CN118244980A - Data presetting method, electronic equipment and storage medium - Google Patents
Data presetting method, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN118244980A CN118244980A CN202410272642.0A CN202410272642A CN118244980A CN 118244980 A CN118244980 A CN 118244980A CN 202410272642 A CN202410272642 A CN 202410272642A CN 118244980 A CN118244980 A CN 118244980A
- Authority
- CN
- China
- Prior art keywords
- partition
- backup
- preset
- data
- image file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0628—Interfaces specially adapted for storage systems making use of a particular technique
- G06F3/0638—Organizing or formatting or addressing of data
- G06F3/0644—Management of space entities, e.g. partitions, extents, pools
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
- G06F11/1402—Saving, restoring, recovering or retrying
- G06F11/1446—Point-in-time backing up or restoration of persistent data
- G06F11/1448—Management of the data involved in backup or backup restore
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0628—Interfaces specially adapted for storage systems making use of a particular technique
- G06F3/0638—Organizing or formatting or addressing of data
- G06F3/0643—Management of files
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/61—Installation
- G06F8/63—Image based installation; Cloning; Build to order
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Human Computer Interaction (AREA)
- Quality & Reliability (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
本发明涉及数据预置方法、电子设备和存储介质。该数据预置方法包括:获取备份分区镜像文件和包含备份信息的引导通信分区镜像文件,备份分区镜像文件和引导通信分区镜像文件根据需要预置到用户数据分区的预置数据目录、引导通信分区镜像和预置数据镜像配置文件而生成;将备份分区镜像文件和引导通信分区镜像文件烧录至设备的备份分区;基于备份分区中的备份分区镜像文件和引导通信分区镜像文件对用户数据分区进行数据预置。本发明直接将数据预置到备份分区,再从备份分区将数据预置到用户数据分区,即便是用户数据分区加密的场景,也能够实现数据预置,从而实现了对加密的用户数据分区进行数据预置,且不会导致系统固件永久性变大。
The present invention relates to a data presetting method, an electronic device and a storage medium. The data presetting method comprises: obtaining a backup partition image file and a boot communication partition image file containing backup information, wherein the backup partition image file and the boot communication partition image file are generated according to the preset data directory, the boot communication partition image and the preset data image configuration file preset to the user data partition as required; burning the backup partition image file and the boot communication partition image file to the backup partition of the device; and presetting data to the user data partition based on the backup partition image file and the boot communication partition image file in the backup partition. The present invention directly presets data to the backup partition, and then presets data from the backup partition to the user data partition. Even in the scenario where the user data partition is encrypted, data presetting can be realized, thereby realizing data presetting for the encrypted user data partition, and will not cause the system firmware to become permanently larger.
Description
技术领域Technical Field
本发明涉及嵌入式技术领域,尤其涉及数据预置方法、电子设备和存储介质。The present invention relates to the field of embedded technology, and in particular to a data presetting method, an electronic device and a storage medium.
背景技术Background technique
电子设备中使用的eMMC(嵌入式多媒体卡)和固态硬盘等永久记忆性存储器是电子设备的核心组成器件。电子设备通过永久记忆性存储器来存储设备固件和用户数据,其中存储用户数据的区域称为用户数据分区(如data)。在某些场景下,为了保护用户数据分区(如data)中的数据安全,通常会对用户数据区进行加密。一旦设备对用户数据分区进行加密,那么需要一套配对的加解密系统才能使用用户数据分区中的数据。为了保证数据安全,在终端用户第一次使用设备时,加密服务和系统通常要求在对用户数据分区进行加密之前,用户数据分区必须是刚刚擦除和格式化过的、干净的用户数据分区。在系统启动过程中,系统会将用户数据分区对应的物理块设备(如/dev/block/by-name/data)通过操作系统内核的设备映射机制(如device mapper)映射成虚拟块设备(如/dev/block/dm-1),当往虚拟块设备写入数据时,每个数据块首先都会被加密,然后存储在物理块设备上。同理,当从虚拟块设备读取数据时,每个数据会首先进行解密,然后将解密后的数据返回。Permanent memory devices such as eMMC (embedded multimedia card) and solid-state hard disk used in electronic devices are the core components of electronic devices. Electronic devices use permanent memory devices to store device firmware and user data, and the area storing user data is called user data partition (such as data). In some scenarios, in order to protect the data security in the user data partition (such as data), the user data area is usually encrypted. Once the device encrypts the user data partition, a paired encryption and decryption system is required to use the data in the user data partition. In order to ensure data security, when the end user uses the device for the first time, the encryption service and system usually require that the user data partition must be a clean user data partition that has just been erased and formatted before the user data partition is encrypted. During the system startup process, the system will map the physical block device corresponding to the user data partition (such as /dev/block/by-name/data) to a virtual block device (such as /dev/block/dm-1) through the device mapping mechanism (such as device mapper) of the operating system kernel. When writing data to the virtual block device, each data block will first be encrypted and then stored on the physical block device. Similarly, when reading data from a virtual block device, each data is first decrypted and then the decrypted data is returned.
在电子设备出厂时,通常会对用户数据分区进行一次擦除和文件系统格式化,以便最终用户能够使用到完整和干净的用户数据分区,也就是说设备出厂时用户数据分区不会预先内置任何用户数据。但是有些厂家希望在设备出厂之前(即在设备的生产过程中,最终出货给终端用户之前),能够往用户数据分区预置某些数据,以便满足厂家对自身开发的设备所作的产品定义。When electronic devices leave the factory, the user data partition is usually erased and the file system is formatted so that the end user can use a complete and clean user data partition, that is, the user data partition will not have any user data pre-installed when the device leaves the factory. However, some manufacturers hope to pre-install certain data in the user data partition before the device leaves the factory (that is, during the production process of the device and before it is finally shipped to the end user) to meet the product definition made by the manufacturer for the device developed by itself.
现有针对用户数据分区的数据预置方法通常有以下两类。Existing data pre-setting methods for user data partitions generally fall into the following two categories.
第一类方法要求用户数据分区是非加密的。这类方法在设备启动过程中引导设备进入恢复模式,在恢复模式中完成数据预置,这样在设备进入正常系统后,就可以直接使用用户数据区中的预置数据。恢复模式通常无法支持复杂的加解密系统,这就意味着这类方法无法对加密的用户数据分区进行数据预置,因为对用户数据分区的加密要求用户数据分区在被加密之前,必须是刚刚擦除和格式化过的、干净的用户数据分区,不能预先存储任何用户数据,所有由用户创建的数据在写入加密的用户数据区之前必须首先通过对应的加密系统自动进行加密,然后再将加密后的数据写入实际的用户数据物理分区。The first type of method requires that the user data partition is unencrypted. This type of method boots the device into recovery mode during device startup and completes data presetting in recovery mode, so that after the device enters the normal system, the pre-set data in the user data area can be directly used. Recovery mode usually cannot support complex encryption and decryption systems, which means that this type of method cannot pre-set data on the encrypted user data partition, because the encryption of the user data partition requires that the user data partition must be a clean user data partition that has just been erased and formatted before being encrypted, and no user data can be pre-stored. All data created by the user must first be automatically encrypted by the corresponding encryption system before being written to the encrypted user data area, and then the encrypted data is written to the actual user data physical partition.
