CN105550586A - Trusted boot design method applicable to DSP environment - Google Patents
Trusted boot design method applicable to DSP environment Download PDFInfo
- Publication number
- CN105550586A CN105550586A CN201410592879.3A CN201410592879A CN105550586A CN 105550586 A CN105550586 A CN 105550586A CN 201410592879 A CN201410592879 A CN 201410592879A CN 105550586 A CN105550586 A CN 105550586A
- Authority
- CN
- China
- Prior art keywords
- code
- dsp
- environment
- binary code
- tlen
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 16
Landscapes
- Storage Device Security (AREA)
Abstract
The invention belongs to the embedded information security technical field, and especially relates to a trusted boot design method applicable to a DSP environment. The method comprises following steps: step 1, analyzing the valid binary code data in a DSP download file; step 2, generating an HMAC authentication code for the generated binary code, wherein SHA2 is a one-way hash algorithm and is used for generating the HMAC authentication code; step 3, encrypting the generated binary code; step 4, placing a file comprising ciphertext data, the code length tlen of the binary code and an integrity verifying reference value to an integrated development environment; and step 5, finishing a data decryption operation in the integrated development environment, and generating an HMAC authentication code, thus finishing the secure boot of software. The method of the invention has the advantage that a user software security problem is solved in the DSP environment without increasing hardware; and the software security is effectively improved.
Description
Technical field
The invention belongs to a kind of embedded field of information security technology, be specifically related to a kind of embedded credible and calculate and firmware safe guidance (bootloader) method, be applied to the scene that user software under DSP environment is higher to security requirement.
Background technology
Along with the development of Digital Signal Processing, increasing dsp chip is applied to every field.The data capability that DSP is powerful in embedded real-time process, good system stability, extensibility and the portability of software make DSP as also increasingly extensive in the application in the products such as Aeronautics and Astronautics in the field that some security requirements are higher, the security of dsp software also more and more comes into one's own, how better to ensure dsp software safety, become the problem that people pay close attention to.
Current DSP is mainly based on TI company and ADI company, TI company DSP guidance mode has host interface guiding, parallel storage guides, I/O guides, serial ports guides isotype, ADI company DSP provides four kinds of load modes: EPROM guidance mode, link port guidance mode, host directs mode and non-guide mode.TIDSP take CCS as Integrated Development Environment, and ADIDSP take VisualDSP++ as Integrated Development Environment, and the download file that both generate all can extract corresponding binary code.
In the technical products being platform development with DSP environment, majority is stored in non-volatile device by the download program of User Exploitation, after product electrifying startup, is loaded in internal memory by code and runs.These general memory devices, its interface sequence, read-write operation all can be inquired about in device handbook, this just cause technician spend a lot of time and energy exploitation software, be easy to just be obtained by others, after obtaining the binary code stored, can download to completely in same imitated hardware device and go to run, also corresponding Integrated Development Environment can be used to go dis-assembling to obtain code, the principle of work of analytic product, insert debgging statement, intercept and capture crucial intermediate parameters, analysis software flow process, finally obtains the core technology of product software.
Summary of the invention
The object of this invention is to provide a kind of trusted bootstrap method for designing being applicable to DSP environment, when not increasing hardware, user software safety problem under solution DSP environment, effectively improves the security of software.
The present invention is achieved in that a kind of trusted bootstrap method for designing being applicable to DSP environment, and it comprises the steps,
Step 1: analyze the effective binary code data in DSP download file;
Step 2: the binary code of generation carries out HMAC authentication code, and SHA2 is one-way hash algorithm, for generating HMAC authentication code;
Step 3: the binary code generated is encrypted;
Step 4: by comprise encrypt data, binary code code length tlen, completeness check reference value file be put in Integrated Development Environment;
Step 5: complete data deciphering operation in Integrated Development Environment, generate HMAC authentication code, complete the safe guidance of software.
Described step 2 is the length tlen of the binary data according to step 1 parsing, carry out supplementary k bit 0, make total length meet tlen+k ≡ 448mod512, the message after filling is processed, generate the authentication code of 256 bits, as software integrity calibration reference value.
