中圖分類號: TP309 文獻(xiàn)標(biāo)識碼: A DOI:10.16157/j.issn.0258-7998.212073 中文引用格式: 蘇振宇,徐崢,,劉雁鳴. SoPC安全啟動模型與設(shè)計實(shí)現(xiàn)[J].電子技術(shù)應(yīng)用,,2021,47(12):22-25,,30. 英文引用格式: Su Zhenyu,,Xu Zheng,Liu Yanming. Design and implementation of SoPC secure startup model[J]. Application of Electronic Technique,,2021,,47(12):22-25,30.
Design and implementation of SoPC secure startup model
Su Zhenyu,,Xu Zheng,,Liu Yanming
Security Technology Department,Inspur Electronic Information Industry Company Limited,,Jinan 250101,,China
Abstract: Concerning the security threats such as firmware tampering and malicious code implanting in the startup process of system on a programmable chip(SoPC), a secure startup model is proposed. The model takes boot ROM as the trust root, and the public key algorithm and symmetric cipher algorithm are used to sign the firmware in each phase of the startup process. The digital signature value of each firmware image is verified in turn after SoPC is powered on, so as to establish a complete trust chain. In the implementation stage, the model is designed and verified by using Intel field programmable gate array(FPGA) development platform, and two secure boot modes are realized. The results show that the model can be applied to chip development to meet the requirement of secure startup.
Key words : system on a programmable chip;secure startup,;field programmable gate array,;digital signature;firmware
0 引言
可編程片上系統(tǒng)(System on a Programmable Chip,,SoPC)是一種特殊的嵌入式系統(tǒng)[1],,由單個芯片完成整個系統(tǒng)的主要邏輯功能,通過軟硬件在系統(tǒng)可編程的功能使得設(shè)計方式具備可裁剪,、可擴(kuò)充,、可升級等靈活特性。在SoPC啟動過程中存在一定的安全風(fēng)險,,惡意軟件有可能會修改引導(dǎo)加載程序等固件,,使SoPC受到Rootkit攻擊[2]。Rootkit等惡意軟件通過修改系統(tǒng)的啟動過程,,安裝到系統(tǒng)內(nèi)以達(dá)到持久駐留系統(tǒng)的目的[3],,SoPC一旦受到Rootkit等惡意代碼感染,,即使重新安裝系統(tǒng)也無法清除。因此有必要對SoPC進(jìn)行安全保護(hù),,防止在啟動過程中固件被惡意篡改,。安全啟動對于保護(hù)設(shè)計的知識產(chǎn)權(quán)和防止惡意軟件在系統(tǒng)上運(yùn)行至關(guān)重要。相關(guān)研究工作存在的問題主要有:(1)采用外接可信平臺模塊(Trusted Platform Module,,TPM)[4]實(shí)現(xiàn)可信啟動[5],,該方式增加了硬件成本且系統(tǒng)集成度低;(2)在構(gòu)建信任鏈的過程中僅采用雜湊算法進(jìn)行度量[6],,缺少驗(yàn)證的過程,,因此安全性較低;(3)嵌入式系統(tǒng)上電時由最先啟動的引導(dǎo)加載程序Boot Loader調(diào)用TPM對后續(xù)加載的模塊進(jìn)行度量[7-8],,Boot Loader默認(rèn)是安全的,,但Boot Loader一旦被攻擊篡改,整個信任鏈就處于非可信的狀態(tài),。