第二类方法虽然可以支持加密的用户数据分区,但是要求将需要预置到用户数据分区的数据首先内置到系统固件中(如Android系统的system或者vendor或者odm固件),然后在系统正常启动,配套的加解密系统正常工作后,将内置到系统固件中的需要预置到用户数据分区中的数据拷贝到用户数据分区中,从而完成数据预置。这种方法的最大问题是会导致设备的系统固件变大,通常需要预置到用户数据分区中的数据都比较大,这就会导致系统固件不可接受地变大。这意味着当对系统固件进行完整FOTA升级时,会导致FOTA升级包变大。当FOTA升级包变大时,就意味着在升级包的生成、存储、传输和实际升级时,都需要消耗更多的时间和空间资源。此外,需要预置到用户数据分区的数据通常都是普通数据,本质上不是系统固件的组成部分,而将普通的预置数据和系统固件混在一起,从软件工程的角度来看显然是一个不好的设计。Although the second method can support encrypted user data partitions, it requires that the data that needs to be preset in the user data partition be first built into the system firmware (such as the system or vendor or odm firmware of the Android system), and then after the system starts normally and the supporting encryption and decryption system works normally, the data that needs to be preset in the user data partition built into the system firmware is copied to the user data partition to complete the data preset. The biggest problem with this method is that it will cause the system firmware of the device to become larger. Usually, the data that needs to be preset in the user data partition is relatively large, which will cause the system firmware to become unacceptably large. This means that when the system firmware is fully FOTA upgraded, the FOTA upgrade package will become larger. When the FOTA upgrade package becomes larger, it means that more time and space resources are required when the upgrade package is generated, stored, transmitted, and actually upgraded. In addition, the data that needs to be preset in the user data partition is usually ordinary data, which is not essentially a component of the system firmware. Mixing ordinary preset data with system firmware is obviously a bad design from a software engineering perspective.
因此,如何能够实现对加密的用户数据分区进行数据预置,同时又不需要将预置数据内置到系统固件导致系统固件永久性变大,成为当下需要解决的问题之一。Therefore, how to implement data presetting for the encrypted user data partition without having to embed the presetting data into the system firmware, which would cause the system firmware to permanently become larger, has become one of the problems that need to be solved at present.
发明内容Summary of the invention
本发明提供数据预置方法、电子设备和存储介质,其能够实现对加密的用户数据分区进行数据预置,且不会导致系统固件永久性变大。The present invention provides a data presetting method, an electronic device and a storage medium, which can realize data presetting for an encrypted user data partition without causing permanent enlargement of system firmware.
在本发明的一个方面,提供一种数据预置方法。该方法包括:获取备份分区镜像文件和包含备份信息的引导通信分区镜像文件,所述备份分区镜像文件和所述引导通信分区镜像文件根据需要预置到用户数据分区的预置数据目录、引导通信分区镜像和预置数据镜像配置文件而生成;将所述备份分区镜像文件和所述引导通信分区镜像文件烧录至设备的备份分区;以及基于所述备份分区中的所述备份分区镜像文件和所述引导通信分区镜像文件对用户数据分区进行数据预置。In one aspect of the present invention, a data presetting method is provided. The method includes: obtaining a backup partition image file and a boot communication partition image file containing backup information, wherein the backup partition image file and the boot communication partition image file are generated according to the preset data directory, boot communication partition image and preset data image configuration file preset to the user data partition as needed; burning the backup partition image file and the boot communication partition image file to the backup partition of the device; and presetting data to the user data partition based on the backup partition image file and the boot communication partition image file in the backup partition.
在本发明的又一方面,提供一种电子设备。该电子设备包括存储器,被配置为存储可执行程序;以及处理器,被配置为执行所述程序以执行上述的数据预置方法。In another aspect of the present invention, an electronic device is provided, which includes a memory configured to store an executable program and a processor configured to execute the program to perform the above-mentioned data presetting method.
在本发明的再一方面,提供一种计算机可读介质。该介质上存储有计算机程序,所述计算机程序被处理器执行以实现上述的数据预置方法。In another aspect of the present invention, a computer-readable medium is provided, wherein a computer program is stored on the medium, and the computer program is executed by a processor to implement the above-mentioned data presetting method.
根据本发明,获取备份分区镜像文件和包含备份信息的引导通信分区镜像文件,备份分区镜像文件和引导通信分区镜像文件根据需要预置到用户数据分区的预置数据目录、引导通信分区镜像和预置数据镜像配置文件而生成,将备份分区镜像文件和引导通信分区镜像文件烧录至设备的备份分区,基于备份分区中的备份分区镜像文件和引导通信分区镜像文件对用户数据分区进行数据预置。本发明技术方案直接将数据预置到备份分区,再从备份分区将数据预置到用户数据分区,即便是用户数据分区加密的场景,也能够实现数据预置,从而实现了对加密的用户数据分区进行数据预置,且不会导致系统固件永久性变大。According to the present invention, a backup partition image file and a boot communication partition image file containing backup information are obtained, and the backup partition image file and the boot communication partition image file are generated according to the preset data directory, boot communication partition image and preset data image configuration file preset to the user data partition as needed, and the backup partition image file and the boot communication partition image file are burned to the backup partition of the device, and the user data partition is preset based on the backup partition image file and the boot communication partition image file in the backup partition. The technical solution of the present invention directly presets data to the backup partition, and then presets data from the backup partition to the user data partition. Even in the scenario where the user data partition is encrypted, data preset can be realized, thereby realizing data presetting for the encrypted user data partition, and will not cause the system firmware to become permanently larger.
附图说明BRIEF DESCRIPTION OF THE DRAWINGS
图1为根据本发明实施例的数据预置方法的步骤流程图;FIG1 is a flow chart of steps of a data presetting method according to an embodiment of the present invention;
图2为根据本发明实施例的一种数据预置方法的流程示意图;FIG2 is a schematic flow chart of a data presetting method according to an embodiment of the present invention;
图3为根据本发明实施例的电子设备的结构示意图。FIG. 3 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
具体实施方式Detailed ways
为详细说明本发明的技术内容、所实现目的及效果,以下结合实施方式并配合附图予以说明。In order to explain the technical content, achieved objectives and effects of the present invention in detail, the following is an explanation in conjunction with the implementation modes and the accompanying drawings.
在已有技术中,一种方法是在设备启动过程中引导设备进入恢复模式,在恢复模式中完成数据预置,但无法对加密的用户数据分区进行数据预置,另一种方法是将需要预置到用户数据分区的数据首先内置到系统固件中,然后在系统正常启动,配套的加解密系统正常工作后,将内置到系统固件中的需要预置到用户数据分区中的数据拷贝到用户数据分区中,但会导致系统固件不可接受地变大。In the prior art, one method is to boot the device into a recovery mode during device startup and complete data presetting in the recovery mode, but data presetting cannot be performed on the encrypted user data partition. Another method is to first build the data that needs to be preset to the user data partition into the system firmware, and then, after the system starts normally and the supporting encryption and decryption system works normally, copy the data that needs to be preset to the user data partition that is built into the system firmware to the user data partition, but this will cause the system firmware to become unacceptably large.
为了解决至少上述技术问题,本公开提供了数据预置方法。根据本公开的实施例,获取备份分区镜像文件和包含备份信息的引导通信分区镜像文件,备份分区镜像文件和引导通信分区镜像文件根据需要预置到用户数据分区的预置数据目录、引导通信分区镜像和预置数据镜像配置文件而生成,将备份分区镜像文件和引导通信分区镜像文件烧录至设备的备份分区,基于备份分区中的备份分区镜像文件和引导通信分区镜像文件对用户数据分区进行数据预置。以此方式,直接将数据预置到备份分区,再从备份分区将数据预置到用户数据分区,即便是用户数据分区加密的场景,也能够实现数据预置,从而实现了对加密的用户数据分区进行数据预置,且不会导致系统固件永久性变大。In order to solve at least the above technical problems, the present disclosure provides a data presetting method. According to an embodiment of the present disclosure, a backup partition image file and a boot communication partition image file containing backup information are obtained, and the backup partition image file and the boot communication partition image file are generated according to the preset data directory, boot communication partition image and preset data image configuration file preset to the user data partition as needed, and the backup partition image file and the boot communication partition image file are burned to the backup partition of the device, and the user data partition is preset based on the backup partition image file and the boot communication partition image file in the backup partition. In this way, data is directly preset to the backup partition, and then data is preset from the backup partition to the user data partition. Even in the scenario where the user data partition is encrypted, data presetting can be achieved, thereby achieving data presetting for the encrypted user data partition, and will not cause the system firmware to become permanently larger.
下文中,将参考具体实施例并且结合附图描述根据本公开的技术方案。Hereinafter, the technical solution according to the present disclosure will be described with reference to specific embodiments and in conjunction with the accompanying drawings.
图1是示出根据本公开的实施例的数据预置方法100的流程图。参照图1,该方法100包括以下步骤102至步骤106。Fig. 1 is a flow chart showing a data presetting method 100 according to an embodiment of the present disclosure. Referring to Fig. 1 , the method 100 includes the following steps 102 to 106 .
在步骤102,获取备份分区镜像文件和包含备份信息的引导通信分区镜像文件,所述备份分区镜像文件和所述引导通信分区镜像文件根据需要预置到用户数据分区的预置数据目录、引导通信分区镜像和预置数据镜像配置文件而生成。In step 102, a backup partition image file and a boot communication partition image file containing backup information are obtained, wherein the backup partition image file and the boot communication partition image file are generated according to the preset data directory, the boot communication partition image and the preset data image configuration file preset to the user data partition as needed.
在一些实施例中,在步骤102之前该方法100还可以包括:制作所述备份分区镜像文件和所述引导通信分区镜像。在一些实施例中,制作所述备份分区镜像文件和所述引导通信分区镜像包括:根据所述备份分区的名字、大小和文件系统类型生成预置数据镜像预置文件;将预置数据按照预设目录层次生成预置数据目录;接收引导通信分区镜像;以及根据所述预置数据目录、所述引导通信分区镜像和所述预置数据镜像预置文件生成所述备份分区镜像文件和所述引导通信分区镜像文件。以此方式,预置数据目录、引导通信分区镜像和预置数据镜像预置文件中包括了预置数据和备份分区的相关信息,便于后续生成用于数据预置的备份分区镜像文件和包含备份信息的引导通信分区镜像文件。In some embodiments, before step 102, the method 100 may further include: making the backup partition image file and the boot communication partition image. In some embodiments, making the backup partition image file and the boot communication partition image includes: generating a preset data image preset file according to the name, size and file system type of the backup partition; generating a preset data directory according to a preset directory hierarchy for the preset data; receiving a boot communication partition image; and generating the backup partition image file and the boot communication partition image file according to the preset data directory, the boot communication partition image and the preset data image preset file. In this way, the preset data directory, the boot communication partition image and the preset data image preset file include relevant information of the preset data and the backup partition, which facilitates the subsequent generation of the backup partition image file for data preset and the boot communication partition image file containing the backup information.
在一些实施例中,将所述预置数据目录进行压缩,得到预置数据压缩包。若所述预置数据压缩包的大小小于所述备份分区的大小,则生成原始备份分区镜像文件,所述原始备份分区镜像文件的大小小于所述备份分区的大小,且大于所述预置数据压缩包的大小。根据所述备份分区的所述文件系统类型将所述原始备份分区镜像文件进行格式化,得到包含文件系统类型的可读写文件系统备份分区镜像文件。将所述可读写文件系统备份分区镜像文件挂载至预设挂载目录,并将所述预置数据压缩包拷贝至所述预设挂载目录的预设路径;卸载所述可读写文件系统备份分区镜像文件。根据所述备份分区的名字对包含所述预置数据压缩包的所述可读写文件系统备份分区镜像文件进行重命名,得到备份分区镜像文件。在引导通信分区的第一预设位置写入备份分区加密数据区预置指令,并在所述引导通信分区的第二预设位置写入备份分区信息,生成包含备份信息的引导通信分区镜像文件。以此方式,将预设名字的预置数据压缩包预置到可读写文件系统备份分区镜像文件中,以便后续将预置数据烧录到备份分区。In some embodiments, the preset data directory is compressed to obtain a preset data compression package. If the size of the preset data compression package is smaller than the size of the backup partition, an original backup partition image file is generated, and the size of the original backup partition image file is smaller than the size of the backup partition and larger than the size of the preset data compression package. The original backup partition image file is formatted according to the file system type of the backup partition to obtain a readable and writable file system backup partition image file containing the file system type. The readable and writable file system backup partition image file is mounted to a preset mount directory, and the preset data compression package is copied to a preset path of the preset mount directory; and the readable and writable file system backup partition image file is unmounted. The readable and writable file system backup partition image file containing the preset data compression package is renamed according to the name of the backup partition to obtain a backup partition image file. A backup partition encrypted data area preset instruction is written at a first preset position of the boot communication partition, and backup partition information is written at a second preset position of the boot communication partition to generate a boot communication partition image file containing backup information. In this way, the preset data compression package with the preset name is preset into the read-write file system backup partition image file, so that the preset data can be burned into the backup partition later.
在一些实施例中,在所述引导通信分区的第二预设位置写入备份分区信息之前,还包括:根据备份分区信息魔幻数、备份体数字摘要算法类型、备份体数字摘要密文大小、备份体数字摘要密文和备份体生成备份分区信息。以此方式,有利于根据生成的备份分区信息将预置数据先预置到备份分区中,无需内置到系统固件,避免系统固件过大。In some embodiments, before writing the backup partition information to the second preset position of the boot communication partition, the method further includes: generating the backup partition information according to the backup partition information magic number, the backup body digital summary algorithm type, the backup body digital summary ciphertext size, the backup body digital summary ciphertext and the backup body. In this way, it is beneficial to pre-set the preset data into the backup partition according to the generated backup partition information, without having to be built into the system firmware, thereby preventing the system firmware from being too large.
在步骤104,将所述备份分区镜像文件和所述引导通信分区镜像文件烧录至设备的备份分区。In step 104, the backup partition image file and the boot communication partition image file are burned to the backup partition of the device.
在步骤106,基于所述备份分区中的所述备份分区镜像文件和所述引导通信分区镜像文件对用户数据分区进行数据预置。In step 106, data is preset for the user data partition based on the backup partition image file and the boot communication partition image file in the backup partition.
在一些实施例中,根据引导通信分区中的预设位置处存在的备份分区加密数据区预置指令,从所述引导通信分区中读出备份分区信息。根据所述备份分区信息中备份体里的备份分区的名字和备份分区的文件系统类型,将所述备份分区的文件系统容量扩展成所述备份分区的实际大小。擦除和格式化所述用户数据分区,并将所述备份分区加密数据区预置指令清除,设备重启。将所述备份分区中的对应预置数据写入代表所述用户数据分区的挂载目录,以完成所述用户数据分区的数据预置。在一些实施例中,将所述备份分区中对应的预置数据压缩包解压到代表所述用户数据分区的挂载目录,以及由数据加解密服务对解压后的数据进行加密,以将加密数据写入所述用户数据分区,以完成加密的用户数据分区的数据预置。在一些实施例中,根据引导通信分区中的预设位置处存在的恢复出厂设置指令,擦除和格式化所述用户数据分区,以及将备份分区中对应的预置数据压缩包解压到代表用户数据分区的挂载目录,以完成出厂时的用户数据分区的数据预置。以此方式,实现了对加密的用户数据分区进行数据预置,且不会导致系统固件永久性变大。In some embodiments, according to the backup partition encrypted data area preset instruction present at the preset position in the boot communication partition, the backup partition information is read from the boot communication partition. According to the name of the backup partition in the backup body in the backup partition information and the file system type of the backup partition, the file system capacity of the backup partition is expanded to the actual size of the backup partition. The user data partition is erased and formatted, and the backup partition encrypted data area preset instruction is cleared, and the device is restarted. The corresponding preset data in the backup partition is written to the mount directory representing the user data partition to complete the data preset of the user data partition. In some embodiments, the corresponding preset data compression package in the backup partition is decompressed to the mount directory representing the user data partition, and the decompressed data is encrypted by the data encryption and decryption service to write the encrypted data to the user data partition to complete the data preset of the encrypted user data partition. In some embodiments, according to the factory reset instruction present at the preset position in the boot communication partition, the user data partition is erased and formatted, and the corresponding preset data compression package in the backup partition is decompressed to the mount directory representing the user data partition to complete the data preset of the user data partition at the factory. In this way, data presetting of the encrypted user data partition is achieved without causing permanent enlargement of the system firmware.
