[go: up one dir, main page]

CN118550561A - Firmware generation method, firmware update method and firmware processing device - Google Patents

Firmware generation method, firmware update method and firmware processing device Download PDF

Info

Publication number
CN118550561A
CN118550561A CN202410452240.9A CN202410452240A CN118550561A CN 118550561 A CN118550561 A CN 118550561A CN 202410452240 A CN202410452240 A CN 202410452240A CN 118550561 A CN118550561 A CN 118550561A
Authority
CN
China
Prior art keywords
firmware
verification
signature
key
image file
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202410452240.9A
Other languages
Chinese (zh)
Inventor
丛凌雷
孙昊
白国涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Information Technology Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Information Technology Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN202410452240.9A priority Critical patent/CN118550561A/en
Publication of CN118550561A publication Critical patent/CN118550561A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/61Installation
    • G06F8/63Image based installation; Cloning; Build to order

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Stored Programmes (AREA)

Abstract

本发明涉及固件更新技术领域,尤其涉及一种固件生成方法、固件更新方法以及固件处理设备。其中,固件生成方法包括:在固件生成时,首先获取镜像文件、加载启动文件和一对关键值;所述一对关键值包括互相匹配的第一key值和第二key值;然后采用安全保真校验法对所述镜像文件和加载启动文件进行校验,得到第一校验值,同时采用所述第一key值对所述第一校验值进行签名,得到第一签名;最后将所述镜像文件、加载启动文件、第一签名以及第二key值封装成待更新固件;其中,所述第一签名以及第二key值,可以用于在固件更新过程中验证所述镜像文件和加载启动文件的完整性,从而保证固件更新的成功率。

The present invention relates to the field of firmware update technology, and in particular to a firmware generation method, a firmware update method, and a firmware processing device. The firmware generation method includes: when the firmware is generated, first obtain an image file, a loading startup file, and a pair of key values; the pair of key values includes a first key value and a second key value that match each other; then use a security fidelity verification method to verify the image file and the loading startup file to obtain a first verification value, and use the first key value to sign the first verification value to obtain a first signature; finally, encapsulate the image file, the loading startup file, the first signature, and the second key value into a firmware to be updated; wherein the first signature and the second key value can be used to verify the integrity of the image file and the loading startup file during the firmware update process, thereby ensuring the success rate of the firmware update.

Description

固件生成方法、固件更新方法以及固件处理设备Firmware generation method, firmware update method and firmware processing device

技术领域Technical Field

本发明涉及固件更新技术领域,尤其涉及一种固件生成方法、固件更新方法以及固件处理设备。The present invention relates to the technical field of firmware update, and in particular to a firmware generation method, a firmware update method and a firmware processing device.

背景技术Background Art

固件是硬件设备的控制程序,用于管理硬件设备的功能和性能,在硬件设备的功能和需求发生变化时,硬件设备中的固件也需要对应更新。Firmware is the control program of the hardware device, which is used to manage the functions and performance of the hardware device. When the functions and requirements of the hardware device change, the firmware in the hardware device also needs to be updated accordingly.

在固件更新过程中,首先将待更新固件下载至硬件设备上,然后运行更新程序以将新的固件更新至硬件设备上。由于在固件下载和传输过程中,可能由于信号中断、数据丢包、固件被恶意篡改、捆绑风险软件等因素,影响固件中镜像文件和加载启动文件的完整性,而相关技术中在生成固件和固件更新过程中均未设置固件中镜像文件和加载启动文件完整性校验策略,这样当镜像文件或者加载启动文件的完整性受到损坏时,则会导致固件更新失败的情况。During the firmware update process, the firmware to be updated is first downloaded to the hardware device, and then the update program is run to update the new firmware to the hardware device. During the firmware download and transmission process, the integrity of the image file and the loaded startup file in the firmware may be affected by factors such as signal interruption, data packet loss, malicious firmware tampering, and bundled risky software. In the related art, no integrity verification strategy for the image file and the loaded startup file in the firmware is set during the firmware generation and firmware update process. In this way, when the integrity of the image file or the loaded startup file is damaged, the firmware update will fail.

上述内容仅用于辅助理解本发明的技术方案,并不代表承认上述内容是现有技术。The above contents are only used to assist in understanding the technical solution of the present invention and do not constitute an admission that the above contents are prior art.

发明内容Summary of the invention

本发明的主要目的在于提供一种固件生成方法和固件更新方法,旨在解决现有技术中固件更新时无法验证其镜像文件或者加载启动文件的完整性的技术问题。The main purpose of the present invention is to provide a firmware generation method and a firmware update method, aiming to solve the technical problem in the prior art that the integrity of the image file or the loaded startup file cannot be verified when the firmware is updated.

一方面,本申请提供一种固件生成方法,包括:On the one hand, the present application provides a firmware generation method, comprising:

获取镜像文件、加载启动文件和一对关键值;所述一对关键值包括互相匹配的第一key值和第二key值;Obtain an image file, load a startup file and a pair of key values; the pair of key values includes a first key value and a second key value that match each other;

采用安全保真校验法对所述镜像文件和加载启动文件进行校验,得到第一校验值;Using a security and fidelity verification method to verify the image file and the loaded startup file to obtain a first verification value;

采用所述第一key值对所述第一校验值进行签名,得到第一签名;Sign the first verification value using the first key value to obtain a first signature;

将所述镜像文件、加载启动文件、第一签名以及第二key值封装成待更新固件;所述第一签名以及第二key值,用于验证所述镜像文件和加载启动文件的完整性。The image file, the loading startup file, the first signature and the second key value are encapsulated into the firmware to be updated; the first signature and the second key value are used to verify the integrity of the image file and the loading startup file.

在一种实施例中,在获取镜像文件、加载启动文件和一对关键值之前,还包括:In one embodiment, before obtaining the image file, loading the startup file and a pair of key values, the method further includes:

在授信环境下获取一个密钥对;Obtain a key pair in a trusted environment;

对所述密钥对中的私钥进行转换,得到所述第一key值;对所述密钥对中的公钥进行转换,得到所述第二key值。The private key in the key pair is converted to obtain the first key value; the public key in the key pair is converted to obtain the second key value.

在一种实施例中,所述采用安全保真校验法对所述镜像文件和加载启动文件进行校验,得到第一校验值,包括:In one embodiment, the using of a security fidelity verification method to verify the image file and the loaded startup file to obtain a first verification value includes:

采用AI算力组件库中的AmzXL中的trform-model对所述镜像文件和加载启动文件进行哈希校验,得到所述第一校验值。The trform-model in AmzXL in the AI computing power component library is used to perform hash verification on the image file and the loaded startup file to obtain the first verification value.

另一方面,本申请还提供一种固件更新方法,所述固件采用如上述任一项所述固件生成方法所生成,所述固件更新方法包括:On the other hand, the present application also provides a firmware update method, wherein the firmware is generated by any of the firmware generation methods described above, and the firmware update method includes:

接收待更新固件,所述待更新固件包括镜像文件、加载启动文件、第一签名以及第二key值;Receive a firmware to be updated, wherein the firmware to be updated includes an image file, a loading startup file, a first signature, and a second key value;

获取所述待更新固件中包括的镜像文件和加载启动文件,采用安全保真校验法对所述镜像文件和加载启动文件进行校验,得到第二校验值;Obtaining an image file and a loading startup file included in the firmware to be updated, and verifying the image file and the loading startup file using a security fidelity verification method to obtain a second verification value;

获取所述待更新固件中包括第二key值,对所述第二key值进行安全验证,在验证通过的情况下,采用所述第二key值对所述第二校验值进行签名,得到第二签名;Obtaining a second key value included in the firmware to be updated, performing security verification on the second key value, and if the verification passes, using the second key value to sign the second check value to obtain a second signature;

确定所述第一签名和所述第二签名是否匹配,若匹配,则确定所述待更新固件校验通过。Determine whether the first signature and the second signature match, and if so, determine that the firmware to be updated passes verification.