Described step 3 is the binary code filling km bit 0, the tlen+km ≡ 0mod128 made step 1 generated, and is encrypted, generates the encrypt data of tlen+km bit to the message after filling.
Advantage of the present invention is, format analysis is carried out to the download file of DSP environment, obtain the binary data of valid code in download file, grouping algorithm AES is adopted to be encrypted it, calculate design philosophy according to embedded credible simultaneously, SHA2 is adopted to generate the HMAC authentication code of valid code binary data as completeness check reference value, data deciphering is completed in DSP Integrated Development Environment, and to the data genaration HMAC authentication code after deciphering, and compare with completeness check reference value, complete the safe guidance of software.
Embodiment
Below in conjunction with embodiment, the present invention is described in detail:
Be applicable to a trusted bootstrap method for designing for DSP environment, it comprises the steps:
Step 1: according to the difference of DSP Integrated Development Environment, the download file form generated is also different, based on bin file and ldr formatted file, bin is the binary file of standard, and ldr file is also the file layout of Intel standard, the effective binary code data in file therefore can be analyzed completely;
Step 2: the binary code of generation carries out HMAC authentication code, and SHA2 is one-way hash algorithm, for generating HMAC authentication code;
According to the length tlen of the binary data that step 1 is resolved, carry out supplementary k bit 0, make total length meet tlen+k ≡ 448mod512, the message after filling is processed, generates the authentication code of 256 bits, as software integrity calibration reference value.
Step 3: be encrypted the binary code generated, AES (Advanced Encryption Standard) is the algorithm announced NIST (American National Standard and technical institute) calendar year 2001, has higher security.
Binary code step 1 generated fills km bit 0, the tlen+km ≡ 0mod128 made.Message after filling is encrypted, generates the encrypt data of tlen+km bit.
Step 4: by comprise encrypt data, binary code code length tlen, completeness check reference value file be put in Integrated Development Environment.
Step 5: complete data deciphering operation in Integrated Development Environment, generate HMAC authentication code, complete the safe guidance of software.
First, use the encrypt data of AES decipherment algorithm deciphering tlen+km bit, intercept and capture the data after deciphering according to tlen parameter, obtain original binary code expressly, and code is transported to the position of specifying.According to the mode of step 2, generate the HMAC authentication code of the rear data of deciphering, compare with completeness check reference value, if both are consistent, then complete trusted bootstrap, otherwise authentification failure, quit a program bootup process.
After adopting method for designing provided herein, under the resource not increasing hardware, effectively protect the code under DSP environment, increase the security of software.
Claims (3)
1. be applicable to a trusted bootstrap method for designing for DSP environment, it is characterized in that: it comprises the steps,
Step 1: analyze the effective binary code data in DSP download file;
Step 2: the binary code of generation carries out HMAC authentication code, and SHA2 is one-way hash algorithm, for generating HMAC authentication code;
Step 3: the binary code generated is encrypted;
Step 4: by comprise encrypt data, binary code code length tlen, completeness check reference value file be put in Integrated Development Environment;
Step 5: complete data deciphering operation in Integrated Development Environment, generate HMAC authentication code, complete the safe guidance of software.
2. a kind of trusted bootstrap method for designing being applicable to DSP environment as claimed in claim 1, it is characterized in that: described step 2 is the length tlen of the binary data according to step 1 parsing, carry out supplementary k bit 0, total length is made to meet tlen+k ≡ 448mod512, message after filling is processed, generate the authentication code of 256 bits, as software integrity calibration reference value.