在一些实施例中,启动所述设备,若所述引导通信分区的所述第一预设位置存在所述备份分区加密数据区预置指令或恢复出厂设置指令,则引导所述设备进入恢复模式。在所述恢复模式中,若所述引导通信分区的所述第一预设位置存在所述备份分区加密数据区预置指令,则从所述引导通信分区的所述第二预设位置读取所述备份分区信息,并根据所述备份分区信息将所述备份分区的文件系统容量扩展成所述备份分区的实际大小。重新擦除和格式化用户数据分区,并清除所述引导通信分区中第三预设位置的预置完成标记,清除所述引导通信分区中所述第一预设位置的所述备份分区加密数据区预置指令,退出加密数据预置流程以及恢复模式,重启所述设备,以对用户数据分区进行数据预置。若所述引导通信分区的所述第一预设位置存在所述恢复出厂设置指令,则执行恢复出厂设置操作,所述恢复出厂设置操作重新擦除和格式化用户数据分区,但不重新擦除和格式化备份分区。从所述引导通信分区中的所述第二预设位置读取所述备份分区信息,检查所述备份分区信息中的备份分区信息魔幻数是否与预设魔幻数一致。若不一致,则清除所述引导通信分区中的所述第一预设位置的所述恢复出厂设置指令,并退出恢复出厂设置流程。若一致,则清除所述引导通信分区中第三预设位置的预置完成标记,清除所述引导通信分区中所述第一预设位置的恢复出厂设置指令,并退出恢复出厂设置流程,重启所述设备,以对用户数据分区进行数据预置。在一些实施例中,当执行所述恢复出厂设置操作时,在所述引导通信分区中所述第一预设位置写入所述恢复出厂设置指令后,重启所述设备。以此方式,根据引导通信分区的第一预设位置中存在的是恢复出厂设置指令还是备份分区加密数据区预置指令来判断是要恢复出厂设置还是进行数据预置,当进行恢复出厂设置时简单方便,由于备份分区中已经包含有预置数据压缩包,所以恢复出厂设置后可以使用备份分区中的预置数据压缩包来重新内置数据到用户数据分区。In some embodiments, the device is started, and if the backup partition encrypted data area preset instruction or the factory reset instruction exists in the first preset position of the boot communication partition, the device is guided into the recovery mode. In the recovery mode, if the backup partition encrypted data area preset instruction exists in the first preset position of the boot communication partition, the backup partition information is read from the second preset position of the boot communication partition, and the file system capacity of the backup partition is expanded to the actual size of the backup partition according to the backup partition information. The user data partition is erased and formatted again, and the preset completion mark of the third preset position in the boot communication partition is cleared, the backup partition encrypted data area preset instruction of the first preset position in the boot communication partition is cleared, the encrypted data preset process and the recovery mode are exited, and the device is restarted to perform data preset on the user data partition. If the factory reset instruction exists in the first preset position of the boot communication partition, the factory reset operation is performed, and the factory reset operation erases and formats the user data partition again, but does not erase and format the backup partition again. The backup partition information is read from the second preset position in the boot communication partition, and the backup partition information magic number in the backup partition information is checked to see if it is consistent with the preset magic number. If not, the factory reset instruction in the first preset position in the boot communication partition is cleared, and the factory reset process is exited. If consistent, the preset completion mark in the third preset position in the boot communication partition is cleared, the factory reset instruction in the first preset position in the boot communication partition is cleared, and the factory reset process is exited, and the device is restarted to perform data preset on the user data partition. In some embodiments, when the factory reset operation is performed, the device is restarted after the factory reset instruction is written in the first preset position in the boot communication partition. In this way, it is determined whether to restore the factory settings or to preset the data according to whether the factory reset instruction or the backup partition encrypted data area preset instruction exists in the first preset position of the boot communication partition. It is simple and convenient to perform factory reset. Since the backup partition already contains a preset data compression package, the preset data compression package in the backup partition can be used to re-embed the data into the user data partition after the factory reset.
在一些实施例中,在系统启动过程中,使用预设数据加解密服务确保所述用户数据区按照预设加密方式进行加密,加密完成后将所述用户数据区对应的物理块设备通过操作系统内核的设备映射机制映射成虚拟块设备,并将所述虚拟块设备挂载至预设的代表用户数据分区的挂载目录。使用加密数据预置服务检测所述预设的代表用户数据分区的挂载目录是否已经挂载所述虚拟块设备。若已挂载完成,则开启数据预置流程,以对用户数据分区进行数据预置。以此方式,可以实现对加密的用户数据分区的数据预置,同时无需将预置数据内置到系统固件中,避免对系统固件进行完整FOTA升级时对时间和空间资源的额外占用。In some embodiments, during the system startup process, a preset data encryption and decryption service is used to ensure that the user data area is encrypted according to a preset encryption method. After the encryption is completed, the physical block device corresponding to the user data area is mapped to a virtual block device through the device mapping mechanism of the operating system kernel, and the virtual block device is mounted to the preset mount directory representing the user data partition. Use the encrypted data pre-set service to detect whether the preset mount directory representing the user data partition has mounted the virtual block device. If the mounting is completed, the data pre-set process is started to pre-set data for the user data partition. In this way, data pre-set for the encrypted user data partition can be achieved, and at the same time, the preset data does not need to be built into the system firmware, avoiding the additional occupation of time and space resources when the system firmware is fully upgraded by FOTA.
