Search

CN-116702098-B - Application program deployment method, boot device, singlechip and medium

CN116702098BCN 116702098 BCN116702098 BCN 116702098BCN-116702098-B

Abstract

The invention discloses an application program deployment method and a related device, wherein the method is applied to a Boot device and comprises the steps of performing memory erasure on partitions except a Boot area in a memory when the application program is detected to be not downloaded, performing application program downloading on the application program when the memory erasure is completed, performing application program deployment on the application program in the memory when the application program downloading is completed, jumping to the application program to enable the application program to be started when the application program deployment is completed, performing execution protection on sentences corresponding to appointed sentence types, appointed functions and comparison operation when the memory erasure, the application program downloading and the application program deployment are performed, performing targeted protection on appointed sentence types, appointed functions and comparison operation which are required to be executed in an application program deployment link, avoiding the condition that an attacker maliciously guides the Boot to execute wrong sentences in the application program deployment link to cause a singlechip to be cracked, and further guaranteeing the safety of the singlechip effectively.

Inventors

  • HE JUNLING

Assignees

  • 国民技术股份有限公司

Dates

Publication Date
20260512
Application Date
20220225

Claims (10)

  1. 1. An application deployment method is characterized by being applied to a Boot device, and comprises the following steps: when the fact that the application program is not downloaded is detected, memory erasing is carried out on the partitions except the Boot area in the memory; When the memory is erased, downloading the application program, and when the application program is downloaded, deploying the application program in the memory; When the application program deployment is completed, jumping to the application program to enable the application program to be started; When the memory is erased, the application program is downloaded and the application program is deployed, executing protection is carried out on sentences corresponding to the appointed sentence types, the appointed functions and the comparison operation; the specified statement types comprise conditional statements, cyclic statements and specified statements; The protection logic corresponding to the conditional statement is used for executing protection based on the variable and the judgment condition value in the conditional statement, and the protection logic corresponding to the cyclic statement is used for executing protection based on the judgment condition in the cyclic statement and the execution round of the cyclic statement; The protection logic of the statement corresponding to the specified function is used for executing protection based on the return value of the specified function; and the protection logic of the statement corresponding to the comparison operation is used for executing protection by calling the comparison function in the preset algorithm library.
  2. 2. The application deployment method of claim 1, wherein the application download of the application comprises: Generating a download key by using the random number, and encrypting and downloading the application program by using the download key; and when the application program is obtained, carrying out integrity check on the application program, and judging that the application program is completely downloaded when the check is passed.
  3. 3. The application deployment method of claim 1, further comprising, prior to detecting that the application is not downloaded: Extracting a download zone bit from a preset zone bit list, and performing inverse processing on the download zone bit; Judging whether the processed download flag bit indicates that the application program is not downloaded; If yes, judging that the application program is not downloaded; correspondingly, before jumping to the application program, the method further comprises: Updating the download zone bit to represent that the application program is downloaded, and performing the inverse processing on the updated download zone bit; and saving the processed download zone bit to the preset zone bit list.
  4. 4. The application deployment method of claim 3, further comprising, prior to jumping to the application: extracting a seal zone bit and a debug disable zone bit from the preset zone bit list, wherein the seal zone bit is used for disabling a user mode, and the debug disable zone bit is used for disabling a debug function; Setting the seal zone bit and the debugging forbidden zone bit to preset effective values, performing the inverse processing, and storing the processed seal zone bit and debugging forbidden zone bit into the preset zone bit list.
  5. 5. The application deployment method of claim 1, further comprising, prior to detecting that the application is not downloaded: When the primary power-on of the singlechip is detected, reading preset MPU partition information, wherein the MPU partition information comprises the positions and the operation authority information of all partitions in the memory; And configuring all partitions in the memory by utilizing the MPU partition information.
  6. 6. The application deployment method according to claim 1, wherein the erasing the partition except the Boot area in the memory comprises: The memory is erased for the partition, and whether the memories are restored to initial values is detected after the memory is erased; if yes, determining that the memory erase is completed.
  7. 7. The application deployment method according to any one of claims 1 to 6, wherein performing protection on the statement corresponding to the specified statement type, the specified function, and the comparison operation comprises: determining the type of a current sentence when the current sentence is executed; If the current sentence is a conditional sentence, comparing a variable in the current sentence with a judgment condition value to obtain a first comparison result, and comparing the variable with the judgment condition value to obtain a second comparison result after performing inversion processing; If the current sentence is a circulating sentence, extracting a judging condition value in the current sentence, executing the current sentence and recording an executing turn, judging whether the judging condition value and the executing turn are the same as a corresponding first preset value when the executing of the current sentence is jumped out, and executing the next sentence if the judging condition value and the executing turn are the same as the corresponding first preset value; if the current sentence is a specified sentence, delaying according to the randomly generated waiting time, and executing the current sentence after the delay is finished, and/or delaying according to the waiting time when the execution of the current sentence is finished, and executing the next sentence after the delay is finished; If the current statement is the specified function, checking the return value of the current statement, and executing the next statement after the checking is completed; and if the current statement is the comparison operation, calling a comparison function in a preset algorithm library to execute the comparison operation, and executing the next statement after the comparison operation is completed.
  8. 8. The Boot device is characterized by comprising: the erasing module is used for erasing the memory of the partition except the Boot area in the memory when the application program is not downloaded; The downloading and deploying module is used for downloading the application program from the application program when the memory is erased, and deploying the application program from the memory when the application program is downloaded; The program starting module is used for jumping to the application program when the application program deployment is completed, so that the application program is started; the execution protection module is used for executing protection on sentences corresponding to the appointed sentence types, the appointed functions and the comparison operation when the memory is erased, the application program is downloaded and the application program is deployed; The specific statement type comprises a conditional statement, a circulating statement and a specific statement, the protection logic corresponding to the conditional statement is used for executing protection based on a variable and a judging condition value in the conditional statement, the protection logic corresponding to the circulating statement is used for executing protection based on the judging condition in the circulating statement and the executing round of the circulating statement, the protection logic corresponding to the specific statement is used for executing protection based on the randomly generated waiting time corresponding to the specific statement, the protection logic of the statement corresponding to the specific function is used for executing protection based on the return value of the specific function, and the protection logic of the statement corresponding to the comparison operation is used for executing protection in a mode of calling the comparison function in a preset algorithm library.
  9. 9. The utility model provides a singlechip which characterized in that includes: A memory for storing a computer program; A processor for implementing the application deployment method according to any of claims 1 to 7 when executing the computer program.
  10. 10. A computer readable storage medium having stored therein computer executable instructions which when loaded and executed by a processor implement the application deployment method of any of claims 1 to 7.

Description

Application program deployment method, boot device, singlechip and medium Technical Field The invention relates to the field of singlechips, in particular to an application program deployment method, a Boot device, a singlechip and a computer readable storage medium. Background In the field of the Internet of things, the singlechip (Microcontroller Unit, MCU) can provide effective protective measures for business privacy and data security through a security mechanism of a hardware layer, but has weak protective capability at a software application layer, for example, when an application program is deployed, the singlechip lacks detection and protective mechanisms for a deployment process, and further the singlechip is easily cracked in the application program deployment process. Disclosure of Invention The invention aims to provide an application program deployment method, a Boot device, a singlechip and a computer readable storage medium, which can carry out targeted protection on specific sentences required to be executed by the Boot device in an application program deployment link, further can effectively avoid the condition that an intelligent card is cracked in the application program deployment link, and can effectively ensure the safety of the intelligent card. In order to solve the technical problems, the invention provides an application program deployment method, which is applied to a Boot device, and comprises the following steps: when the fact that the application program is not downloaded is detected, memory erasing is carried out on the partitions except the Boot area in the memory; When the memory is erased, downloading the application program, and when the application program is downloaded, deploying the application program in the memory; When the application program deployment is completed, jumping to the application program to enable the application program to be started; And executing protection on sentences corresponding to the appointed sentence types, the appointed functions and the comparison operation when the memory is erased, the application program is downloaded and the application program is deployed. Preferably, the downloading the application program includes: Generating a download key by using the random number, and encrypting and downloading the application program by using the download key; and when the application program is obtained, carrying out integrity check on the application program, and judging that the application program is completely downloaded when the check is passed. Preferably, before detecting that the application is not downloaded, the method further comprises: Extracting a download zone bit from a preset zone bit list, and performing inverse processing on the download zone bit; Judging whether the processed download flag bit indicates that the application program is not downloaded; If yes, judging that the application program is not downloaded; correspondingly, before jumping to the application program, the method further comprises: Updating the download zone bit to represent that the application program is downloaded, and performing the inverse processing on the updated download zone bit; and saving the processed download zone bit to the preset zone bit list. Preferably, before jumping to the application program, the method further comprises: extracting a seal zone bit and a debug disable zone bit from the preset zone bit list, wherein the seal zone bit is used for disabling a user mode, and the debug disable zone bit is used for disabling a debug function; Setting the seal zone bit and the debugging forbidden zone bit to preset effective values, performing the inverse processing, and storing the processed seal zone bit and debugging forbidden zone bit into the preset zone bit list. Preferably, before detecting that the application is not downloaded, the method further comprises: When the primary power-on of the singlechip is detected, reading preset MPU partition information, wherein the MPU partition information comprises the positions and the operation authority information of all partitions in the memory; And configuring all partitions in the memory by utilizing the MPU partition information. Preferably, the erasing the memory of the partition except the Boot area includes: The memory is erased for the partition, and whether the memories are restored to initial values is detected after the memory is erased; if yes, determining that the memory erase is completed. Preferably, the performing protection on the statement corresponding to the specified statement type, the specified function and the comparison operation includes: determining the type of a current sentence when the current sentence is executed; If the current sentence is a conditional sentence, comparing a variable in the current sentence with a judgment condition value to obtain a first comparison result, and comparing the variable with the judgment condition value to obtain a second compari