3. a kind of trusted bootstrap method for designing being applicable to DSP environment as claimed in claim 1, it is characterized in that: described step 3 is that binary code step 1 generated fills km bit 0, the tlen+km ≡ 0mod128 made, message after filling is encrypted, generates the encrypt data of tlen+km bit.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410592879.3A CN105550586A (en) | 2014-10-30 | 2014-10-30 | Trusted boot design method applicable to DSP environment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410592879.3A CN105550586A (en) | 2014-10-30 | 2014-10-30 | Trusted boot design method applicable to DSP environment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105550586A true CN105550586A (en) | 2016-05-04 |
Family
ID=55829773
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410592879.3A Pending CN105550586A (en) | 2014-10-30 | 2014-10-30 | Trusted boot design method applicable to DSP environment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105550586A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109491712A (en) * | 2018-11-01 | 2019-03-19 | 北京京航计算通讯研究所 | A kind of trusted bootstrap method suitable for VxWorks environment |
| CN109492404A (en) * | 2018-11-01 | 2019-03-19 | 北京京航计算通讯研究所 | A kind of trusted booting system suitable for VxWorks environment |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020004905A1 (en) * | 1998-07-17 | 2002-01-10 | Derek L Davis | Method for bios authentication prior to bios execution |
| US20030084275A1 (en) * | 2001-10-31 | 2003-05-01 | International Business Machines Corporation; | Authentications integrated into a boot code image |
| US20050079868A1 (en) * | 2003-10-10 | 2005-04-14 | Texas Instruments Incorporated | Device bound flashing/booting for cloning prevention |
-
2014
- 2014-10-30 CN CN201410592879.3A patent/CN105550586A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020004905A1 (en) * | 1998-07-17 | 2002-01-10 | Derek L Davis | Method for bios authentication prior to bios execution |
| US20030084275A1 (en) * | 2001-10-31 | 2003-05-01 | International Business Machines Corporation; | Authentications integrated into a boot code image |
| US20050079868A1 (en) * | 2003-10-10 | 2005-04-14 | Texas Instruments Incorporated | Device bound flashing/booting for cloning prevention |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109491712A (en) * | 2018-11-01 | 2019-03-19 | 北京京航计算通讯研究所 | A kind of trusted bootstrap method suitable for VxWorks environment |
| CN109492404A (en) * | 2018-11-01 | 2019-03-19 | 北京京航计算通讯研究所 | A kind of trusted booting system suitable for VxWorks environment |
| CN109491712B (en) * | 2018-11-01 | 2021-09-10 | 北京京航计算通讯研究所 | Trusted boot method suitable for VxWorks environment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9584311B2 (en) | Decrypting data | |
| CN104298932B (en) | A kind of call method and device of SO files | |
| CN111177749B (en) | Encrypted source code file processing method and device, computer equipment and storage medium | |
| CN101369889B (en) | Method for electronic endorsement of document | |
| CN104539432B (en) | A kind of method and apparatus that file is signed | |
| AU2017262658B2 (en) | Method and apparatus for dynamic executable verification | |
| CN102509034B (en) | Software license control method of software license control device | |
| WO2016019790A1 (en) | Verification method, client, server and system for installation package | |
| CN109992987B (en) | Script file protection method and device based on Nginx and terminal equipment | |
| US12105804B2 (en) | Securely executing software based on cryptographically verified instructions | |
| RU2018141237A (en) | USE OF A HARDWARE-PROTECTED PROTECTED ISOLATED AREA FOR PREVENTION OF PIRACY AND FRAUD IN ELECTRONIC DEVICES | |
| CN105184181B (en) | File encryption method, file decryption method and file encryption device | |
| CN105447394A (en) | Intelligent password key with local data encryption function | |
| JP2017517795A5 (en) | ||
| CN104135531B (en) | A kind of upgrade method and device of Web softwares | |
| Feller et al. | TinyTPM: A lightweight module aimed to IP protection and trusted embedded platforms | |
| CN105404470B (en) | Date storage method and safety device, data-storage system | |
| CN105550586A (en) | Trusted boot design method applicable to DSP environment | |
| CN102546655A (en) | Methods of secure transmission of health information | |
| CN112817615B (en) | File processing method, device, system and storage medium | |
| CN109255225A (en) | Hard disc data security control apparatus based on dual-identity authentication | |
| Wu et al. | Uprooting trust: Learnings from an unpatchable hardware root-of-trust vulnerability in siemens s7-1500 plcs | |
| CN110708273B (en) | Data encryption and decryption method and data encryption and decryption system | |
| CN103530555B (en) | Prevent the method and apparatus that program performs malicious operation | |
| CN106570354A (en) | Reconstruction method and device, operating method and device of mobile application |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20160504 |
|
| WD01 | Invention patent application deemed withdrawn after publication |