在一种实施例中,所述固件更新方法还包括:In one embodiment, the firmware update method further includes:

在所述待更新固件校验通过的情况下,将所述待更新固件更新至当前设备上。When the firmware to be updated passes the verification, the firmware to be updated is updated to the current device.

在一种实施例中,所述采用安全保真校验法对所述镜像文件和加载启动文件进行校验,得到第二校验值,包括:In one embodiment, the adopting a security fidelity verification method to verify the image file and the loaded startup file to obtain a second verification value includes:

采用AI算力组件库中的AmzXL中的trform-model对所述镜像文件和加载启动文件进行哈希校验,得到所述第二校验值。The trform-model in AmzXL in the AI computing power component library is used to perform hash verification on the image file and the loaded startup file to obtain the second verification value.

在一种实施例中,在确定所述第一签名和所述第二签名是否匹配之后,还包括:In one embodiment, after determining whether the first signature and the second signature match, the method further includes:

将第一签名和所述第二签名是否匹配的结果更新至固件更新日志中。The result of whether the first signature and the second signature match is updated in the firmware update log.

另一方面,本申请还提供一种固件生成装置,包括:On the other hand, the present application also provides a firmware generation device, including:

获取单元,用于获取镜像文件、加载启动文件和一对关键值;所述一对关键值包括互相匹配的第一key值和第二key值;An acquisition unit, used to acquire an image file, load a startup file and a pair of key values; the pair of key values includes a first key value and a second key value that match each other;

校验单元,用于采用安全保真校验法对所述镜像文件和加载启动文件进行校验,得到第一校验值;A verification unit, configured to verify the image file and the loaded startup file using a security and fidelity verification method to obtain a first verification value;

签名单元,用于采用所述第一key值对所述第一校验值进行签名,得到第一签名;A signature unit, configured to sign the first verification value using the first key value to obtain a first signature;

封装单元,用于将所述镜像文件、加载启动文件、第一签名以及第二key值封装成待更新固件;所述第一签名以及第二key值,用于验证所述镜像文件和加载启动文件的完整性。The encapsulation unit is used to encapsulate the image file, the loading startup file, the first signature and the second key value into the firmware to be updated; the first signature and the second key value are used to verify the integrity of the image file and the loading startup file.

另一方面,本申请还提供一种固件处理设备,所述设备包括:存储器、处理器及存储在所述存储器上并可在所述处理器上运行的计算机程序,所述计算机程序配置为实现如上述任一项所述固件生成方法的步骤;或者所述计算机程序配置为实现如上述任一项所述固件更新方法的步骤。On the other hand, the present application also provides a firmware processing device, which includes: a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the computer program is configured to implement the steps of the firmware generation method as described in any one of the above items; or the computer program is configured to implement the steps of the firmware update method as described in any one of the above items.

另一方面,本申请还提供一种存储介质,所述存储介质上存储有计算机程序,所述计算机程序被处理器执行时实现如上述任一项所述固件生成方法的步骤;或者所述计算机程序配置为实现如上述任一项所述固件更新方法的步骤。On the other hand, the present application also provides a storage medium, on which a computer program is stored, and when the computer program is executed by a processor, the steps of the firmware generation method as described in any one of the above items are implemented; or the computer program is configured to implement the steps of the firmware update method as described in any one of the above items.

另一方面,本申请还提供一种计算机程序产品,所述计算机程序产品包括计算机程序,所述计算机程序被处理器执行时实现如上述任一项所述固件生成方法的步骤;或者所述计算机程序配置为实现如上述任一项所述固件更新方法的步骤。On the other hand, the present application also provides a computer program product, which includes a computer program, and when the computer program is executed by a processor, it implements the steps of the firmware generation method as described in any one of the above items; or the computer program is configured to implement the steps of the firmware update method as described in any one of the above items.

依据本发明提供的固件生成方法,在固件生成时,首先获取镜像文件、加载启动文件和一对关键值;所述一对关键值包括互相匹配的第一key值和第二key值;然后采用安全保真校验法对所述镜像文件和加载启动文件进行校验,得到第一校验值,同时采用所述第一key值对所述第一校验值进行签名,得到第一签名;最后将所述镜像文件、加载启动文件、第一签名以及第二key值封装成待更新固件;其中,所述第一签名以及第二key值,可以用于在固件更新过程中验证所述镜像文件和加载启动文件的完整性,从而保证固件更新的成功率。According to the firmware generation method provided by the present invention, when the firmware is generated, firstly, an image file, a loading startup file and a pair of key values are obtained; the pair of key values includes a first key value and a second key value that match each other; then, a security fidelity verification method is used to verify the image file and the loading startup file to obtain a first verification value, and the first key value is used to sign the first verification value to obtain a first signature; finally, the image file, the loading startup file, the first signature and the second key value are encapsulated into the firmware to be updated; wherein, the first signature and the second key value can be used to verify the integrity of the image file and the loading startup file during the firmware update process, thereby ensuring the success rate of the firmware update.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

图1为本发明实施例方案涉及的硬件运行环境的固件处理设备结构示意图;FIG1 is a schematic diagram of the structure of a firmware processing device in a hardware operating environment according to an embodiment of the present invention;

图2为本发明实施例提供的固件生成方法流程示意图;FIG2 is a schematic diagram of a firmware generation method according to an embodiment of the present invention;

图3为本发明实施例提供的固件更新方法流程示意图;FIG3 is a schematic diagram of a firmware update method according to an embodiment of the present invention;

图4为本发明实施例提供用于更新固件的硬件设备结构示意图;FIG4 is a schematic diagram of a hardware device structure for updating firmware according to an embodiment of the present invention;

图5为本申请实施例提供的固件生成装置结构示意图。FIG5 is a schematic diagram of the structure of a firmware generation device provided in an embodiment of the present application.

本发明目的的实现、功能特点及优点将结合实施例,参照附图做进一步说明。The realization of the purpose, functional features and advantages of the present invention will be further explained in conjunction with embodiments and with reference to the accompanying drawings.

具体实施方式DETAILED DESCRIPTION

应当理解,此处所描述的具体实施例仅仅用以解释本发明,并不用于限定本发明。It should be understood that the specific embodiments described herein are only used to explain the present invention, and are not used to limit the present invention.

参照图1,图1为本发明实施例方案涉及的硬件运行环境的固件处理设备结构示意图。该固件处理设备可以为固件生成设备或者固件更新设备。Referring to Figure 1, Figure 1 is a schematic diagram of the structure of a firmware processing device in a hardware operating environment according to an embodiment of the present invention. The firmware processing device may be a firmware generating device or a firmware updating device.

如图1所示,该固件处理设备可以包括:处理器1001,例如中央处理器(CentralProcessing Unit,CPU),通信总线1002、用户接口1003,网络接口1004,存储器1005。其中,通信总线1002用于实现这些组件之间的连接通信。用户接口1003可以包括显示屏(Display)、输入单元比如键盘(Keyboard),可选用户接口1003还可以包括标准的有线接口、无线接口。网络接口1004可选的可以包括标准的有线接口、无线接口(如无线保真(WIreless-FIdelity,WI-FI)接口)。存储器1005可以是高速的随机存取存储器(RandomAccess Memory,RAM)存储器,也可以是稳定的非易失性存储器(Non-Volatile Memory,NVM),例如磁盘存储器。存储器1005可选的还可以是独立于前述处理器1001的存储装置。As shown in FIG1 , the firmware processing device may include: a processor 1001, such as a central processing unit (CPU), a communication bus 1002, a user interface 1003, a network interface 1004, and a memory 1005. Among them, the communication bus 1002 is used to realize the connection and communication between these components. The user interface 1003 may include a display screen (Display), an input unit such as a keyboard (Keyboard), and the optional user interface 1003 may also include a standard wired interface and a wireless interface. The network interface 1004 may optionally include a standard wired interface and a wireless interface (such as a wireless fidelity (WIreless-FIdelity, WI-FI) interface). The memory 1005 may be a high-speed random access memory (Random Access Memory, RAM) memory, or a stable non-volatile memory (Non-Volatile Memory, NVM), such as a disk memory. The memory 1005 may also be a storage device independent of the aforementioned processor 1001.

本领域技术人员可以理解,图1中示出的结构并不构成对固件处理设备的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件布置。Those skilled in the art will appreciate that the structure shown in FIG. 1 does not constitute a limitation on the firmware processing device, and may include more or fewer components than shown in the figure, or a combination of certain components, or a different arrangement of components.

如图1所示,作为一种存储介质的存储器1005中可以包括操作系统、数据存储模块、网络通信模块、用户接口模块以及固件生成程序或者固件更新程序。As shown in FIG. 1 , the memory 1005 as a storage medium may include an operating system, a data storage module, a network communication module, a user interface module, and a firmware generation program or a firmware update program.

在图1所示的固件处理设备中,网络接口1004主要用于与其他设备进行数据通信;用户接口1003主要用于与用户进行数据交互;本发明……设备中的处理器1001、存储器1005可以设置在固件处理设备中,所述固件处理设备通过处理器1001调用存储器1005中存储的固件处理程序,并执行本发明实施例提供的固件生成方法或者固件更新方法。In the firmware processing device shown in FIG1 , the network interface 1004 is mainly used for data communication with other devices; the user interface 1003 is mainly used for data interaction with the user; the processor 1001 and the memory 1005 in the device of the present invention can be set in the firmware processing device, and the firmware processing device calls the firmware processing program stored in the memory 1005 through the processor 1001, and executes the firmware generation method or the firmware update method provided in the embodiment of the present invention.

可以理解是,在硬件设备的功能和需求发生变化时,硬件设备中的固件也需要对应更新。例如,市面上现有固件通常会改进稳定性和安全性或者增强功能。具体来说,固件更新可以通过优化代码、改进算法或修复错误来提高加速卡的性能和兼容性。随着技术的发展,厂商可能会发布新的固件版本来提供更好的性能。It is understandable that when the functions and requirements of hardware devices change, the firmware in the hardware devices also needs to be updated accordingly. For example, existing firmware on the market usually improves stability and security or enhances functionality. Specifically, firmware updates can improve the performance and compatibility of accelerator cards by optimizing code, improving algorithms, or fixing bugs. As technology develops, manufacturers may release new firmware versions to provide better performance.

固件一般主要包括镜像文件和加载启动文件,镜像文件中主要包括更新后的软件程序代码,加载启动文件主要用于控制镜像文件的加载和启动过程,从而完成固件的更新过程。为了保证固件更新的成功率,需要对固件中镜像文件和加载启动文件完整性进行校验,如果镜像文件和加载启动文件的完整性遭到损坏,则会影响固件的更新过程,导致固件更新失败或者硬件设备死机或瘫痪等情况。另外,更新未经过签名验证的固件可能带来安全风险、性能问题、可信性和完整性问题以及维护和支持问题。缺乏签名验证的固件可能包含恶意代码或漏洞,导致系统受到安全漏洞威胁,并且可能导致性能下降或不稳定。此外,非验证签名固件更新可能增加维护和支持的难度。为了确保固件更新的安全性和成功率,固件应经过签名验证。Firmware generally mainly includes image files and loading startup files. The image files mainly include the updated software program code, and the loading startup files are mainly used to control the loading and startup process of the image files, thereby completing the firmware update process. In order to ensure the success rate of firmware updates, it is necessary to verify the integrity of the image files and loading startup files in the firmware. If the integrity of the image files and loading startup files is damaged, it will affect the firmware update process, resulting in firmware update failure or hardware device freeze or paralysis. In addition, updating firmware that has not been signature verified may bring security risks, performance issues, credibility and integrity issues, and maintenance and support issues. Firmware that lacks signature verification may contain malicious code or vulnerabilities, causing the system to be threatened by security vulnerabilities and may cause performance degradation or instability. In addition, non-verified signature firmware updates may increase the difficulty of maintenance and support. In order to ensure the security and success rate of firmware updates, firmware should be signature verified.

为了克服相关技术中的缺陷,本申请提供了采用在固件生成和更新过程中采用签名验证的方式检验固件中镜像文件和加载启动文件的完整性。而通过签名验证后的固件能够确保固件中镜像文件和加载启动文件的完整性,这提升了固件更新的成功率和安全性。具体的,本申请在固件生成时,首先获取镜像文件、加载启动文件和一对关键值;所述一对关键值包括互相匹配的第一key值和第二key值;然后采用安全保真校验法对所述镜像文件和加载启动文件进行校验,得到第一校验值,同时采用所述第一key值对所述第一校验值进行签名,得到第一签名;最后将所述镜像文件、加载启动文件、第一签名以及第二key值封装成待更新固件;其中,所述第一签名以及第二key值,可以用于在固件更新过程中验证所述镜像文件和加载启动文件的完整性,从而保证固件更新的成功率。In order to overcome the defects in the related art, the present application provides a method of using signature verification in the firmware generation and update process to check the integrity of the image file and the loading startup file in the firmware. The firmware after signature verification can ensure the integrity of the image file and the loading startup file in the firmware, which improves the success rate and security of the firmware update. Specifically, when the firmware is generated, the present application first obtains the image file, the loading startup file and a pair of key values; the pair of key values includes a first key value and a second key value that match each other; then the image file and the loading startup file are verified by a security fidelity verification method to obtain a first verification value, and the first verification value is signed by the first key value to obtain a first signature; finally, the image file, the loading startup file, the first signature and the second key value are encapsulated into the firmware to be updated; wherein the first signature and the second key value can be used to verify the integrity of the image file and the loading startup file during the firmware update process, thereby ensuring the success rate of the firmware update.

本发明实施例提供了一种固件生成方法,参照图2,图2为本发明实施例提供的固件生成方法流程示意图。An embodiment of the present invention provides a firmware generation method. Referring to FIG. 2 , FIG. 2 is a schematic flow chart of the firmware generation method provided by the embodiment of the present invention.

本实施例中,所述固件生成方法包括:In this embodiment, the firmware generation method includes:

步骤S201、获取镜像文件、加载启动文件和一对关键值;所述一对关键值包括互相匹配的第一key值和第二key值。Step S201, obtaining an image file, loading a startup file and a pair of key values; the pair of key values includes a first key value and a second key value that match each other.

本实施例中,首先在授信环境下获取一个密钥对;由于密钥对中可能存在特殊字符等信息,影响签名验证,因此本实施例中对所述密钥对中的私钥进行转换,得到所述第一key值;对所述密钥对中的公钥进行转换,得到所述第二key值。例如,在一个安全的离线环境中,由芯片制造商或其他授信机构生成一对关键值。第二key值用于加密和验证签名,而第一key值只在授信区域内被安全保存,用于生成数字签名。In this embodiment, a key pair is first obtained in a trusted environment; since the key pair may contain special characters and other information that affect signature verification, in this embodiment, the private key in the key pair is converted to obtain the first key value; the public key in the key pair is converted to obtain the second key value. For example, in a secure offline environment, a pair of key values is generated by a chip manufacturer or other trusted institution. The second key value is used to encrypt and verify the signature, while the first key value is only securely stored in the trusted area and used to generate a digital signature.

在一种实施例中,可以先生成PKI(Public KeyInfrastructure)树,所述私钥、公钥为PKI树上的密钥对,然后对私钥和密钥分别进行进行base64转换得到第一key值和第二key值。In one embodiment, a PKI (Public Key Infrastructure) tree may be generated first, the private key and the public key are a key pair on the PKI tree, and then the private key and the secret key are respectively converted into base64 to obtain a first key value and a second key value.

步骤S202、采用安全保真校验法对所述镜像文件和加载启动文件进行校验,得到第一校验值。Step S202: Use a security and fidelity verification method to verify the image file and the loaded startup file to obtain a first verification value.

在一种实施例中,采用AI算力组件库中的AmzXL中的trform-model对所述镜像文件和加载启动文件进行哈希校验,得到所述第一校验值。该第一校验值是根据镜像文件和加载启动文件生成的唯一标识符。In one embodiment, the image file and the loading startup file are hash-checked using the trform-model in AmzXL in the AI computing component library to obtain the first check value. The first check value is a unique identifier generated based on the image file and the loading startup file.

示例性的,在通过hash函数计算得到初始校验值后,可以在启动过程中结合AI算力组件库中的AmzXL中的trform-model(原用于back-flow数据模型)来计算当前加载的引导镜像的最优校验值,若非最优校验值,重复进行计算以得到当前镜像文件的最优校验值,如若得到最优校验值,那么就可以确认当前的镜像文件没有遭到篡改。Exemplarily, after the initial check value is calculated by the hash function, the optimal check value of the currently loaded boot image can be calculated during the startup process in combination with the trform-model (originally used for the back-flow data model) in AmzXL in the AI computing power component library. If it is not the optimal check value, the calculation is repeated to obtain the optimal check value of the current image file. If the optimal check value is obtained, it can be confirmed that the current image file has not been tampered with.

本实施例中通过“安全保真校验”生成的第一校验值相较哈希函数生成的固定长度的校验值更具安全性,可以防篡改,保证镜像文件的完整性和传输过程中的安全性。In this embodiment, the first check value generated by the "security fidelity check" is more secure than the fixed-length check value generated by the hash function, can prevent tampering, and ensure the integrity of the image file and the security during the transmission process.

步骤S203、采用所述第一key值对所述第一校验值进行签名,得到第一签名。Step S203: Use the first key value to sign the first verification value to obtain a first signature.

可以理解的是,采用所述第一key值对所述第一校验值进行签名,相当于采用私钥对第一校验值进行签名。It can be understood that using the first key value to sign the first verification value is equivalent to using a private key to sign the first verification value.

其中,第一key值一般在授信区域内安全保存,确保只有授权的硬件设备才能够生成有效的第一签名。Among them, the first key value is generally safely stored in the trusted area to ensure that only authorized hardware devices can generate a valid first signature.

具体的,可以将上述的步骤S202中的校验过程和步骤S203中的签名过程打包为一个签名工具,其实质为一个软件签名功能模块,采用该签名工具可以对输入的固件相关文件进行验证和签名。Specifically, the verification process in the above step S202 and the signing process in the above step S203 can be packaged into a signature tool, which is essentially a software signature function module. The signature tool can be used to verify and sign the input firmware related files.

步骤S204、将所述镜像文件、加载启动文件、第一签名以及第二key值封装成待更新固件;所述第一签名以及第二key值,用于验证所述镜像文件和加载启动文件的完整性。Step S204: encapsulate the image file, the loading startup file, the first signature and the second key value into the firmware to be updated; the first signature and the second key value are used to verify the integrity of the image file and the loading startup file.

在一种实施例中,在授信环境下将所述镜像文件、加载启动文件、第一签名以及第二key值封装成待更新固件,具体的,可以将第一签名以及第二key值存储在一次性可编程存储器中。In one embodiment, the image file, the loading startup file, the first signature and the second key value are packaged into the firmware to be updated in a trusted environment. Specifically, the first signature and the second key value can be stored in a one-time programmable memory.

在一种实施例中,还可以采用哈希函数对第二key值进行校验,得到该第二key值的第一哈希校验值,将该第二key值的第一哈希校验值存储在一次性可编程存储器。In one embodiment, a hash function may be used to verify the second key value to obtain a first hash verification value of the second key value, and the first hash verification value of the second key value may be stored in a one-time programmable memory.

可以看出,依据本实施例提供的固件生成方法,在固件生成时,首先获取镜像文件、加载启动文件和一对关键值;所述一对关键值包括互相匹配的第一key值和第二key值;然后采用安全保真校验法对所述镜像文件和加载启动文件进行校验,得到第一校验值,同时采用所述第一key值对所述第一校验值进行签名,得到第一签名;最后将所述镜像文件、加载启动文件、第一签名以及第二key值封装成待更新固件;其中,所述第一签名以及第二key值,可以用于在固件更新过程中验证所述镜像文件和加载启动文件的完整性,从而保证固件更新的成功率。It can be seen that according to the firmware generation method provided in this embodiment, when the firmware is generated, firstly, an image file, a loading startup file and a pair of key values are obtained; the pair of key values includes a first key value and a second key value that match each other; then, a security fidelity verification method is used to verify the image file and the loading startup file to obtain a first verification value, and at the same time, the first verification value is signed using the first key value to obtain a first signature; finally, the image file, the loading startup file, the first signature and the second key value are encapsulated into the firmware to be updated; wherein, the first signature and the second key value can be used to verify the integrity of the image file and the loading startup file during the firmware update process, thereby ensuring the success rate of the firmware update.

基于上述实施例提供的固件生成方法,以下提供一种与上述固件生成方法对应的固件更新方法。Based on the firmware generation method provided in the above embodiment, a firmware update method corresponding to the above firmware generation method is provided below.

进一步的,参照图3,图3为本发明实施例提供的固件更新方法流程示意图,所述固件更新方法包括:Further, referring to FIG. 3 , FIG. 3 is a schematic flow chart of a firmware update method provided by an embodiment of the present invention, wherein the firmware update method comprises:

步骤S301、接收待更新固件,所述待更新固件包括镜像文件、加载启动文件、第一签名以及第二key值。Step S301: receiving a firmware to be updated, wherein the firmware to be updated includes an image file, a loading startup file, a first signature, and a second key value.

图4为本发明实施例提供用于更新固件的硬件设备结构示意图,请参见图4所示,硬件设备一般可以包括更新响应模块401、读取启动标志模块402、接收待更新固件模块403、验证模块404、更新运行模块405。Figure 4 is a schematic diagram of the hardware device structure for updating firmware provided in an embodiment of the present invention. As shown in Figure 4, the hardware device may generally include an update response module 401, a start flag reading module 402, a firmware receiving module 403 to be updated, a verification module 404, and an update operation module 405.

其中,更新响应模块401,用于接收输入的更新请求,读取启动标志模块402,用于读取待更新固件中的启动标志;接收待更新固件模块403,用于接收待更新固件的数据包,一般数据包包括镜像文件、加载启动文件、第一签名以及第二key值等信息,验证模块404用于对待更新固件中镜像文件、加载启动文件等信息的完整性和安全性进行验证;更新运行模块405,用于运行验证通过的待更新固件的程序,以实现固件更新。Among them, the update response module 401 is used to receive the input update request, the read startup flag module 402 is used to read the startup flag in the firmware to be updated; the receiving firmware to be updated module 403 is used to receive the data packet of the firmware to be updated, and the general data packet includes information such as the image file, the loading startup file, the first signature and the second key value; the verification module 404 is used to verify the integrity and security of the image file, the loading startup file and other information in the firmware to be updated; the update operation module 405 is used to run the program of the firmware to be updated that has passed the verification to realize the firmware update.

在一种实施例中,硬件设备接收到下载或者推送的待更新固件,该待更新固件主要包括镜像文件、加载启动文件、第一签名以及第二key值。In one embodiment, the hardware device receives a downloaded or pushed firmware to be updated, where the firmware to be updated mainly includes an image file, a loading startup file, a first signature, and a second key value.

其中,对密钥对中的私钥进行转换,得到第一key值,第一key值用于在生成固件时对第一校验值进行签名,得到第一签名。对所述密钥对中的公钥进行转换,得到所述第二key值,第二key值用于验证签名。The private key in the key pair is converted to obtain a first key value, which is used to sign the first verification value when generating the firmware to obtain a first signature. The public key in the key pair is converted to obtain the second key value, which is used to verify the signature.

步骤S302、获取所述待更新固件中包括的镜像文件和加载启动文件,采用安全保真校验法对所述镜像文件和加载启动文件进行校验,得到第二校验值。Step S302: obtaining the image file and the loading startup file included in the firmware to be updated, and verifying the image file and the loading startup file using a security fidelity verification method to obtain a second verification value.

一般的,获取接收到的待更新固件之后,对待更新固件进行解析即可获取待更新固件中包括的镜像文件、加载启动文件、第一签名以及第二key值。Generally, after the received firmware to be updated is obtained, the firmware to be updated is parsed to obtain the image file, the loading startup file, the first signature and the second key value included in the firmware to be updated.

其中,采用安全保真校验法对所述镜像文件和加载启动文件进行校验,得到第二校验值,具体包括:The image file and the loaded startup file are verified by using a security fidelity verification method to obtain a second verification value, which specifically includes:

采用AI算力组件库中的AmzXL中的trform-model对所述镜像文件和加载启动文件进行哈希校验,得到所述第二校验值。The trform-model in AmzXL in the AI computing power component library is used to perform hash verification on the image file and the loaded startup file to obtain the second verification value.

步骤S303、获取所述待更新固件中包括第二key值,对所述第二key值进行安全验证,在验证通过的情况下,采用所述第二key值对所述第二校验值进行签名,得到第二签名。Step S303: Obtain a second key value included in the firmware to be updated, perform security verification on the second key value, and if the verification passes, use the second key value to sign the second check value to obtain a second signature.

在一种实施例中,在获取待更新固件中包括第二key值之后,首先对该第二key值进行安全验证,确定该第二key值是否发生篡改,如果该第二key值发生篡改,则会影响验签时候生成的第二签名的准确性,从而影响对镜像文件和加载启动文件完整性检测的准确性。In one embodiment, after obtaining the second key value included in the firmware to be updated, the second key value is firstly security verified to determine whether the second key value has been tampered with. If the second key value has been tampered with, it will affect the accuracy of the second signature generated during the signature verification, thereby affecting the accuracy of the integrity detection of the image file and the loaded startup file.

在一种实施例中,在对第二key值进行安全验证时,可以首先对采用哈希函数获取该第二key值的第二哈希校验值,然后获取一次性可编程存储器中存储的第一哈希校验值,将该第二哈希校验值和第一哈希校验值进行比较,若两者匹配,例如两者一致,则确定对该第二key值进行安全验证通过,即确定该第二key值未发生篡改。In one embodiment, when performing security verification on the second key value, a second hash check value of the second key value can be first obtained by using a hash function, and then the first hash check value stored in the one-time programmable memory is obtained, and the second hash check value is compared with the first hash check value. If the two match, for example, the two are consistent, it is determined that the security verification of the second key value has passed, that is, it is determined that the second key value has not been tampered with.

在一种实施例中,在验证通过的情况下,采用所述第二key值对所述第二校验值进行签名,得到第二签名。In one embodiment, when the verification passes, the second verification value is signed using the second key value to obtain a second signature.

步骤S304、确定所述第一签名和所述第二签名是否匹配,若匹配,则确定所述待更新固件校验通过。Step S304: determine whether the first signature and the second signature match; if they do, determine that the firmware to be updated passes verification.

可以理解的是,由于本实施例中的第一key值和第二key值是互相匹配的一对密钥生成的,因此在镜像文件和加载启动文件未发生篡改或者损坏的情况下,采用第一key值和第二key值分别获取的第一签名和所述第二签名也应该可以相互匹配。因此,在启动固件更新程序之前,首先确定第一签名和所述第二签名是否匹配,若匹配,则确定待更新固件校验通过,即确定镜像文件和加载启动文件未发生篡改或者损坏,可以保证固件更新的安全性和成功率。It can be understood that, since the first key value and the second key value in this embodiment are generated by a pair of keys that match each other, the first signature and the second signature obtained using the first key value and the second key value should also match each other when the image file and the loading startup file have not been tampered with or damaged. Therefore, before starting the firmware update program, it is first determined whether the first signature and the second signature match. If they match, it is determined that the firmware to be updated has passed the verification, that is, it is determined that the image file and the loading startup file have not been tampered with or damaged, which can ensure the security and success rate of the firmware update.

在一种实施例中,在所述待更新固件校验通过的情况下,即确定镜像文件和加载启动文件未发生篡改或者损坏的情况下,将所述待更新固件更新至当前硬件设备上。具体的,可以运行加载启动文件以将镜像文件更新至当前硬件设备上。In one embodiment, when the firmware to be updated passes the verification, that is, when it is determined that the image file and the loading startup file have not been tampered with or damaged, the firmware to be updated is updated to the current hardware device. Specifically, the loading startup file can be run to update the image file to the current hardware device.

在一种实施例中,在确定所述第一签名和所述第二签名是否匹配之后,还将第一签名和所述第二签名是否匹配的结果更新至固件更新日志中,例如记录签名验证的结果和相关信息,将其存储在审计日志中,方便后续的追溯和查看,这样可以轻松追溯和检查升级固件的来源、有效性和完整性。In one embodiment, after determining whether the first signature and the second signature match, the result of whether the first signature and the second signature match is also updated to the firmware update log, such as recording the result of signature verification and related information, and storing it in the audit log to facilitate subsequent tracing and viewing, so that the source, validity and integrity of the upgraded firmware can be easily traced and checked.

可以看出,依据本实施例提供的固件更新方法,在固件更新时,硬件设备接收待更新固件之后,首先获取所述待更新固件中包括的镜像文件和加载启动文件,采用安全保真校验法对所述镜像文件和加载启动文件进行校验,得到第二校验值;然后获取所述待更新固件中包括第二key值,对所述第二key值进行安全验证,在验证通过的情况下,采用所述第二key值对所述第二校验值进行签名,得到第二签名;最后确定所述第一签名和所述第二签名是否匹配,根据匹配结果即可确定镜像文件和加载启动文件是否遭到篡改或损坏,保证了固件更新时的安全性和成功率。It can be seen that according to the firmware update method provided in this embodiment, when the firmware is updated, after the hardware device receives the firmware to be updated, it first obtains the image file and the loading startup file included in the firmware to be updated, and uses a security fidelity verification method to verify the image file and the loading startup file to obtain a second verification value; then obtains the second key value included in the firmware to be updated, performs security verification on the second key value, and if the verification passes, uses the second key value to sign the second verification value to obtain a second signature; finally, it determines whether the first signature and the second signature match, and according to the matching result, it can be determined whether the image file and the loading startup file have been tampered with or damaged, thereby ensuring the security and success rate of the firmware update.

以下对本申请提供的固件生成装置进行进一步的说明,以下提供的固件生成装置可以和上述提供的固件生成方法参照对应。The firmware generation device provided in the present application is further described below. The firmware generation device provided below can refer to and correspond to the firmware generation method provided above.

图5为本申请实施例提供的固件生成装置结构示意图,请参见图5所示,该固件生成装置包括:FIG5 is a schematic diagram of the structure of a firmware generation device provided in an embodiment of the present application. Referring to FIG5 , the firmware generation device includes:

获取单元501,用于获取镜像文件、加载启动文件和一对关键值;所述一对关键值包括互相匹配的第一key值和第二key值;An acquisition unit 501 is used to acquire an image file, load a startup file and a pair of key values; the pair of key values includes a first key value and a second key value that match each other;

校验单元502,用于采用安全保真校验法对所述镜像文件和加载启动文件进行校验,得到第一校验值;A verification unit 502 is used to verify the image file and the loaded startup file using a security and fidelity verification method to obtain a first verification value;

签名单元503,用于采用所述第一key值对所述第一校验值进行签名,得到第一签名;A signature unit 503, configured to sign the first verification value using the first key value to obtain a first signature;

封装单元504,用于将所述镜像文件、加载启动文件、第一签名以及第二key值封装成待更新固件;所述第一签名以及第二key值,用于验证所述镜像文件和加载启动文件的完整性。The encapsulation unit 504 is used to encapsulate the image file, the loading startup file, the first signature and the second key value into the firmware to be updated; the first signature and the second key value are used to verify the integrity of the image file and the loading startup file.

在一种实施例中,固件生成装置还包括:In one embodiment, the firmware generation device further includes:

key值生成单元,用于在授信环境下获取一个密钥对;对所述密钥对中的私钥进行转换,得到所述第一key值;对所述密钥对中的公钥进行转换,得到所述第二key值。The key value generation unit is used to obtain a key pair in a trusted environment; convert the private key in the key pair to obtain the first key value; and convert the public key in the key pair to obtain the second key value.

在一种实施例中,校验单元502具体用于:In one embodiment, the verification unit 502 is specifically configured to:

采用AI算力组件库中的AmzXL中的trform-model对所述镜像文件和加载启动文件进行哈希校验,得到所述第一校验值。The trform-model in AmzXL in the AI computing power component library is used to perform hash verification on the image file and the loaded startup file to obtain the first verification value.

本申请实施例还提供一种固件处理设备,所述设备包括:存储器、处理器及存储在所述存储器上并可在所述处理器上运行的计算机程序,所述计算机程序配置为实现如上所述固件生成方法的步骤;或者所述计算机程序配置为实现如上所述固件更新方法的步骤。其中,所述固件生成方法,包括:获取镜像文件、加载启动文件和一对关键值;所述一对关键值包括互相匹配的第一key值和第二key值;采用安全保真校验法对所述镜像文件和加载启动文件进行校验,得到第一校验值;采用所述第一key值对所述第一校验值进行签名,得到第一签名;将所述镜像文件、加载启动文件、第一签名以及第二key值封装成待更新固件;所述第一签名以及第二key值,用于在验证所述镜像文件和加载启动文件的完整性。其中,所述固件更新方法包括:接收待更新固件,所述待更新固件包括镜像文件、加载启动文件、第一签名以及第二key值;获取所述待更新固件中包括的镜像文件和加载启动文件,采用安全保真校验法对所述镜像文件和加载启动文件进行校验,得到第二校验值;获取所述待更新固件中包括第二key值,对所述第二key值进行安全验证,在验证通过的情况下,采用所述第二key值对所述第二校验值进行签名,得到第二签名;确定所述第一签名和所述第二签名是否匹配,若匹配,则确定所述待更新固件校验通过。The embodiment of the present application also provides a firmware processing device, the device comprising: a memory, a processor, and a computer program stored in the memory and executable on the processor, the computer program being configured to implement the steps of the firmware generation method as described above; or the computer program being configured to implement the steps of the firmware update method as described above. The firmware generation method comprises: obtaining an image file, loading a startup file, and a pair of key values; the pair of key values comprises a first key value and a second key value that match each other; using a security fidelity verification method to verify the image file and the loading startup file to obtain a first verification value; using the first key value to sign the first verification value to obtain a first signature; encapsulating the image file, the loading startup file, the first signature, and the second key value into a firmware to be updated; the first signature and the second key value are used to verify the integrity of the image file and the loading startup file. The firmware update method includes: receiving firmware to be updated, wherein the firmware to be updated includes an image file, a loading startup file, a first signature and a second key value; obtaining the image file and the loading startup file included in the firmware to be updated, and verifying the image file and the loading startup file using a security fidelity verification method to obtain a second verification value; obtaining the second key value included in the firmware to be updated, performing security verification on the second key value, and if the verification passes, signing the second verification value using the second key value to obtain a second signature; determining whether the first signature and the second signature match, and if they match, determining that the firmware to be updated passes the verification.

本申请实施例还提供一种存储介质,所述存储介质上存储有计算机程序,所述计算机程序被处理器执行时实现如上所述固件生成方法的步骤;或者所述计算机程序配置为实现如上所述固件更新方法的步骤。其中,所述固件生成方法,包括:获取镜像文件、加载启动文件和一对关键值;所述一对关键值包括互相匹配的第一key值和第二key值;采用安全保真校验法对所述镜像文件和加载启动文件进行校验,得到第一校验值;采用所述第一key值对所述第一校验值进行签名,得到第一签名;将所述镜像文件、加载启动文件、第一签名以及第二key值封装成待更新固件;所述第一签名以及第二key值,用于验证所述镜像文件和加载启动文件的完整性。其中,所述固件更新方法包括:接收待更新固件,所述待更新固件包括镜像文件、加载启动文件、第一签名以及第二key值;获取所述待更新固件中包括的镜像文件和加载启动文件,采用安全保真校验法对所述镜像文件和加载启动文件进行校验,得到第二校验值;获取所述待更新固件中包括第二key值,对所述第二key值进行安全验证,在验证通过的情况下,采用所述第二key值对所述第二校验值进行签名,得到第二签名;确定所述第一签名和所述第二签名是否匹配,若匹配,则确定所述待更新固件校验通过。The embodiment of the present application also provides a storage medium, on which a computer program is stored, and when the computer program is executed by a processor, the steps of the firmware generation method described above are implemented; or the computer program is configured to implement the steps of the firmware update method described above. Wherein, the firmware generation method includes: obtaining an image file, loading a startup file and a pair of key values; the pair of key values includes a first key value and a second key value that match each other; using a security fidelity verification method to verify the image file and the loading startup file to obtain a first verification value; using the first key value to sign the first verification value to obtain a first signature; encapsulating the image file, the loading startup file, the first signature and the second key value into the firmware to be updated; the first signature and the second key value are used to verify the integrity of the image file and the loading startup file. The firmware update method includes: receiving firmware to be updated, wherein the firmware to be updated includes an image file, a loading startup file, a first signature and a second key value; obtaining the image file and the loading startup file included in the firmware to be updated, and verifying the image file and the loading startup file using a security fidelity verification method to obtain a second verification value; obtaining the second key value included in the firmware to be updated, performing security verification on the second key value, and if the verification passes, signing the second verification value using the second key value to obtain a second signature; determining whether the first signature and the second signature match, and if they match, determining that the firmware to be updated passes the verification.

本发明实施例还提供一种计算机程序产品,所述计算机程序产品包括计算机程序,所述计算机程序被处理器执行时实现如上所述固件生成方法的步骤;或者所述计算机程序配置为实现如上所述固件更新方法的步骤。其中,所述固件生成方法,包括:获取镜像文件、加载启动文件和一对关键值;所述一对关键值包括互相匹配的第一key值和第二key值;采用安全保真校验法对所述镜像文件和加载启动文件进行校验,得到第一校验值;采用所述第一key值对所述第一校验值进行签名,得到第一签名;将所述镜像文件、加载启动文件、第一签名以及第二key值封装成待更新固件;所述第一签名以及第二key值,用于验证所述镜像文件和加载启动文件的完整性。其中,所述固件更新方法包括:接收待更新固件,所述待更新固件包括镜像文件、加载启动文件、第一签名以及第二key值;获取所述待更新固件中包括的镜像文件和加载启动文件,采用安全保真校验法对所述镜像文件和加载启动文件进行校验,得到第二校验值;获取所述待更新固件中包括第二key值,对所述第二key值进行安全验证,在验证通过的情况下,采用所述第二key值对所述第二校验值进行签名,得到第二签名;确定所述第一签名和所述第二签名是否匹配,若匹配,则确定所述待更新固件校验通过。An embodiment of the present invention also provides a computer program product, the computer program product includes a computer program, and when the computer program is executed by a processor, the steps of the firmware generation method described above are implemented; or the computer program is configured to implement the steps of the firmware update method described above. The firmware generation method includes: obtaining an image file, a loading startup file, and a pair of key values; the pair of key values includes a first key value and a second key value that match each other; using a security fidelity verification method to verify the image file and the loading startup file to obtain a first verification value; using the first key value to sign the first verification value to obtain a first signature; encapsulating the image file, the loading startup file, the first signature, and the second key value into the firmware to be updated; the first signature and the second key value are used to verify the integrity of the image file and the loading startup file. The firmware update method includes: receiving firmware to be updated, wherein the firmware to be updated includes an image file, a loading startup file, a first signature and a second key value; obtaining the image file and the loading startup file included in the firmware to be updated, and verifying the image file and the loading startup file using a security fidelity verification method to obtain a second verification value; obtaining the second key value included in the firmware to be updated, performing security verification on the second key value, and if the verification passes, signing the second verification value using the second key value to obtain a second signature; determining whether the first signature and the second signature match, and if they match, determining that the firmware to be updated passes the verification.

需要说明的是,在本文中,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者系统不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者系统所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括该要素的过程、方法、物品或者系统中还存在另外的相同要素。It should be noted that, in this article, the terms "include", "comprises" or any other variations thereof are intended to cover non-exclusive inclusion, so that a process, method, article or system including a series of elements includes not only those elements, but also other elements not explicitly listed, or also includes elements inherent to such process, method, article or system. In the absence of further restrictions, an element defined by the sentence "comprises a ..." does not exclude the existence of other identical elements in the process, method, article or system including the element.

上述本发明实施例序号仅仅为了描述,不代表实施例的优劣。The serial numbers of the above embodiments of the present invention are only for description and do not represent the advantages or disadvantages of the embodiments.

通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到上述实施例方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在如上所述的一个存储介质(如ROM/RAM、磁碟、光盘)中,包括若干指令用以使得一台终端设备(可以是手机,计算机,服务器,或者网络设备等)执行本发明各个实施例所述的方法。Through the description of the above implementation methods, those skilled in the art can clearly understand that the above-mentioned embodiment methods can be implemented by means of software plus a necessary general hardware platform, and of course by hardware, but in many cases the former is a better implementation method. Based on such an understanding, the technical solution of the present invention is essentially or the part that contributes to the prior art can be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) as described above, and includes a number of instructions for a terminal device (which can be a mobile phone, a computer, a server, or a network device, etc.) to execute the methods described in each embodiment of the present invention.

以上仅为本发明的优选实施例,并非因此限制本发明的专利范围,凡是利用本发明说明书及附图内容所作的等效结构或等效流程变换,或直接或间接运用在其他相关的技术领域,均同理包括在本发明的专利保护范围内。The above are only preferred embodiments of the present invention, and are not intended to limit the patent scope of the present invention. Any equivalent structure or equivalent process transformation made using the contents of the present invention specification and drawings, or directly or indirectly applied in other related technical fields, are also included in the patent protection scope of the present invention.

Claims (11)

1.一种固件生成方法,其特征在于,包括:1. A firmware generation method, comprising: 获取镜像文件、加载启动文件和一对关键值;所述一对关键值包括互相匹配的第一key值和第二key值;Obtain an image file, load a startup file and a pair of key values; the pair of key values includes a first key value and a second key value that match each other; 采用安全保真校验法对所述镜像文件和加载启动文件进行校验,得到第一校验值;Using a security and fidelity verification method to verify the image file and the loaded startup file to obtain a first verification value; 采用所述第一key值对所述第一校验值进行签名,得到第一签名;Sign the first verification value using the first key value to obtain a first signature; 将所述镜像文件、加载启动文件、第一签名以及第二key值封装成待更新固件;所述第一签名以及第二key值,用于验证所述镜像文件和加载启动文件的完整性。The image file, the loading startup file, the first signature and the second key value are encapsulated into the firmware to be updated; the first signature and the second key value are used to verify the integrity of the image file and the loading startup file. 2.如权利要求1所述的固件生成方法,其特征在于,在获取镜像文件、加载启动文件和一对关键值之前,还包括:2. The firmware generation method according to claim 1, characterized in that before obtaining the image file, loading the startup file and a pair of key values, it also includes: 在授信环境下获取一个密钥对;Obtain a key pair in a trusted environment; 对所述密钥对中的私钥进行转换,得到所述第一key值;对所述密钥对中的公钥进行转换,得到所述第二key值。The private key in the key pair is converted to obtain the first key value; the public key in the key pair is converted to obtain the second key value. 3.如权利要求1或2所述的固件生成方法,其特征在于,所述采用安全保真校验法对所述镜像文件和加载启动文件进行校验,得到第一校验值,包括:3. The firmware generation method according to claim 1 or 2, characterized in that the adopting of a security fidelity verification method to verify the image file and the loaded startup file to obtain a first verification value comprises: 采用AI算力组件库中的AmzXL中的trform-model对所述镜像文件和加载启动文件进行哈希校验,得到所述第一校验值。The trform-model in AmzXL in the AI computing power component library is used to perform hash verification on the image file and the loaded startup file to obtain the first verification value. 4.一种固件更新方法,所述固件采用如权利要求1-3中任一项所述固件生成方法所生成,其特征在于,所述固件更新方法包括:4. A firmware update method, wherein the firmware is generated by the firmware generation method according to any one of claims 1 to 3, wherein the firmware update method comprises: 接收待更新固件,所述待更新固件包括镜像文件、加载启动文件、第一签名以及第二key值;Receive a firmware to be updated, wherein the firmware to be updated includes an image file, a loading startup file, a first signature, and a second key value; 获取所述待更新固件中包括的镜像文件和加载启动文件,采用安全保真校验法对所述镜像文件和加载启动文件进行校验,得到第二校验值;Obtaining an image file and a loading startup file included in the firmware to be updated, and verifying the image file and the loading startup file using a security fidelity verification method to obtain a second verification value; 获取所述待更新固件中包括第二key值,对所述第二key值进行安全验证,在验证通过的情况下,采用所述第二key值对所述第二校验值进行签名,得到第二签名;Obtaining a second key value included in the firmware to be updated, performing security verification on the second key value, and if the verification passes, using the second key value to sign the second check value to obtain a second signature; 确定所述第一签名和所述第二签名是否匹配,若匹配,则确定所述待更新固件校验通过。Determine whether the first signature and the second signature match, and if so, determine that the firmware to be updated passes verification. 5.如权利要求3所述的固件更新方法,其特征在于,还包括:5. The firmware update method according to claim 3, further comprising: 在所述待更新固件校验通过的情况下,将所述待更新固件更新至当前设备上。When the firmware to be updated passes the verification, the firmware to be updated is updated to the current device. 6.如权利要求4或5所述的固件更新方法,其特征在于,所述采用安全保真校验法对所述镜像文件和加载启动文件进行校验,得到第二校验值,包括:6. The firmware update method according to claim 4 or 5, characterized in that the adopting of a security fidelity verification method to verify the image file and the loaded startup file to obtain a second verification value comprises: 采用AI算力组件库中的AmzXL中的trform-model对所述镜像文件和加载启动文件进行哈希校验,得到所述第二校验值。The trform-model in AmzXL in the AI computing power component library is used to perform hash verification on the image file and the loaded startup file to obtain the second verification value. 7.如权利要求4或5所述的固件更新方法,其特征在于,在确定所述第一签名和所述第二签名是否匹配之后,还包括:7. The firmware update method according to claim 4 or 5, characterized in that after determining whether the first signature and the second signature match, it also includes: 将第一签名和所述第二签名是否匹配的结果更新至固件更新日志中。The result of whether the first signature and the second signature match is updated in the firmware update log. 8.一种固件生成装置,其特征在于,包括:8. A firmware generation device, comprising: 获取单元,用于获取镜像文件、加载启动文件和一对关键值;所述一对关键值包括互相匹配的第一key值和第二key值;An acquisition unit, used to acquire an image file, load a startup file and a pair of key values; the pair of key values includes a first key value and a second key value that match each other; 校验单元,用于采用安全保真校验法对所述镜像文件和加载启动文件进行校验,得到第一校验值;A verification unit, configured to verify the image file and the loaded startup file using a security and fidelity verification method to obtain a first verification value; 签名单元,用于采用所述第一key值对所述第一校验值进行签名,得到第一签名;A signature unit, configured to sign the first verification value using the first key value to obtain a first signature; 封装单元,用于将所述镜像文件、加载启动文件、第一签名以及第二key值封装成待更新固件;所述第一签名以及第二key值,用于验证所述镜像文件和加载启动文件的完整性。The encapsulation unit is used to encapsulate the image file, the loading startup file, the first signature and the second key value into the firmware to be updated; the first signature and the second key value are used to verify the integrity of the image file and the loading startup file. 9.一种固件处理设备,其特征在于,所述设备包括:存储器、处理器及存储在所述存储器上并可在所述处理器上运行的计算机程序,所述计算机程序配置为实现如权利要求1-3中任一项所述固件生成方法的步骤;或者所述计算机程序配置为实现如权利要求4-7中任一项所述固件更新方法的步骤。9. A firmware processing device, characterized in that the device comprises: a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the computer program is configured to implement the steps of the firmware generation method as described in any one of claims 1 to 3; or the computer program is configured to implement the steps of the firmware update method as described in any one of claims 4 to 7. 10.一种存储介质,其特征在于,所述存储介质上存储有计算机程序,所述计算机程序被处理器执行时实现如权利要求1-3中任一项所述固件生成方法的步骤;或者所述计算机程序配置为实现如权利要求4-7中任一项所述固件更新方法的步骤。10. A storage medium, characterized in that a computer program is stored on the storage medium, and when the computer program is executed by a processor, the steps of the firmware generation method as described in any one of claims 1 to 3 are implemented; or the computer program is configured to implement the steps of the firmware update method as described in any one of claims 4 to 7. 11.一种计算机程序产品,其特征在于,所述计算机程序产品包括计算机程序,所述计算机程序被处理器执行时实现如权利要求1-3中任一项所述固件生成方法的步骤;或者所述计算机程序配置为实现如权利要求4-7中任一项所述固件更新方法的步骤。11. A computer program product, characterized in that the computer program product comprises a computer program, and when the computer program is executed by a processor, the computer program implements the steps of the firmware generation method as described in any one of claims 1 to 3; or the computer program is configured to implement the steps of the firmware update method as described in any one of claims 4 to 7.
CN202410452240.9A 2024-04-15 2024-04-15 Firmware generation method, firmware update method and firmware processing device Pending CN118550561A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410452240.9A CN118550561A (en) 2024-04-15 2024-04-15 Firmware generation method, firmware update method and firmware processing device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410452240.9A CN118550561A (en) 2024-04-15 2024-04-15 Firmware generation method, firmware update method and firmware processing device

Publications (1)

Publication Number Publication Date
CN118550561A true CN118550561A (en) 2024-08-27

Family

ID=92447092

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410452240.9A Pending CN118550561A (en) 2024-04-15 2024-04-15 Firmware generation method, firmware update method and firmware processing device

Country Status (1)

Country Link
CN (1) CN118550561A (en)

Similar Documents

Publication Publication Date Title
US8560823B1 (en) Trusted modular firmware update using digital certificate
US8732445B2 (en) Information processing device, information processing method, information processing program, and integrated circuit
JP4854677B2 (en) Updating the memory content of the processing device
KR100998344B1 (en) Simple, configurable, secure boot for trusted mobile phones
US9477848B2 (en) System and method for managing and diagnosing a computing device equipped with unified extensible firmware interface (UEFI)-compliant firmware
WO2021249359A1 (en) Data integrity protection method and apparatus
US8392724B2 (en) Information terminal, security device, data protection method, and data protection program
CN108683502B (en) Digital signature verification method, medium and equipment
CN111475824B (en) Data access method, device, equipment and storage medium
CN112699419B (en) Method for safely executing extensible firmware application program and calculator equipment
US20080059799A1 (en) Mechanisms to control access to cryptographic keys and to attest to the approved configurations of computer platforms
US20220224546A1 (en) Software integrity protection method and apparatus, and software integrity verification method and apparatus
CN108229144B (en) Verification method of application program, terminal equipment and storage medium
CN109814934B (en) Data processing method, device, readable medium and system
CN114818012B (en) Linux file integrity measuring method based on white list
CN111400771A (en) Target partition checking method and device, storage medium and computer equipment
CN114675865A (en) Method and device for upgrading over-the-air technology, storage medium and terminal equipment
CN117786700A (en) Graphics card boot system, method and storage medium
CN117591195A (en) Method and device for starting target application and storage medium
CN117610083A (en) File verification method and device, electronic equipment and computer storage medium
CN118550561A (en) Firmware generation method, firmware update method and firmware processing device
CN115688120A (en) Secure chip firmware importing method, secure chip and computer readable storage medium
CN111625846A (en) Mobile terminal equipment and system state recording method
CN114662062A (en) Application program tampering detection method, device, equipment and storage medium
CN114297679B (en) Method for encrypted transmission and upgrading of mirror image

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination