供的计算机目标对象验证装置,还包括:In a specific embodiment, the computer target object verification device provided by the embodiment of the present invention further includes:

标识判断单元,适于在所述目标签名验签单元利用所述计算机公钥对目标签名进行验签之前,判断与所述计算机公钥对应的计算机标识是否与预先固设在所述处理器中的处理器标识一致,所述处理器标识与所述计算机一一对应,计算机对应的处理器标识与所述计算机的计算机公钥对应的计算机标识相同;当所述计算机标识与所述处理器标识不一致时,所述目标对象的验证未通过。The identification judging unit is adapted to judge whether the computer identification corresponding to the computer public key is fixed in advance in the processor before the target signature verification unit uses the computer public key to verify the target signature. The processor identification of the computer is consistent, and the processor identification corresponds to the computer one by one, and the processor identification corresponding to the computer is the same as the computer identification corresponding to the computer public key of the computer; when the computer identification and the processor identification If not, the verification of the target object fails.

在一具体实施方式中,本发明实施例提供的计算机目标对象验证装置,还包括:In a specific embodiment, the computer target object verification device provided by the embodiment of the present invention further includes:

版本信息判断单元,适于在所述目标签名验签单元利用所述计算机公钥对目标签名进行验签之前,判断与所述计算机公钥对应的计算机版本信息是否大于或等于预设在所述处理器中的公钥证书版本信息,所述计算机版本信息适于表示对应的计算机公钥的版本;当所述计算机版本信息小于所述公钥证书版本信息时,所述目标对象的验证未通过。The version information judging unit is adapted to judge whether the computer version information corresponding to the computer public key is greater than or equal to the computer version information preset in the computer public key before the target signature verification unit uses the computer public key to verify the target signature. Public key certificate version information in the processor, the computer version information is suitable for representing the version of the corresponding computer public key; when the computer version information is smaller than the public key certificate version information, the verification of the target object fails .

在一具体实施方式中,所述公钥证书还包括所述计算机标识。In a specific implementation manner, the public key certificate further includes the computer identifier.

在一具体实施方式中,所述公钥证书还包括所述计算机版本信息。In a specific implementation manner, the public key certificate also includes the computer version information.

在一具体实施方式中,所述处理器中配置有一次性可编程存储电路,所述一次性可编程存储电路用于预先设置所述处理器标识和/或所述公钥证书版本信息。In a specific implementation manner, a one-time programmable storage circuit is configured in the processor, and the one-time programmable storage circuit is used to preset the processor identification and/or the public key certificate version information.

在一具体实施方式中,所述一次性可编程存储电路支持按位烧写,在读取所述一次性可编程存储电路时,仅读取烧写的数据。In a specific implementation manner, the one-time programmable storage circuit supports bit-by-bit programming, and when the one-time programmable storage circuit is read, only the programmed data is read.

本发明实施例还提供一种存储介质,所述存储介质存储有程序,以实现如上述所述的计算机目标对象验证方法。An embodiment of the present invention also provides a storage medium, the storage medium stores a program to implement the computer target object verification method as described above.

本发明实施例还提供一种处理器,包括处理器公钥硬件电路,所述处理器公钥硬件电路是硬编码所述处理器公钥为集成在所述处理器的硬件电路,适于执行如上述所述的计算机目标对象验证方法。The embodiment of the present invention also provides a processor, including a processor public key hardware circuit, the processor public key hardware circuit is hard-coded the processor public key as a hardware circuit integrated in the processor, suitable for executing A computer target object authentication method as described above.

本发明实施例还提供一种电子设备,包括存储器,主板和主板上的至少一个处理器,所述主板存储有所述目标对象,所述存储器存储有程序,所述处理器调用所述程序,以执行如上述所述的计算机目标对象验证方法对所述目标对象进行验证。An embodiment of the present invention also provides an electronic device, including a memory, a main board and at least one processor on the main board, the main board stores the target object, the memory stores a program, and the processor invokes the program, The target object is verified by executing the computer target object verification method as described above.

可见,本发明实施例所提供的存储介质、处理器和电子设备,以处理器公钥为信任根,在处理器的生产阶段由处理器生产者设置于处理器中,可以不需要计算机整机生产者在得到处理器后再通过特定的工具将信任根写入处理器中,即可使计算机整机生产者生产的计算机基于信任根对目标对象进行验证,从而在利用处理器中设置的信任根验证程序或数据的同时,方便计算机实施;同时,处理器私钥不存储于计算机中,因此处理器私钥没有在计算机运行过程中被恶意软件窃取的风险,更加安全,避免了计算机私钥被窃取或篡改后,即需要更换计算机公钥和计算机私钥,又面临固设在处理器中作为信任根的计算机公钥无法被替换的困境。It can be seen that the storage medium, processor and electronic device provided by the embodiments of the present invention use the public key of the processor as the root of trust, which is set in the processor by the processor producer during the production stage of the processor, and may not require a complete computer After obtaining the processor, the producer writes the root of trust into the processor through a specific tool, so that the computer produced by the producer of the complete computer can verify the target object based on the root of trust, so that the trust set in the processor can be utilized. At the same time, it is convenient for computer implementation; at the same time, the private key of the processor is not stored in the computer, so the private key of the processor does not have the risk of being stolen by malicious software during the operation of the computer, which is more secure and avoids the need for the private key of the computer. After being stolen or tampered with, the computer public key and computer private key need to be replaced, and the computer public key fixed in the processor as the root of trust cannot be replaced.

对所公开的实施例的上述说明,使本领域技术人员能够实现或使用本发明。对这些实施例的多种修改对本领域技术人员来说将是显而易见的,本文中所定义的一般原理可以在不脱离本发明的精神或范围的情况下,在其他实施例中实现。因此,本发明将不会被限制于本文所示的这些实施例,而是符合与本文所公开的原理和新颖特点相一致的最宽的范围。上文描述了本发明实施例提供的多个实施例方案,各实施例方案介绍的各可选方式可在不冲突的情况下相互结合、交叉引用,从而延伸出多种可能的实施例方案,这些均可认为是本发明实施例披露、公开的实施例方案。The above description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the general principles defined herein may be implemented in other embodiments without departing from the spirit or scope of the invention. Therefore, the present invention will not be limited to the embodiments shown herein, but is to be accorded the widest scope consistent with the principles and novel features disclosed herein. Multiple embodiment solutions provided by the embodiments of the present invention are described above, and the optional modes introduced by each embodiment solution can be combined and cross-referenced without conflict, so as to extend a variety of possible embodiment solutions, All of these can be regarded as the embodiment disclosures of the present invention and the disclosed embodiment solutions.

虽然本发明实施例披露如上,但本发明并非限定于此。任何本领域技术人员,在不脱离本发明的精神和范围内,均可作各种更动与修改,因此本发明的保护范围应当以权利要求所限定的范围为准。Although the embodiments of the present invention are disclosed above, the present invention is not limited thereto. Any person skilled in the art can make various changes and modifications without departing from the spirit and scope of the present invention, so the protection scope of the present invention should be based on the scope defined in the claims.

Claims (15)

1. A method for verifying a target object of a computer, comprising:
obtaining a public key signature, wherein the public key signature comprises a signature of a processor private key on a public key certificate, and the public key certificate at least comprises a computer public key;
signing the public key signature by utilizing a processor public key which is fixedly arranged in the processor in advance;
when the public key signature verification of the processor passes, the public key signature verification is performed on a target signature by using the computer public key, wherein the target signature is a signature of a target object by using a computer private key;
and when the public key of the computer passes the signature verification of the target signature, the verification of the target object passes.
2. The computer target object verification method of claim 1, wherein the target object comprises computer firmware; and if the verification of the computer firmware is passed, starting the computer system corresponding to the computer public key.
3. The method for verifying a computer target object as defined in claim 2, wherein prior to signing the target signature using the computer public key, further comprising:
judging whether a computer identifier corresponding to the computer public key is consistent with a processor identifier preset in the processor, wherein the processor identifier corresponds to the computer one by one, and the processor identifier corresponding to the computer is identical with the computer identifier corresponding to the computer public key of the computer;
when the computer identification is inconsistent with the processor identification, the verification of the target object is not passed.
4. A computer target object verification method as claimed in claim 3, wherein said public key certificate further comprises said computer identification.
5. The method for verifying a computer target object as defined in claim 3, wherein prior to signing the target signature using the computer public key, further comprising:
judging whether computer version information corresponding to the computer public key is greater than or equal to public key certificate version information preset in the processor, wherein the computer version information is suitable for representing the version of the corresponding computer public key;
And when the computer version information is smaller than the public key certificate version information, the verification of the target object is not passed.
6. The computer target object verification method of claim 5, wherein the public key certificate further comprises the computer version information.
7. The method of claim 5, wherein the processor is configured with a one-time programmable memory circuit, and the one-time programmable memory circuit is configured to preset the processor identifier and/or the public key certificate version information.
8. The method of claim 7, wherein the one-time programmable memory circuit supports bit-wise programming, and wherein only programmed data is read when the one-time programmable memory circuit is read.
9. A computer target object verification apparatus, comprising:
a public key signature acquisition unit adapted to acquire a public key signature including a signature of a public key certificate by a processor private key, the public key certificate including at least a computer public key;
the public key signature verification unit is suitable for verifying the public key signature by utilizing a processor public key which is fixedly arranged in the processor in advance;
The target signature verification unit is suitable for verifying a target signature by using the computer public key when the public key signature verification of the processor passes, wherein the target signature is a signature of a target object by using a computer private key; and when the public key of the computer passes the signature verification of the target signature, the verification of the target object passes.
10. The computer target object verification device of claim 9, wherein the target object comprises computer firmware; and if the verification of the computer firmware is passed, starting the computer system corresponding to the computer public key.
11. The computer target object verification device of claim 10, further comprising:
the identification judging unit is suitable for judging whether a computer identification corresponding to the computer public key is consistent with a processor identification preset in the processor before the target signature checking unit performs signature checking on the target signature by using the computer public key, the processor identification corresponds to the computer one by one, and the processor identification corresponding to the computer is identical to the computer identification corresponding to the computer public key of the computer; when the computer identification is inconsistent with the processor identification, the verification of the target object is not passed.
12. The computer target object verification device of claim 11, further comprising:
the version information judging unit is suitable for judging whether computer version information corresponding to the computer public key is larger than or equal to public key certificate version information preset in the processor before the target signature verifying unit verifies the target signature by using the computer public key, and the computer version information is suitable for representing the version of the corresponding computer public key; and when the computer version information is smaller than the public key certificate version information, the verification of the target object is not passed.
13. A storage medium storing a program to implement the computer target object authentication method according to any one of claims 1 to 8.
14. A processor comprising processor public key hardware circuitry, the processor public key hardware circuitry being hardware circuitry to hard-code the processor public key as integrated in the processor, adapted to perform the computer target object verification method of any one of claims 1-8.
15. An electronic device comprising a memory, a motherboard and at least one processor on the motherboard, the motherboard storing the target object, the memory storing a program, the processor invoking the program to perform the computer target object verification method of any of claims 1-8 to verify the target object.
CN202211694160.1A 2022-12-28 2022-12-28 Computer target object verification method, device, storage medium and related devices Pending CN116244754A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211694160.1A CN116244754A (en) 2022-12-28 2022-12-28 Computer target object verification method, device, storage medium and related devices

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211694160.1A CN116244754A (en) 2022-12-28 2022-12-28 Computer target object verification method, device, storage medium and related devices

Publications (1)

Publication Number Publication Date
CN116244754A true CN116244754A (en) 2023-06-09

Family

ID=86625236

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211694160.1A Pending CN116244754A (en) 2022-12-28 2022-12-28 Computer target object verification method, device, storage medium and related devices

Country Status (1)

Country Link
CN (1) CN116244754A (en)

Similar Documents

Publication Publication Date Title
CN109313690B (en) Self-contained encrypted boot policy verification
US20240146545A1 (en) Unified programming environment for programmable devices
FI114416B (en) Procedure for securing electronic device, fuse system and electronic device
US8806221B2 (en) Securely recovering a computing device
US8364965B2 (en) Optimized integrity verification procedures
JP6509197B2 (en) Generating working security key based on security parameters
KR101393307B1 (en) Secure boot method and semiconductor memory system for using the method
CN113434853B (en) Method for burning firmware to storage device and controller
US20050021968A1 (en) Method for performing a trusted firmware/bios update
TW201516733A (en) System and method for verifying changes to UEFI authenticated variables
CN110795126A (en) A firmware security upgrade system
JP2004280284A (en) Control processor, electronic equipment, and program starting method for electronic equipment, and system module updating method for electronic equipment
CN109814934B (en) Data processing method, device, readable medium and system
CN112148314B (en) Mirror image verification method, device and equipment of embedded system and storage medium
CN109982150B (en) Trust chain establishing method of intelligent television terminal and intelligent television terminal
CN116070217A (en) Safe starting system and method for chip module
CN117472465A (en) System-on-chip secure starting method and device, electronic equipment and storage medium
CN113360914A (en) BIOS updating method, system, equipment and medium
CN110730079B (en) System for safe starting and trusted measurement of embedded system based on trusted computing module
CN113761538A (en) Security boot file configuration method, boot method, device, equipment and medium
CN116561734A (en) Verification method, verification device, computer and computer configuration system
CN117610083A (en) File verification method and device, electronic equipment and computer storage medium
CN116244754A (en) Computer target object verification method, device, storage medium and related devices
CN114816549B (en) A method and system for protecting bootloader and its environment variables
CN116821918A (en) Online upgrading method, chip device, computer terminal and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination