Search

CN-121985346-A - Secure start optimization method, device, system, chip and storage medium of terminal system

CN121985346ACN 121985346 ACN121985346 ACN 121985346ACN-121985346-A

Abstract

The invention discloses a safe starting optimization method, a safe starting optimization device, a safe starting optimization system, a safe starting optimization chip and a safe starting optimization storage medium of a terminal system, and belongs to the technical field of embedded system safety. The method is applied to a developing terminal, and comprises the steps of creating a new target starting root key when detecting that an initial starting root private key of a device terminal is leaked, wherein the target starting root key comprises a target starting root private key and a target starting root public key, obtaining a standby starting root public key version number of the device terminal, creating a target starting root public key version number based on the standby starting root public key version number, obtaining a safe starting root private key of the device terminal, signing the target starting root public key based on the safe starting root private key to obtain a target starting root public key signature, and sending a target public key triplet to the device terminal based on a safe channel. The invention provides a new paradigm with important reference value for future development of the security start architecture of the embedded equipment.

Inventors

  • PAN LANLAN

Assignees

  • 深圳开鸿数字产业发展有限公司

Dates

Publication Date
20260505
Application Date
20251225

Claims (20)

  1. 1. The safe starting optimization method of the terminal system is characterized by being applied to a development terminal, and comprises the following steps: when the leakage of an initial starting root private key of the equipment end is detected, a new target starting root key is created, wherein the target starting root key comprises a target starting root private key and a target starting root public key; acquiring a standby starting root public key version number of the equipment terminal, and creating a target starting root public key version number based on the standby starting root public key version number, wherein the target starting root public key version number is larger than the standby starting root public key version number; The secure boot root private key of the equipment end is obtained, the target boot root public key is signed based on the secure boot root private key, and a target boot root public key signature is obtained; And transmitting a target public key triplet to the equipment terminal based on a secure channel, wherein the target public key triplet consists of the target starting root public key, the target starting root public key version number and the target starting root public key signature.
  2. 2. The method for optimizing secure boot of a terminal system according to claim 1, wherein before detecting the initial root private key leakage of the device side, the method further comprises: Constructing a secure boot root public key and the secure boot root private key, and writing a hash value of the secure boot root public key into an OTP region of the equipment end to obtain a secure root public key abstract which is used as a secure boot trust root of the equipment end; Constructing an initial starting root public key and the initial starting root private key, and acquiring an initial public key triplet based on the initial starting root public key, wherein the initial public key triplet comprises an initial starting root public key version number, an initial starting root public key and an initial starting root public key signature; and writing the version number of the initial starting root public key and the hash value of the initial starting root public key into an OTP region of the equipment end to obtain an initial root public key abstract which is used as a verifiable starting trust root of the equipment end.
  3. 3. The method for optimizing secure boot of a terminal system according to claim 2, wherein before detecting the initial root private key leakage of the device side, the method further comprises: and signing the SBL firmware content of the equipment end based on the secure boot root private key to obtain an SBL signature so as to ensure the integrity and the source credibility of the SBL firmware of the equipment end.
  4. 4. The method for optimizing secure boot of a terminal system according to claim 2, wherein before detecting the initial root private key leakage of the device side, the method further comprises: constructing root partition image content of the equipment terminal based on the initial starting root public key version number and the initial starting root public key, wherein the root partition image content comprises a root partition initial starting root public key version number and a root partition initial starting root public key; And signing the root partition mirror image content based on the initial starting root private key and writing the root partition mirror image content into a root partition mirror image to obtain an initial root partition signature, and writing the initial starting root public key into the root partition mirror image.
  5. 5. The method for optimizing secure boot of a terminal system according to claim 1, further comprising, after the creating of the new target boot root key: and signing the root partition image of the equipment terminal based on the target starting root private key, writing the root partition image into the root partition image, obtaining a target root partition signature, and writing the target starting root public key into the root partition image.
  6. 6. The safe starting optimization method of the terminal system is characterized by being applied to a device end, and comprises the following steps: receiving a target public key triplet sent by a development terminal, wherein the target public key triplet comprises a target starting root public key, a target starting root public key version number and a target starting root public key signature; extracting an initial standby public key triplet at a target storage position, verifying the target public key triplet based on the initial standby public key triplet, and if verification is successful, covering the target public key triplet to the target storage position to obtain a target standby public key triplet, wherein the target standby public key triplet comprises a target standby starting root public key version number, a target standby starting root public key and a target standby starting root public key signature; And starting the current system based on the updated standby public key triplet.
  7. 7. The method for secure boot optimization of a terminal system of claim 6, further comprising, prior to verifying the target public key triplet: Constructing the target storage position in a secure storage area, wherein the target storage position is used for storing a standby public key triplet; And acquiring an initial public key triplet, wherein the initial public key triplet comprises an initial starting root public key version number, an initial starting root public key and an initial starting root public key signature, storing the initial public key triplet as an initial standby public key triplet to the target storage position to obtain the initial standby public key triplet, and the initial standby public key triplet comprises an initial standby starting root public key version number, an initial standby starting root public key and an initial standby starting root public key signature.
  8. 8. The method of claim 6, wherein the target public key triplet is received based on a secure channel.
  9. 9. The secure boot optimization method of a terminal system of claim 7, wherein validating the target public key triplet based on the initial backup public key triplet, to obtain the target backup public key triplet, comprises: Comparing the target starting root public key version number with the initial standby starting root public key version number, if the target starting root public key version number is smaller than or equal to the initial standby starting root public key version number, failing verification, and prohibiting writing into the target public key triplet; If the target starting root public key version number is larger than the initial standby starting root public key version number, verifying the target starting root public key signature based on a safe starting root public key, and if verification fails, prohibiting writing into the target public key triplet; and if the verification is successful, the target public key triplet is used as a new standby public key triplet to be written into the target storage position, and the target standby public key triplet is obtained.
  10. 10. The secure boot optimization method of the terminal system according to claim 7, wherein the booting the current system based on the updated standby boot root public key comprises: in a system starting stage, if the local equipment is detected to be in an unlocked state, extracting the updated standby public key triplets from a target storage position; Acquiring an initial root public key abstract stored in an OTP region, wherein the initial root public key abstract is the initial starting root public key version number and a hash value of the initial starting root public key; Acquiring root partition data, wherein the root partition data comprises first root partition image content, a first root partition signature and a first root partition starting root public key which are stored in a first root partition image, and the first root partition image content comprises a first root partition starting root public key version number and a first root partition starting root public key; Outputting comparison results based on the initial root public key abstract, the root partition data and the target standby public key triples, normally entering a next starting stage if the comparison results are first comparison results, entering the next starting stage based on a feedback signal after a target prompt box is popped up if the comparison results are second comparison results, and prohibiting starting of the system if the comparison results are third comparison results.
  11. 11. The secure boot optimization method of the terminal system according to claim 10, wherein outputting a comparison result based on the initial root public key digest, the root partition data, and the target standby public key triplet, comprises: Acquiring a first hash value, wherein the first hash value is a version number of a starting root public key of the first root partition and a hash value of the starting root public key of the first root partition; And if the initial root public key digest is equal to the first hash value and the first root partition starting root public key is equal to the target standby starting root public key, outputting the first comparison result.
  12. 12. The secure boot optimization method of a terminal system of claim 11, wherein outputting a comparison result based on the initial root public key digest, the root partition data, and the target standby public key triplet, further comprising: if the initial root public key digest is not equal to the first hash value, but the first root partition starting root public key is equal to the target standby starting root public key, verifying the target standby starting root public key signature based on the safe starting root public key, outputting the first comparison result if verification is successful, and outputting the third comparison result if verification is failed.
  13. 13. The secure boot optimization method of a terminal system of claim 11, wherein outputting a comparison result based on the initial root public key digest, the root partition data, and the target standby public key triplet, further comprising: If the initial root public key digest is equal to the first hash value, but the first root partition starting root public key is not equal to the target standby starting root public key, checking the target standby starting root public key signature based on the safe starting root public key, outputting the second comparison result if the checking is successful, and outputting the third comparison result if the checking is failed.
  14. 14. The method for optimizing secure boot of a terminal system according to claim 10, wherein the target prompt box is configured to prompt the current device to use an expired signing key to suggest upgrades; The feedback signal is a signal for continuing to enter the next stage.
  15. 15. The method for optimizing secure boot of a terminal system according to claim 10, wherein after popping up the target prompt box, further comprising: receiving a first signal, wherein the first signal is a signal for agreeing to upgrade; And upgrading the current equipment based on an official root partition mirror image, wherein the official root partition mirror image comprises the target boot root public key and a target root partition signature, the target root partition signature is a signature which is performed by the development terminal based on a target boot root private key and the official root partition mirror image, and the target boot root private key and the target boot root public key are a group of key pairs.
  16. 16. A secure boot optimization device for a terminal system, the device comprising: The key creation module is used for creating a new target startup root key when the leakage of an initial startup root private key of the equipment end is detected, wherein the target startup root key comprises a target startup root private key and a target startup root public key; The version number creating module is used for obtaining a standby starting root public key version number of the equipment end, creating a target starting root public key version number based on the standby starting root public key version number, wherein the target starting root public key version number is larger than the standby starting root public key version number; The signature module is used for acquiring a secure boot root private key of the equipment end, and signing the target boot root public key based on the secure boot root private key to obtain a target boot root public key signature; and the key sending module is used for sending a target public key triplet to the equipment end based on a secure channel, wherein the target public key triplet consists of the target starting root public key, the target starting root public key version number and the target starting root public key signature.
  17. 17. A secure boot optimization device for a terminal system, the device comprising: the key receiving module is used for receiving a target public key triplet sent by the development terminal, wherein the target public key triplet comprises a target starting root public key, a target starting root public key version number and a target starting root public key signature; The key updating module is used for extracting an initial standby public key triplet at a target storage position, verifying the target public key triplet based on the initial standby public key triplet, and if verification is successful, covering the target public key triplet to the target storage position to obtain an updated target standby public key triplet, wherein the target standby public key triplet comprises a target standby starting root public key version number, a target standby starting root public key and a target standby starting root public key signature; And the starting module is used for starting the current system based on the updated standby public key triplet.
  18. 18. The safe starting optimization system of the terminal system is characterized by comprising a development end and a device end; The development terminal is used for realizing the steps of the safe start optimization method of the terminal system according to any one of claims 1-5; the device side is configured to implement the steps of the secure boot optimization method of the terminal system according to any one of claims 6-15.
  19. 19. A chip comprising a memory, a processor and a secure boot optimization program of an end system stored on the memory and operable on the processor, the secure boot optimization program of the end system, when executed by the processor, performing the steps of the secure boot optimization method of the end system according to any one of claims 1-5 or the steps of the secure boot optimization method of the end system according to any one of claims 6-15.
  20. 20. A computer readable storage medium, wherein the computer readable storage medium stores a secure boot optimization program of an end system, which when executed by a processor, implements the steps of the secure boot optimization method of the end system according to any one of claims 1-5, or the steps of the secure boot optimization method of the end system according to any one of claims 6-15.

Description

Secure start optimization method, device, system, chip and storage medium of terminal system Technical Field The invention relates to the technical field of embedded system security, in particular to a secure start optimization method, a secure start optimization device, a secure start optimization system, a secure start optimization chip and a secure start optimization storage medium of a terminal system. Background In the existing mobile terminal equipment security architecture, equipment manufacturers commonly deploy a security boot mechanism for ensuring system integrity. The mechanism is based on a hardware trust root, establishes a progressive digital signature verification chain from a bootloader to an operating system by solidifying a secure boot root public key digest in a one-time programmable memory, ensuring that the device can only run a system image signed by OEM (Original Equipment Manufacturer, terminal equipment vendor) authorization. To meet the requirements of the developer for debugging and customizing the system, the OEM provides a device unlocking function at the same time, and after unlocking the Bootloader, the user is allowed to brush into a third party system image, for example, a company a device is brushed into a company B system. However, current secure start-up schemes suffer from significant technical drawbacks. When the root private key is started by the operating system and is revealed due to internal disclosure, key management loopholes or supply chain attacks and the like, an attacker can forge a malicious system image with legal signature by utilizing the revealed private key. Because the verification public key digest is already solidified in the OTP (One-Time Programmable, one-time programmable memory) memory and is physically not updatable, even if the device is in Bootloader locked state, the malicious image can still pass through the complete verification chain, resulting in the device running the tampered system without perception by the user. The vulnerability causes a series of security problems such as user sensitive data theft, payment credential disclosure, privacy information disclosure, equipment control right loss and the like, and the conventional scheme based on OTP static storage cannot dynamically update a trust anchor point after the disclosure of a private key, so as to form permanent security threat. Therefore, there is a need for an enhanced mechanism that enables secure revocation and updating of compromised root keys on un-unlocked devices without relying on physical recall devices. Accordingly, there is a need for improvement and advancement in the art. Disclosure of Invention The invention mainly aims to provide a safe starting optimization method, device, system, chip and storage medium of a terminal system, and aims to solve the problem that a safe starting scheme in the prior art has obvious technical defects. In order to achieve the object, a first aspect of the present invention provides a secure start-up optimization method of a terminal system, which is applied to a development terminal, and the secure start-up optimization method of the terminal system includes: when the leakage of an initial starting root private key of the equipment end is detected, a new target starting root key is created, wherein the target starting root key comprises a target starting root private key and a target starting root public key; acquiring a standby starting root public key version number of the equipment terminal, and creating a target starting root public key version number based on the standby starting root public key version number, wherein the target starting root public key version number is larger than the standby starting root public key version number; The secure boot root private key of the equipment end is obtained, the target boot root public key is signed based on the secure boot root private key, and a target boot root public key signature is obtained; And transmitting a target public key triplet to the equipment terminal based on a secure channel, wherein the target public key triplet consists of the target starting root public key, the target starting root public key version number and the target starting root public key signature. In one implementation manner, before detecting the leakage of the initial root private key of the device side, the method further includes: Constructing a secure boot root public key and the secure boot root private key, and writing a hash value of the secure boot root public key into an OTP region of the equipment end to obtain a secure root public key abstract which is used as a secure boot trust root of the equipment end; Constructing an initial starting root public key and the initial starting root private key, and acquiring an initial public key triplet based on the initial starting root public key, wherein the initial public key triplet comprises an initial starting root public key version number, an initia