在一些实施例中,使用加密数据预置服务检查所述引导通信分区中所述第三预设位置是否存在所述预置完成标记。若存在,则退出加密数据预置服务。若不存在,则检查所述预设的代表用户数据分区的挂载目录是否已经挂载所述虚拟块设备。若未挂载完成,则等待预设时间后,返回执行使用加密数据预置服务检查所述引导通信分区中所述第三预设位置是否存在所述预置完成标记。若已挂载完成,则从所述引导通信分区中所述第二预设位置读取所述备份分区信息,并检查所述备份分区信息中的备份分区魔幻数是否与预设魔幻数一致。若不一致,则退出加密数据预置服务。若一致,则根据所述备份分区信息中的备份体数字摘要算法类型对应的数字摘要算法计算所述备份分区信息中的备份体的数字摘要,并对计算出的备份体数字摘要使用预设的针对备份分区信息的对称加密算法和密钥进行加密,得到备份体数字摘要密文和备份体数字摘要密文大小。若计算出的所述备份体数字摘要密文大小和所述备份分区信息中的备份体数字摘要密文大小相同,且计算出的所述备份体数字摘要密文和所述备份分区信息中的备份体数字摘要密文相同,则根据所述备份分区信息中的备份体的备份分区的名字确定与所述备份分区相对应的块设备节点,并检查所述备份分区是否已经挂载。若没有挂载,则挂载所述备份分区,并根据所述备份分区信息中的备份体的预置数据压缩包在所述备份分区中的路径,检查是否存在对应的预置数据压缩包。如果不存在,则退出加密数据预置服务。如果存在,则根据所述备份分区信息中的备份体数字摘要算法类型对应的数字摘要算法计算所述备份分区中的所述预置数据压缩包的数字摘要。若计算出的预置数据压缩包数字摘要和所述备份分区信息中的备份体的预置数据压缩包数字摘要相同,则将所述备份分区中的所述预置数据压缩包解压至所述预设的代表用户数据分区的挂载目录,并通过所述预设数据加解密服务对解压后的预置数据进行自动加密后写入实际的用户数据分区。在所述引导通信分区中所述第三预设位置写入预置完成标记,以完成用户数据分区的数据预置,并退出加密数据预置服务。以此方式,通过检查备份分区信息的合法性来保证数据预置的可靠性。In some embodiments, the encrypted data presetting service is used to check whether the preset completion mark exists at the third preset position in the boot communication partition. If it exists, the encrypted data presetting service is exited. If it does not exist, check whether the preset mount directory representing the user data partition has mounted the virtual block device. If the mounting is not completed, wait for a preset time and return to execute the encrypted data presetting service to check whether the preset completion mark exists at the third preset position in the boot communication partition. If the mounting is completed, read the backup partition information from the second preset position in the boot communication partition, and check whether the backup partition magic number in the backup partition information is consistent with the preset magic number. If not consistent, exit the encrypted data presetting service. If consistent, calculate the digital summary of the backup body in the backup partition information according to the digital summary algorithm corresponding to the backup body digital summary algorithm type in the backup partition information, and encrypt the calculated backup body digital summary using the preset symmetric encryption algorithm and key for the backup partition information to obtain the backup body digital summary ciphertext and the backup body digital summary ciphertext size. If the calculated backup body digital summary ciphertext size is the same as the backup body digital summary ciphertext size in the backup partition information, and the calculated backup body digital summary ciphertext is the same as the backup body digital summary ciphertext in the backup partition information, then determine the block device node corresponding to the backup partition according to the name of the backup partition of the backup body in the backup partition information, and check whether the backup partition has been mounted. If not mounted, then mount the backup partition, and check whether there is a corresponding preset data compression package according to the path of the preset data compression package of the backup body in the backup partition information in the backup partition. If not, exit the encrypted data presetting service. If so, calculate the digital summary of the preset data compression package in the backup partition according to the digital summary algorithm corresponding to the backup body digital summary algorithm type in the backup partition information. If the calculated preset data compression package digital summary is the same as the preset data compression package digital summary of the backup body in the backup partition information, then decompress the preset data compression package in the backup partition to the preset mounting directory representing the user data partition, and automatically encrypt the decompressed preset data through the preset data encryption and decryption service and write it into the actual user data partition. The preset completion mark is written into the third preset position in the boot communication partition to complete the data preset of the user data partition and exit the encrypted data preset service. In this way, the reliability of data preset is guaranteed by checking the legitimacy of the backup partition information.
在一些实施例中,在步骤108之后该方法100还包括:使用所述用户数据区的预置数据的服务或者应用时,检查所述引导通信分区中第三预设位置是否存在预置完成标记;若存在,则继续使用所述用户数据区的预置数据的服务或者应用;若不存在,则等待预设时间后,返回执行检查所述引导通信分区中第三预设位置是否存在预置完成标记。In some embodiments, after step 108, the method 100 further includes: when using the service or application of the preset data in the user data area, checking whether there is a preset completion mark at the third preset position in the boot communication partition; if there is, continuing to use the service or application of the preset data in the user data area; if not, waiting for a preset time and returning to execute checking whether there is a preset completion mark at the third preset position in the boot communication partition.
下文中,将通过示例描述根据本发明实施例的数据预置方法及设备的应用场景。Hereinafter, application scenarios of the data presetting method and device according to the embodiments of the present invention will be described by way of examples.
图2是示出根据本发明实施例的数据预置方法的流程图。如图2所示,该方法包括以下步骤201至步骤208。Fig. 2 is a flow chart showing a data presetting method according to an embodiment of the present invention. As shown in Fig. 2, the method includes the following steps 201 to 208.
在步骤201,构建预置数据目录、引导通信分区镜像(如misc.img)和预置数据镜像预置文件,具体包括以下(1)至(3)。In step 201, a preset data directory, a boot communication partition image (such as misc.img) and a preset data image preset file are constructed, which specifically includes the following (1) to (3).
(1)根据备份分区的名字(如backup)、大小和文件系统类型生成预置数据镜像预置文件。(1) Generate a preset data image preset file according to the name (such as backup), size and file system type of the backup partition.
备份分区的名字对应的是设备实际物理分区的名字,作为备份分区的实际物理分区需是具有可读写文件系统的非加密分区。The name of the backup partition corresponds to the name of the actual physical partition of the device. The actual physical partition used as the backup partition must be a non-encrypted partition with a readable and writable file system.
(2)将预置数据按照预设目录层次生成预置数据目录,即将所有预置数据按照预设目录层次组织到预置数据目录。(2) Generate a preset data directory according to the preset directory hierarchy, that is, organize all preset data into the preset data directory according to the preset directory hierarchy.
(3)接收引导通信分区镜像。(3) Receive the boot communication partition image.
在步骤202,根据预置数据目录、引导通信分区镜像和预置数据镜像预置文件生成备份分区镜像文件和包含备份信息的引导通信分区镜像文件,具体包括以下(1)至(9)。In step 202, a backup partition image file and a boot communication partition image file containing backup information are generated according to the preset data directory, the boot communication partition image and the preset data image preset file, which specifically includes the following (1) to (9).
(1)将预置数据目录进行压缩,得到预置数据压缩包。(1) Compress the preset data directory to obtain a preset data compression package.
具体的,将预置数据目录按照预设压缩算法类型进行压缩,并使用预设名字命名,得到预置数据压缩包。Specifically, the preset data directory is compressed according to a preset compression algorithm type and named with a preset name to obtain a preset data compression package.
(2)若预置数据压缩包的大小大于或等于备份分区的大小,则提示出错,退出数据预置流程。(2) If the size of the pre-set data compression package is greater than or equal to the size of the backup partition, an error message is displayed and the data pre-set process is exited.
(3)若预置数据压缩包的大小小于备份分区的大小,则生成原始备份分区镜像文件(如backup_raw.img),该原始备份分区镜像文件的大小小于备份分区的大小,且大于预置数据压缩包的大小。(3) If the size of the preset data compression package is smaller than the size of the backup partition, an original backup partition image file (such as backup_raw.img) is generated. The size of the original backup partition image file is smaller than the size of the backup partition and larger than the size of the preset data compression package.
(4)根据备份分区的文件系统类型将原始备份分区镜像文件进行格式化,得到包含文件系统类型的可读写文件系统备份分区镜像文件(如bakcup_fs.img)。(4) The original backup partition image file is formatted according to the file system type of the backup partition to obtain a readable and writable file system backup partition image file (such as bakcup_fs.img) containing the file system type.
(5)将可读写文件系统备份分区镜像文件挂载至预设挂载目录,并将预置数据压缩包拷贝至预设挂载目录的预设路径。(5) The readable and writable file system backup partition image file is mounted to a preset mounting directory, and the preset data compression package is copied to a preset path of the preset mounting directory.
(6)卸载可读写文件系统备份分区镜像文件,以此将预置数据压缩包预置到可读写文件系统备份分区镜像文件中。(6) Uninstalling the readable and writable file system backup partition image file, thereby presetting the preset data compression package into the readable and writable file system backup partition image file.
(7)根据备份分区的名字对包含预置数据压缩包的可读写文件系统备份分区镜像文件进行重命名,得到备份分区镜像文件(如backup.img)。(7) The readable and writable file system backup partition image file containing the preset data compression package is renamed according to the name of the backup partition to obtain a backup partition image file (such as backup.img).
(8)根据备份分区信息魔幻数、备份体数字摘要算法类型、备份体数字摘要密文大小、备份体数字摘要密文和备份体生成备份分区信息。(8) Generate backup partition information according to the backup partition information magic number, the backup body digital summary algorithm type, the backup body digital summary ciphertext size, the backup body digital summary ciphertext and the backup body.
备份体由备份分区的名字、备份分区的文件系统类型、预置数据压缩包在备份分区中的路径和预置数据压缩包数字摘要共同组成。根据备份体数字摘要算法类型对应的数字摘要算法计算预置数据压缩包的数字摘要,并将得到的预置数据压缩包数字摘要保存到备份体中。根据备份体数字摘要算法类型对应的数字摘要算法计算备份体的数字摘要,并对计算得到的备份体数字摘要使用预设的针对备份分区信息的对称加密算法和密钥进行加密,得到备份体数字摘要密文和备份体数字摘要密文大小。The backup body is composed of the name of the backup partition, the file system type of the backup partition, the path of the preset data compression package in the backup partition, and the digital summary of the preset data compression package. The digital summary of the preset data compression package is calculated according to the digital summary algorithm corresponding to the backup body digital summary algorithm type, and the obtained digital summary of the preset data compression package is saved in the backup body. The digital summary of the backup body is calculated according to the digital summary algorithm corresponding to the backup body digital summary algorithm type, and the calculated backup body digital summary is encrypted using the preset symmetric encryption algorithm and key for the backup partition information to obtain the backup body digital summary ciphertext and the backup body digital summary ciphertext size.
(9)在引导通信分区的第一预设位置写入备份分区加密数据区预置指令,并在引导通信分区的第二预设位置写入备份分区信息,生成包含备份信息的引导通信分区镜像文件(如misc.img)。(9) Write the backup partition encrypted data area preset instruction at the first preset position of the boot communication partition, and write the backup partition information at the second preset position of the boot communication partition to generate a boot communication partition image file (such as misc.img) containing the backup information.
在步骤203,将备份分区镜像文件和引导通信分区镜像文件烧录至设备的备份分区。In step 203, the backup partition image file and the boot communication partition image file are burned to the backup partition of the device.
在步骤204,启动设备,在启动引导程序(如uboot)中,判断引导通信分区的第一预设位置是否存在备份分区加密数据区预置指令或恢复出厂设置指令,若是,则执行步骤205,若否,则继续执行引导流程,引导设备进入系统,执行步骤206。In step 204, the device is started, and in the boot program (such as uboot), it is determined whether there is a backup partition encrypted data area preset instruction or a factory reset instruction in the first preset position of the boot communication partition. If so, step 205 is executed. If not, the boot process is continued to boot the device into the system and step 206 is executed.
在步骤205,引导设备进入恢复模式(如recovery),具体包括以下(1)至(4)。In step 205, the device is booted to enter a recovery mode (such as recovery), which specifically includes the following (1) to (4).
(1)判断引导通信分区的第一预设位置是否存在备份分区加密数据区预置指令,若是,则执行(2)至(3),若否,则执行(4)。(1) Determine whether there is a backup partition encrypted data area preset instruction at the first preset position of the boot communication partition. If so, execute (2) to (3). If not, execute (4).
(2)从引导通信分区的第二预设位置读取备份分区信息,并根据备份分区信息将备份分区的文件系统容量扩展成备份分区的实际大小,具体包括以下(2-1)至(2-4)。(2) Reading the backup partition information from the second preset position of the boot communication partition, and expanding the file system capacity of the backup partition to the actual size of the backup partition according to the backup partition information, specifically including the following (2-1) to (2-4).
(2-1)检查备份分区信息魔幻数是否为预设魔幻数,如果否,则执行(2-2),如果是,则执行(2-3)至(2-4)。(2-1) Check whether the magic number of the backup partition information is the preset magic number. If not, execute (2-2). If yes, execute (2-3) to (2-4).
(2-2)将引导通信分区中第一预设位置中的备份分区加密数据区预置指令清除,退出加密数据预置流程以及恢复模式。(2-2) Clear the backup partition encrypted data area preset instruction in the first preset position in the boot communication partition, and exit the encrypted data preset process and recovery mode.
(2-3)根据备份分区信息中的备份体数字摘要算法类型对应的数字摘要算法计算备份分区信息中的备份体的数字摘要,并对计算出的备份体数字摘要使用预设的针对备份分区信息的对称加密算法和密钥进行加密,得到备份体数字摘要密文和备份体数字摘要密文大小。(2-3) Calculate the digital digest of the backup body in the backup partition information according to the digital digest algorithm corresponding to the backup body digital digest algorithm type in the backup partition information, and encrypt the calculated digital digest of the backup body using the preset symmetric encryption algorithm and key for the backup partition information to obtain the backup body digital digest ciphertext and the backup body digital summary ciphertext size.
(2-4)比较计算出的备份体数字摘要密文大小是否和备份分区信息中的备份体数字摘要密文大小相同,若不相同,则将引导通信分区中第一预设位置中的备份分区加密数据区预置指令清除,退出加密数据预置流程以及恢复模式,若相同,则检查计算出的备份体数字摘要密文是否和备份分区信息中的备份体数字摘要密文完全相同,若否,则将引导通信分区中第一预设位置中的备份分区加密数据区预置指令清除,退出加密数据预置流程以及恢复模式,若是,则根据备份分区信息中备份体的备份分区的名字和备份分区的文件系统类型,将备份分区的文件系统容量扩展成备份分区的实际大小。(2-4) Compare the calculated backup digital summary ciphertext size to see if it is the same as the backup digital summary ciphertext size in the backup partition information. If not, clear the backup partition encrypted data area preset instruction in the first preset position in the boot communication partition, and exit the encrypted data preset process and recovery mode. If they are the same, check whether the calculated backup digital summary ciphertext is exactly the same as the backup digital summary ciphertext in the backup partition information. If not, clear the backup partition encrypted data area preset instruction in the first preset position in the boot communication partition, and exit the encrypted data preset process and recovery mode. If so, expand the file system capacity of the backup partition to the actual size of the backup partition based on the name of the backup partition of the backup body in the backup partition information and the file system type of the backup partition.
(3)重新擦除和格式化用户数据分区(如data),并清除引导通信分区中第三预设位置的预置完成标记,清除引导通信分区中第一预设位置的备份分区加密数据区预置指令,退出加密数据预置流程以及恢复模式,重启设备。(3) Re-erase and format the user data partition (such as data), clear the preset completion mark at the third preset position in the boot communication partition, clear the backup partition encrypted data area preset instruction at the first preset position in the boot communication partition, exit the encrypted data preset process and recovery mode, and restart the device.
(4)判断引导通信分区的所述第一预设位置是否存在恢复出厂设置指令,若否,则退出恢复出厂设置流程,若是,则执行(4-1)至(4-2)。(4) Determine whether there is a factory reset instruction at the first preset position of the guide communication partition. If not, exit the factory reset process. If so, execute (4-1) to (4-2).
(4-1)恢复出厂设置操作,该恢复出厂设置操作重新擦除和格式化用户数据分区,但不重新擦除和格式化备份分区。(4-1) A factory reset operation, which re-erases and formats the user data partition but does not re-erase and format the backup partition.
(4-2)从引导通信分区中的第二预设位置读取备份分区信息,检查备份分区信息中的备份分区信息魔幻数是否与预设魔幻数一致,若不一致,则清除引导通信分区中的第一预设位置的恢复出厂设置指令,并退出恢复出厂设置流程,若一致,则清除引导通信分区中第三预设位置的预置完成标记,清除引导通信分区中第一预设位置的恢复出厂设置指令,并退出恢复出厂设置流程,重启设备。(4-2) Read the backup partition information from the second preset position in the boot communication partition, check whether the backup partition information magic number in the backup partition information is consistent with the preset magic number, if not, clear the factory reset instruction at the first preset position in the boot communication partition, and exit the factory reset process, if consistent, clear the preset completion mark at the third preset position in the boot communication partition, clear the factory reset instruction at the first preset position in the boot communication partition, exit the factory reset process, and restart the device.
当执行恢复出厂设置操作时,在引导通信分区中第一预设位置写入恢复出厂设置指令后,重启设备。When performing a factory reset operation, a factory reset instruction is written to the first preset location in the boot communication partition, and then the device is restarted.
在步骤206,在系统启动过程中,使用预设数据加解密服务确保用户数据区按照预设加密方式进行加密,加密完成后将用户数据区对应的物理块设备(如/dev/block/by-name/data)通过操作系统内核的设备映射机制(如device mapper)映射成虚拟块设备(如/dev/block/dm-1),并将虚拟块设备挂载至预设的代表用户数据分区的挂载目录(如data)。In step 206, during the system startup process, the preset data encryption and decryption service is used to ensure that the user data area is encrypted according to the preset encryption method. After the encryption is completed, the physical block device corresponding to the user data area (such as /dev/block/by-name/data) is mapped to a virtual block device (such as /dev/block/dm-1) through the device mapping mechanism of the operating system kernel (such as device mapper), and the virtual block device is mounted to the preset mount directory representing the user data partition (such as data).
在步骤207,使用加密数据预置服务检测预设的代表用户数据分区的挂载目录是否已经挂载虚拟块设备,若已挂载完成,则开启数据预置流程,以对用户数据分区进行数据预置,具体包括以下(1)至(3)。In step 207, the encrypted data pre-setting service is used to detect whether the preset mount directory representing the user data partition has been mounted on the virtual block device. If it has been mounted, the data pre-setting process is started to pre-set data for the user data partition, which specifically includes the following (1) to (3).
(1)使用加密数据预置服务检查引导通信分区中第三预设位置是否存在预置完成标记,若存在,则退出加密数据预置服务,若不存在,则执行(2)。(1) Use the encrypted data presetting service to check whether there is a presetting completion mark at the third preset position in the boot communication partition. If so, exit the encrypted data presetting service. If not, execute (2).
(2)检查预设的代表用户数据分区的挂载目录是否已经挂载虚拟块设备,若未挂载完成,则等待预设时间后,返回执行(1),若已挂载完成,则执行(3)。(2) Check whether the preset mount directory representing the user data partition has been mounted on the virtual block device. If not, wait for a preset time and return to execute (1). If it has been mounted, execute (3).
(3)从引导通信分区中第二预设位置读取备份分区信息,并检查备份分区信息中的备份分区魔幻数是否与预设魔幻数一致,若不一致,则退出加密数据预置服务,若一致,则执行(3-1)至(3-5)。(3) Read the backup partition information from the second preset position in the boot communication partition, and check whether the backup partition magic number in the backup partition information is consistent with the preset magic number. If not, exit the encrypted data presetting service. If consistent, execute (3-1) to (3-5).
(3-1)根据备份分区信息中的备份体数字摘要算法类型对应的数字摘要算法计算备份分区信息中的备份体的数字摘要,并对计算出的备份体数字摘要使用预设的针对备份分区信息的对称加密算法和密钥进行加密,得到备份体数字摘要密文和备份体数字摘要密文大小。(3-1) Calculate the digital digest of the backup body in the backup partition information according to the digital digest algorithm corresponding to the backup body digital digest algorithm type in the backup partition information, and encrypt the calculated digital digest of the backup body using the preset symmetric encryption algorithm and key for the backup partition information to obtain the backup body digital digest ciphertext and the backup body digital digest ciphertext size.
(3-2)若计算出的备份体数字摘要密文大小和备份分区信息中的备份体数字摘要密文大小相同,且计算出的备份体数字摘要密文和备份分区信息中的备份体数字摘要密文相同,则根据备份分区信息中的备份体的备份分区的名字确定与备份分区相对应的块设备节点(如/dev/block/by-name/backup),并检查备份分区是否已经挂载,若没有挂载,则挂载备份分区,并根据备份分区信息中的备份体的预置数据压缩包在备份分区中的路径,检查是否存在对应的预置数据压缩包,如果不存在,则退出加密数据预置服务,如果存在,则根据备份分区信息中的备份体数字摘要算法类型对应的数字摘要算法计算备份分区中的预置数据压缩包的数字摘要。(3-2) If the calculated backup body digital summary ciphertext size is the same as the backup body digital summary ciphertext size in the backup partition information, and the calculated backup body digital summary ciphertext is the same as the backup body digital summary ciphertext in the backup partition information, then determine the block device node corresponding to the backup partition according to the name of the backup partition of the backup body in the backup partition information (such as /dev/block/by-name/backup), and check whether the backup partition has been mounted. If not, mount the backup partition, and check whether there is a corresponding preset data compression package according to the path of the preset data compression package of the backup body in the backup partition information in the backup partition. If not, exit the encrypted data presetting service. If so, calculate the digital summary of the preset data compression package in the backup partition according to the digital summary algorithm corresponding to the backup body digital summary algorithm type in the backup partition information.
(3-3)若计算出的预置数据压缩包数字摘要和备份分区信息中的备份体的预置数据压缩包数字摘要相同,则将备份分区中的预置数据压缩包解压至预设的代表用户数据分区的挂载目录,并通过预设数据加解密服务对解压后的预置数据进行自动加密后写入实际的用户数据分区,在引导通信分区中第三预设位置写入预置完成标记,以完成用户数据分区的数据预置,并退出加密数据预置服务。(3-3) If the calculated digital digest of the preset data compression package is the same as the digital digest of the preset data compression package of the backup body in the backup partition information, the preset data compression package in the backup partition is decompressed to the preset mount directory representing the user data partition, and the decompressed preset data is automatically encrypted through the preset data encryption and decryption service and written into the actual user data partition, and a preset completion mark is written into the third preset position in the boot communication partition to complete the data preset of the user data partition, and the encrypted data preset service is exited.
(3-4)若计算出的预置数据压缩包数字摘要和备份分区信息中的备份体的预置数据压缩包数字摘要不相同,则退出加密数据预置服务。(3-4) If the calculated digital summary of the preset data compression package is different from the digital summary of the preset data compression package of the backup body in the backup partition information, the encrypted data presetting service is exited.
(3-5)若计算出的备份体数字摘要密文大小和备份分区信息中的备份体数字摘要密文大小不相同,或计算出的备份体数字摘要密文和备份分区信息中的备份体数字摘要密文不相同,则退出加密数据预置服务。(3-5) If the calculated backup volume digital summary ciphertext size is different from the backup volume digital summary ciphertext size in the backup partition information, or the calculated backup volume digital summary ciphertext is different from the backup volume digital summary ciphertext in the backup partition information, then exit the encrypted data pre-setting service.
在步骤208,使用用户数据区的预置数据的服务或者应用时,检查引导通信分区中第三预设位置是否存在预置完成标记,若存在,则继续使用用户数据区的预置数据的服务或者应用,若不存在,则等待预设时间后,返回执行检查引导通信分区中第三预设位置是否存在预置完成标记。In step 208, when using the service or application of the preset data in the user data area, check whether there is a preset completion mark at the third preset position in the boot communication partition. If so, continue to use the service or application of the preset data in the user data area. If not, wait for a preset time and return to check whether there is a preset completion mark at the third preset position in the boot communication partition.
根据本发明的又一方面,图3是示出根据本发明实施例的电子设备300的示意图。参照图3,该电子设备300包括存储器302和处理器304。所述存储器302被配置为存储可在处理器304上运行的计算机程序。所述处理器304执行所述计算机程序时实现如上面描述的数据预置方法的各个步骤。According to another aspect of the present invention, FIG3 is a schematic diagram showing an electronic device 300 according to an embodiment of the present invention. Referring to FIG3, the electronic device 300 includes a memory 302 and a processor 304. The memory 302 is configured to store a computer program that can be run on the processor 304. When the processor 304 executes the computer program, each step of the data presetting method described above is implemented.
根据本发明的又一方面,提供了一种计算机可读介质。该计算机可读介质上存储有计算机程序,该计算机程序被处理器执行以实现如上面描述的数据预置方法。According to another aspect of the present invention, a computer readable medium is provided, wherein a computer program is stored on the computer readable medium, and the computer program is executed by a processor to implement the data presetting method described above.
综上所述,本发明提供的数据预置方法、电子设备和存储介质,获取备份分区镜像文件和包含备份信息的引导通信分区镜像文件,备份分区镜像文件和引导通信分区镜像文件根据需要预置到用户数据分区的预置数据目录、引导通信分区镜像和预置数据镜像配置文件而生成,将备份分区镜像文件和引导通信分区镜像文件烧录至设备的备份分区,基于备份分区中的备份分区镜像文件和引导通信分区镜像文件对用户数据分区进行数据预置,即直接将数据预置到备份分区,再从备份分区将数据预置到用户数据分区,即便是用户数据分区加密的场景,也能够实现数据预置,从而实现了对加密的用户数据分区进行数据预置,且不会导致系统固件永久性变大。并且,当进行恢复出厂设置时简单方便,由于备份分区中已经包含有预置数据压缩包,所以恢复出厂设置后可以使用备份分区中的预置数据压缩包来重新内置数据到用户数据分区。In summary, the data presetting method, electronic device and storage medium provided by the present invention obtain a backup partition image file and a boot communication partition image file containing backup information, the backup partition image file and the boot communication partition image file are generated according to the preset data directory, boot communication partition image and preset data image configuration file of the user data partition as needed, the backup partition image file and the boot communication partition image file are burned to the backup partition of the device, and the user data partition is preset based on the backup partition image file and the boot communication partition image file in the backup partition, that is, the data is directly preset to the backup partition, and then the data is preset from the backup partition to the user data partition, even in the scenario where the user data partition is encrypted, data presetting can be achieved, thereby achieving data presetting for the encrypted user data partition, and will not cause the system firmware to become permanently larger. In addition, it is simple and convenient when restoring the factory settings, because the backup partition already contains a preset data compression package, so after restoring the factory settings, the preset data compression package in the backup partition can be used to re-embed the data into the user data partition.
以上所述仅为本发明的实施例,并非因此限制本发明的专利范围,凡是利用本发明说明书及附图内容所作的等同变换,或直接或间接运用在相关的技术领域,均同理包括在本发明的专利保护范围内。The above descriptions are merely embodiments of the present invention and are not intended to limit the patent scope of the present invention. Any equivalent transformations made using the contents of the present invention's specification and drawings, or directly or indirectly applied in related technical fields, are also included in the patent protection scope of the present invention.
Claims (14)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410272642.0A CN118244980A (en) | 2024-03-11 | 2024-03-11 | Data presetting method, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410272642.0A CN118244980A (en) | 2024-03-11 | 2024-03-11 | Data presetting method, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN118244980A true CN118244980A (en) | 2024-06-25 |
Family
ID=91550309
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410272642.0A Pending CN118244980A (en) | 2024-03-11 | 2024-03-11 | Data presetting method, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN118244980A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN118626021A (en) * | 2024-06-27 | 2024-09-10 | 瑞芯微电子股份有限公司 | Data presetting method, electronic device and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20140142782A (en) * | 2013-06-04 | 2014-12-15 | 고려대학교 산학협력단 | Apparatus and method for obtaining data assuring data integrity of user's data in a device |
| US20210042448A1 (en) * | 2019-08-07 | 2021-02-11 | Samsung Electronics Co., Ltd. | Electronic device operating encryption for user data |
| US20230229424A1 (en) * | 2021-07-30 | 2023-07-20 | Honor Device Co., Ltd. | Operating System Upgrade Method and Device, Storage Medium, and Computer Program Product |
| CN116578307A (en) * | 2023-04-11 | 2023-08-11 | 瑞芯微电子股份有限公司 | Data presetting method, electronic device and computer readable storage medium |
-
2024
- 2024-03-11 CN CN202410272642.0A patent/CN118244980A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20140142782A (en) * | 2013-06-04 | 2014-12-15 | 고려대학교 산학협력단 | Apparatus and method for obtaining data assuring data integrity of user's data in a device |
| US20210042448A1 (en) * | 2019-08-07 | 2021-02-11 | Samsung Electronics Co., Ltd. | Electronic device operating encryption for user data |
| US20230229424A1 (en) * | 2021-07-30 | 2023-07-20 | Honor Device Co., Ltd. | Operating System Upgrade Method and Device, Storage Medium, and Computer Program Product |
| CN116578307A (en) * | 2023-04-11 | 2023-08-11 | 瑞芯微电子股份有限公司 | Data presetting method, electronic device and computer readable storage medium |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN118626021A (en) * | 2024-06-27 | 2024-09-10 | 瑞芯微电子股份有限公司 | Data presetting method, electronic device and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20110004871A1 (en) | Embedded electronic device and firmware updating method thereof | |
| US20050085222A1 (en) | Software updating process for mobile devices | |
| CN107526608B (en) | OTA upgrade package upgrading method and device | |
| US20250307410A1 (en) | Firmware update method for embedded device, embedded device, and development end device | |
| KR20050061378A (en) | Applying custom software image updates to non-volatile storage in a failsafe manner | |
| US7500093B2 (en) | Startup program execution method, device, storage medium, and program | |
| US7013392B1 (en) | File processing unit | |
| CN108509215B (en) | System software replacing method and device, terminal equipment and storage medium | |
| CN116578307A (en) | Data presetting method, electronic device and computer readable storage medium | |
| CN110321082B (en) | Data clearing method and device for computer | |
| JP2002099441A (en) | Communication terminal device and operation method of communication terminal device | |
| CN118244980A (en) | Data presetting method, electronic equipment and storage medium | |
| CN118797745A (en) | A signature method, signature verification method and system for custom image files | |
| CN112269601B (en) | BMC (baseboard management controller) and component asset information management method, device and storage medium thereof | |
| CN118567692A (en) | Firmware upgrading method, product, equipment and medium for basic input/output system | |
| US8578359B2 (en) | Method and apparatus for reliable in-place update | |
| CN112596800A (en) | U-Boot image upgrading and checking method and device and electronic equipment | |
| JP2003157204A (en) | Data rewriting device, data rewriting method, and storage medium | |
| CN107257281B (en) | Method, device and computer-readable storage medium for NOR FLASH storage key record | |
| CN118626021A (en) | Data presetting method, electronic device and storage medium | |
| JP2000250818A (en) | Storage system, storage device and stored data protecting method | |
| CN110681153B (en) | Game archive management system, method, computer device, and medium | |
| TWI416319B (en) | Boot method for computer system using redundant array of independent disks | |
| WO2007145316A1 (en) | Memory controller, nonvolatile storage device, and nonvolatile storage device system | |
| CN119336548B (en) | Cloud hard disk backup method and device, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |