CN105975864A - Operation system starting method and device, and terminal - Google Patents

Abstract

The present disclosure relates to a method, device, and terminal for starting an operating system. The method includes: when the boot loading task is running, performing a security check on whether the operating system file stored in the system partition has been tampered with; if the security check If the verification is successful, use the operating system file to start the operating system; if the security verification fails, use the operating system backup file to start the operating system, and the operating system backup file is a pre-stored operating system file that has not been tampered with. In this embodiment, a process of performing security verification on files is added before the operating system is started, and when a file is found to be tampered with, the operating system can be started using a safe backup file, thereby significantly improving the security performance of the terminal.

Description

Operating system startup method, device and terminal

technical field

The present application relates to the technical field of communications, and in particular to a method, device and terminal for starting an operating system.

Background technique

With the rapid development of terminal technologies, terminals are used more and more frequently in people's daily life. The operating system (Operating System, referred to as OS) is a program that manages and controls the terminal hardware and software resources. Its functions mainly include managing the hardware, software and data resources of the terminal system, controlling the operation of the program, improving the man-machine interface, and providing information for other application software. support etc. Therefore, the safe operation of the operating system is very important for the terminal. For terminals using operating systems such as Linux or Unix, the terminal can use the root (system administrator) tool to obtain root privileges. When third-party software obtains root privileges, it may maliciously tamper with some system files, thereby affecting the normal use of the terminal or Causes an exception in the terminal.

Contents of the invention

In order to overcome the problems existing in related technologies, the present disclosure provides a method, device and terminal for starting an operating system.

According to a first aspect of an embodiment of the present disclosure, a method for starting an operating system is provided, the method including:

When the boot loading task is running, perform a security check on whether the operating system files stored in the system partition have been tampered with;

If the security check is successful, then use the operating system file to start the operating system;

If the safety verification fails, the operating system is started using the operating system backup file, which is a pre-stored operating system file that has not been tampered with.

Optionally, the security verification of whether the operating system files in the system partition have been tampered with includes:

Acquiring the target verification identifier of the operating system file;

Comparing the pre-stored verification identifier with the target verification identifier, the pre-stored verification identifier is obtained in advance by using an operating system file that has not been tampered with;

If the pre-stored verification identifier is the same as the target verification identifier, it is determined that the security verification is successful;

If the pre-stored verification identifier is different from the target verification identifier, it is determined that the security verification fails.

Optionally, the acquiring the target verification identifier of the operating system file includes:

Using a cryptographic algorithm to calculate the ciphertext of the operating system file as the target verification identifier;

The pre-stored verification identifier includes: a ciphertext obtained by pre-calculating the operating system file that has not been tampered with by using the cryptographic algorithm.

Optionally, the operating system backup file is obtained by decrypting the encrypted file pre-stored in the system backup partition.

Optionally, using the operating system backup file to start the operating system includes:

After the operating system backup file is overwritten with the operating system file, the operating system backup file is used as a new operating system file to start the operating system.

According to a second aspect of an embodiment of the present disclosure, there is provided a device for starting an operating system, including:

The safety verification module is configured to perform a safety verification on whether the operating system files stored in the system partition have been tampered with when the boot loading task is running;

The startup module is configured to: use the operating system file to start the operating system when the safety verification is successful; use the operating system backup file to start the operating system when the safety verification fails, and the operating system backup file It is a pre-stored untampered operating system file.

Optionally, the safety verification module includes:

An identification obtaining submodule configured to obtain the target verification identification of the operating system file;

The comparison sub-module is configured to compare the pre-stored verification identifier with the target verification identifier, the pre-stored verification identifier is obtained in advance by using an operating system file that has not been tampered with;

The verification determination submodule is configured to: if the pre-stored verification identification is the same as the target verification identification, then determine that the security verification is successful; if the pre-stored verification identification is different from the target verification identification, then determine the security verification fail.

Optionally, the identification acquisition submodule includes:

The identification calculation submodule is configured to use a cryptographic algorithm to calculate the ciphertext of the operating system file as the target verification identification;

The pre-stored verification identifier includes: a ciphertext obtained by pre-calculating the operating system file that has not been tampered with by using the cryptographic algorithm.

Optionally, the operating system backup file is obtained by decrypting the encrypted file pre-stored in the system backup partition.

Optionally, the startup module includes:

The starting sub-module is configured to use the operating system backup file as a new operating system file to start the operating system after overwriting the operating system file with the operating system backup file.

According to a third aspect of the embodiments of the present disclosure, a terminal is provided, including:

processor;

memory for storing processor-executable instructions;

Wherein, the processor is configured as:

When the boot loading task is running, perform a security check on whether the operating system files stored in the system partition have been tampered with;

If the security check is successful, then use the operating system file to start the operating system;

If the safety verification fails, the operating system is started using the operating system backup file, which is a pre-stored operating system file that has not been tampered with.

The technical solutions provided by the embodiments of the present disclosure may include the following beneficial effects:

In the present disclosure, the operating system file can be checked for security when the boot loading task is running; if the security check is successful, it is determined that the operating system file is safe, and the operating system file can be used to start the operating system; if the security check fails, it is determined If the operating system files are tampered with, the pre-stored safe operating system backup files can be used to start the operating system, thereby ensuring the security performance of the terminal system.

In the present disclosure, the process of security verification can be carried out by comparing the verification marks. By comparing the differences between the two, it can be determined whether the operating system files in the current system partition have been tampered with. Using the above method, it is possible to quickly determine whether the security verification marks are tampered with. whether the test was successful.

In the present disclosure, the calculated ciphertext can be used as the verification identifier, and this method can further improve the security performance of the terminal.

In the present disclosure, the operating system backup file can be encrypted to obtain an encrypted file and stored in the system backup partition, thereby improving the security of the operating system backup file.

In the present disclosure, the operating system backup file can be overwritten in the system partition, that is, the original operating system file is deleted in the system partition, and the backup file is stored in the system partition as a new operating system file, thereby Securely boot the operating system.

It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the present disclosure.

Description of drawings

The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the disclosure and together with the description serve to explain the principles of the disclosure.

Fig. 1 is a flow chart showing a method for starting an operating system according to an exemplary embodiment of the present disclosure.

Fig. 2 is a block diagram showing a device for starting an operating system according to an exemplary embodiment of the present disclosure.

Fig. 3 is a block diagram showing another device for starting an operating system according to an exemplary embodiment of the present disclosure.

Fig. 4 is a block diagram showing another device for starting an operating system according to an exemplary embodiment of the present disclosure.

Fig. 5 is a block diagram showing another device for starting an operating system according to an exemplary embodiment of the present disclosure.

Fig. 6 is a block diagram of a device for starting an operating system according to an exemplary embodiment of the present disclosure.

detailed description

Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numerals in different drawings refer to the same or similar elements unless otherwise indicated. The implementations described in the following exemplary examples do not represent all implementations consistent with the present disclosure. Rather, they are merely examples of apparatuses and methods consistent with aspects of the present disclosure as recited in the appended claims.

The terminology used in the present disclosure is for the purpose of describing particular embodiments only, and is not intended to limit the present disclosure. As used in this disclosure and the appended claims, the singular forms "a", "the", and "the" are intended to include the plural forms as well, unless the context clearly dictates otherwise. It should also be understood that the term "and/or" as used herein refers to and includes any and all possible combinations of one or more of the associated listed items.

It should be understood that although the terms first, second, third, etc. may be used in the present disclosure to describe various information, the information should not be limited to these terms. These terms are only used to distinguish information of the same type from one another. For example, without departing from the scope of the present disclosure, first information may also be called second information, and similarly, second information may also be called first information. Depending on the context, the word "if" as used herein may be interpreted as "at" or "when" or "in response to a determination."

Root can be understood as a super administrator user account in operating systems such as Linux and Unix. This account has the highest authority in the entire operating system, so it can perform all additions, deletions, changes, or additions to any file in the system (including system files). Check and other operations. When many viruses or malware invade the system, they must elevate their privileges to root privileges.

Existing intelligent terminals such as smart phones, e-book readers, tablet computers, walkmans or personal digital assistants usually use operating systems such as Android. Such terminals can easily obtain root privileges through third-party root tools, so system files face the risk of being tampered with, and the security performance of the terminal cannot be guaranteed. In the traditional technology, some terminal manufacturers also adopt some blocking means to the operating system to prevent the root authority from being obtained, but this method cannot meet the needs of some users and cannot provide convenience to users.

Bootloader (bootloader) is the first piece of code executed by the terminal after it is powered on. This piece of code is stored in the bootloader partition of the terminal memory. Its function is to complete the initialization of the terminal CPU and related hardware, and to establish a memory space map , so as to bring the hardware and software environment of the terminal to an appropriate state, so as to prepare the correct environment for the final startup of the operating system. Therefore, the solution provided by the embodiments of the present disclosure can perform security verification on the operating system file when the boot loading task is running; if the security verification is successful, that is, the operating system file is safe, and the operating system file can be used to start the operating system; If the safety verification fails, that is, the operating system file has been tampered with, the operating system can be started by using the pre-stored safe operating system backup file, thereby ensuring the security performance of the terminal system.

It is worth noting that traditional personal computers and other terminals also have the process of starting the operating system through backup files. However, in such terminals, users usually perform system backups in advance. Or when it is found that the system is running slowly and needs to be reinstalled, the user can backup and restore the operating system by himself. In this way, the terminal does not have the process of checking whether the system files are safe as in the solution of the embodiment of the present disclosure, and it can be seen from the above-mentioned system crash or poisoning that the operating system is started by the operating system file that has been tampered with, so the terminal safety performance cannot be guaranteed. This disclosure is different from the above-mentioned conventional means of reinstalling the system by users using backup files. The terminal of this disclosure can automatically perform security checks on system files, and the timing of security checks is when the loading task is started, that is, the operating system before starting. When the safety verification fails, the terminal automatically starts the operating system through the backup file. Since the terminal can automatically find that the system file has been tampered with, the terminal will not use the tampered system file to start the operating system. Through the above analysis, it can be seen that the solution provided by the present disclosure is precisely due to the increase of the process of security verification of the file before the operating system is started, and when the file is found to be tampered with, the safe backup file can be used to start the operating system, thereby significantly improving terminal security performance. Next, the disclosed scheme will be described in detail.

As shown in FIG. 1, FIG. 1 is a flowchart of a method for starting an operating system according to an exemplary embodiment of the present disclosure, which can be applied to a terminal, and includes the following steps 101 to 103:

In step 101, when the bootloading task is running, a security check is performed on whether the operating system files stored in the system partition have been tampered with.

In the embodiments of the present disclosure, the built-in memory of the terminal can generally be configured with multiple partitions, for example, the bootloading partition stores bootloading codes, and the system partition stores operating system files. When the boot loading task is running, that is, before the operating system is started, the operating system files stored in the system partition can be checked for safety, so as to determine whether the operating system files have been tampered with before the operating system starts, so that the traditional A security verification process is added during the startup process of the operating system, so the security performance of the terminal can be improved.

For the process of how to perform security verification, there may be multiple ways in specific implementation. First, the operating system file is described by taking the Android operating system as an example. In a terminal using the Android operating system, the path of the system partition divided by the terminal's built-in memory is /system, and the operating system files stored in this partition can usually include:

/system/app: This directory mainly stores system programs or customized software of terminal manufacturers.

/system/bin: This directory mainly stores the components that come with the Linux system.

/system/etc: This directory mainly stores Android system configuration files, such as core configuration files such as APN access points.

/system/fonts: This directory mainly stores system fonts.

/system/framework: This directory mainly stores core files and system platform running frameworks.

/system/lib: This directory mainly stores the underlying system library and platform runtime library.

/system/media: This directory mainly stores system prompts and system ringtones.

/system/usr: This directory mainly stores user data.

/system/cache: This directory mainly stores cache data.

/system/date: This directory mainly stores software and data installed by users.

Therefore, when performing security verification on the operating system files, it may be checked whether all or part of the operating system files are abnormal by means of scanning. For example, files related to operating system security are stored in directories such as app, bin, etc, framework, lib, or usr, and all files in this directory can be checked. Or, it can also be to check whether abnormal files or programs are added in the operating system partition, or to check whether necessary kernel files are missing in the operating system partition. The check result is accurate, but the check speed may be slow due to the large number of operating system files, and the check takes a long time.

The above example only uses the Android system as an example for illustration. It can be understood that in practical applications, those skilled in the art can use security verification as a principle, follow the above description, and the system architecture of the operating system and operating system files used by the terminal. Specific storage paths, etc. are adaptively adjusted to flexibly configure security verification policies.

In order to make the process of safety verification fast and accurate, in an optional implementation manner, the safety verification of whether the operating system files in the system partition have been tampered with may include:

Obtain the target verification identifier of the operating system file.

The pre-stored verification identifier is compared with the target verification identifier, and the pre-stored verification identifier is obtained in advance by using an operating system file that has not been tampered with.

If the pre-stored verification identifier is the same as the target verification identifier, it is determined that the security verification is successful.

If the pre-stored verification identifier is different from the target verification identifier, it is determined that the security verification fails.

In the embodiment of the present disclosure, the process of security verification can be performed by comparing the verification identification, specifically, comparing the target verification identification of the operating system file stored in the current system partition with the pre-used operating system file that has not been tampered with. Compare with the pre-stored verification ID.

The verification flag is used to identify whether the operating system file has been tampered with, and it can be obtained in various ways. For example, it may be an identifier formed by the file names of all operating system files, or an identifier formed by the file names of some specified important operating system files, or an identifier formed by the file size of all or part of the operating system files, Or it is an identification composed of the file modification time of all or part of the operating system files, or an identification composed of one or more attribute information combinations of all or part of the operating system files, or an identification of all or part of the operating system files The obtained ciphertext and the like are encrypted.

When the operating system file is tampered with, the verification marks before and after the tampering will not be the same. By comparing whether the two are the same, it can be determined whether the operating system file in the current system partition has been tampered with. If the current operating system file has not been tampered with, the target verification identifier is the same as the pre-stored verification identifier, and the above method can quickly determine whether the security verification is successful.

In an optional implementation manner, the acquiring the target verification identifier of the operating system file may include:

A cryptographic algorithm is used to calculate the ciphertext of the operating system file as the target verification identifier.

The pre-stored verification identifier includes: a ciphertext obtained by pre-calculating the operating system file that has not been tampered with by using the cryptographic algorithm.

In the embodiment of the present disclosure, the cryptographic algorithm may include DES (Data Encryption Standard, symmetric algorithm), IDEA (International Data Encryption Algorithm, international data encryption algorithm), and data summary algorithm, such as CRC (Cyclic Redundancy Check, cyclic redundancy check ) algorithm or MD5 (Message Digest Algorithm MD5, message digest algorithm fifth edition) algorithm, etc. The specific cryptographic algorithm used may be determined according to actual needs, which is not limited in this embodiment of the present disclosure.

Taking the MD5 algorithm as an example, the principle of the MD5 algorithm can be simply understood as: input information of any length, process it through an irreversible string transformation algorithm, and output 128-bit information (digital fingerprint, that is, ciphertext), and, different input will give different results. Therefore, for the information entered, the MD5 value can be called the "digital fingerprint" of the entered information. In the embodiment of the present disclosure, if the operating system file is tampered with, its MD5 value, that is, the corresponding "digital fingerprint" will change.

Therefore, the cryptographic algorithm can be used to calculate the ciphertext of the current operating system file, and the terminal uses the cryptographic algorithm to calculate the ciphertext of the untampered operating system file in advance. By comparing the two, it can be determined whether the current operating system file has been tampered with. tamper. Using the method of calculating the ciphertext as the verification mark can further improve the security performance of the terminal.

Wherein, when using the cryptographic algorithm to calculate the verification mark of the operating system, there are many options for the input information, for example, all operating system files, or part of the operating system files can be used, or all or part of the operating system files can be used. Attribute information, such as a file name, file size, or a combination of one or more types of information such as file path.

It can be understood that the pre-stored verification identifier is a ciphertext obtained by pre-computing untampered operating system files using the same cryptographic algorithm. Since the process of security verification is performed when the boot loading task is running, the pre-stored verification identifier can be stored in the boot-loading partition, so that the pre-stored verification identifier can be quickly obtained from the partition when the boot-loading task is in progress, thereby improving The speed of security checks. The above-mentioned ciphertext obtained by using the cryptographic algorithm is usually a numerical value or a character string, so it does not occupy too much storage space.

In step 102, if the security verification is successful, the operating system is started using the operating system file.

In the embodiment of the present disclosure, if the security check is successful, it can be determined that the operating system file has not been tampered with, so that the operating system file in the system partition can be used to safely start the operating system.

In step 103, if the safety verification fails, the operating system is started using the operating system backup file, which is a pre-stored operating system file that has not been tampered with.

In this embodiment, if the security verification fails, it can be determined that the operating system file has been tampered with. If the operating system is started through the operating system file in the system partition, it is difficult to guarantee the security performance of the terminal. Therefore, the operating system can be started using the operating system backup file. The operating system backup file is a pre-stored operating system file that has not been tampered with, so the security performance of the terminal can be guaranteed.

Wherein, the pre-stored verification identifier and the operating system backup file may be stored when the operating system is upgraded, and may also be updated according to a preset period.

In an optional implementation manner, the operating system backup file is obtained by decrypting an encrypted file pre-stored in the system backup partition.

In the embodiments of the present disclosure, in order to improve the security of the operating system backup file, the operating system backup file may be encrypted to obtain an encrypted file and stored in the system backup partition. Since encrypted files are stored in the memory, the backup files can be effectively prevented from being tampered with by malicious software or implanted with viruses. When it is necessary to use the backup file to start the operating system, the encrypted file can be decrypted to obtain the operating system backup file, so that the operating system can be safely started using the operating system backup file.

In an optional implementation manner, the starting the operating system by using the operating system backup file includes:

After the operating system backup file is overwritten with the operating system file, the operating system backup file is used as a new operating system file to start the operating system.

When it is determined that the operating system file has been tampered with, the tampered system file is no longer used to start the operating system. In the embodiment of the present disclosure, the operating system backup file can be overwritten in the system partition Delete the original operating system files, and store the backup files in the system partition as new operating system files, so as to safely start the operating system.

Corresponding to the foregoing embodiments of the method for starting an operating system, the present disclosure also provides embodiments of a device for starting an operating system and a terminal to which it is applied.

As shown in FIG. 2 , FIG. 2 is a block diagram of an operating system startup device according to an exemplary embodiment of the present disclosure, and the device includes: a security verification module 21 and a startup module 22 .

Wherein, the security checking module 21 is configured to check whether the operating system files stored in the system partition have been tampered with when the bootloading task is running.

The startup module 22 is configured to: when the security check in the security check module 21 succeeds, use the operating system file to start the operating system; when the security check in the security check module 21 fails, The operating system is started by using the operating system backup file, and the operating system backup file is a pre-stored operating system file that has not been tampered with.

As can be seen from the foregoing embodiments, this embodiment can perform a security check on the operating system file when the boot loading task is running; if the security check is successful, it is determined that the operating system file is safe, and the operating system file can be used to start the operating system; If the verification fails, it is determined that the operating system file has been tampered with, and the operating system can be started using the pre-stored safe operating system backup file, thereby ensuring the security performance of the terminal system.

As shown in FIG. 3, FIG. 3 is a block diagram of another operating system startup device according to an exemplary embodiment of the present disclosure. On the basis of the embodiment shown in FIG. 2, the security check The module 21 includes: an identification acquisition submodule 211 , a comparison submodule 212 and a verification determination submodule 213 .

Wherein, the identification obtaining submodule 211 is configured to obtain the target verification identification of the operating system file.

The comparison sub-module 212 is configured to compare the pre-stored verification ID with the target verification ID acquired by the ID acquisition sub-module 211, and the pre-stored verification ID is obtained in advance by using an operating system file that has not been tampered with.

The verification determination sub-module 213 is configured to: if the comparison sub-module 212 compares the pre-stored verification logo with the target verification logo, it is determined that the security verification is successful; if the comparison sub-module 212 compares the pre-stored verification logo with the target verification logo If the verification identifiers are different, it is determined that the security verification fails.

It can be seen from the above embodiments that the process of security verification can be carried out by comparing the verification marks. By comparing the difference between the two, it can be determined whether the operating system file in the current system partition has been tampered with. Using the above method, it can be quickly determined Whether the security verification is successful.

As shown in FIG. 4 , FIG. 4 is a block diagram of another operating system startup device according to an exemplary embodiment of the present disclosure. On the basis of the embodiment shown in FIG. 3 , the identification acquisition sub The module 211 includes: an identification calculation sub-module 2111 .

Wherein, the identification calculation submodule is configured to use a cryptographic algorithm to calculate the ciphertext of the operating system file as the target verification identification.

The pre-stored verification identifier includes: a ciphertext obtained by pre-calculating the operating system file that has not been tampered with by using the cryptographic algorithm.

It can be seen from the above embodiments that the calculated ciphertext can be used as the verification identifier, and this method can further improve the security performance of the terminal.

In an optional implementation manner, the operating system backup file is obtained by decrypting an encrypted file pre-stored in the system backup partition.

It can be seen from the foregoing embodiments that the operating system backup file can be encrypted to obtain an encrypted file and stored in the system backup partition, thereby improving the security of the operating system backup file.

As shown in FIG. 5, FIG. 5 is a block diagram of another operating system startup device according to an exemplary embodiment of the present disclosure. On the basis of the embodiment shown in FIG. 2, the startup module 22 ,include:

The starting sub-module 221 is configured to use the operating system backup file as a new operating system file to start the operating system after overwriting the operating system file with the operating system backup file.

It can be seen from the above embodiments that the operating system backup file can be overwritten in the system partition, that is, the original operating system file is deleted in the system partition, and the backup file is stored in the system partition as a new operating system file , thereby securely booting the operating system.

Correspondingly, the present disclosure also provides a terminal, where the terminal includes a processor; a memory for storing instructions executable by the processor; wherein the processor is configured to:

When the boot loading task is running, a security check is performed on whether the operating system files stored in the system partition have been tampered with.

If the security verification is successful, the operating system file is used to start the operating system.

If the safety verification fails, the operating system is started using the operating system backup file, which is a pre-stored operating system file that has not been tampered with.

For the implementation process of the functions and effects of each module in the above-mentioned device, please refer to the implementation process of the corresponding steps in the above-mentioned method for details, and details will not be repeated here.

As for the device embodiment, since it basically corresponds to the method embodiment, for related parts, please refer to the part description of the method embodiment. The device embodiments described above are only illustrative, and the modules described as separate components may or may not be physically separated, and the components shown as modules may or may not be physical modules, that is, they may be located in One place, or it can be distributed to multiple network modules. Part or all of the modules can be selected according to actual needs to achieve the purpose of the disclosed solution. It can be understood and implemented by those skilled in the art without creative effort.

Fig. 6 is a block diagram showing a device 600 for starting an operating system according to an exemplary embodiment. For example, the apparatus 600 may be a mobile phone, a computer, a digital broadcast terminal, a messaging device, a game console, a tablet device, a medical device, a fitness device, a personal digital assistant, and the like.

6, device 600 may include one or more of the following components: processing component 602, memory 604, power supply component 606, multimedia component 608, audio component 610, input/output (I/O) interface 612, sensor component 614, and communication component 616 .

The processing component 602 generally controls the overall operations of the device 600, such as those associated with display, telephone calls, data communications, camera operations, and recording operations. The processing component 602 may include one or more processors 620 to execute instructions to complete all or part of the steps of the above method. Additionally, processing component 602 may include one or more modules that facilitate interaction between processing component 602 and other components. For example, processing component 602 may include a multimedia module to facilitate interaction between multimedia component 606 and processing component 602 .

The memory 604 is configured to store various types of data to support operations at the device 600 . Examples of such data include instructions for any application or method operating on device 600, contact data, phonebook data, messages, pictures, videos, and the like. The memory 604 can be implemented by any type of volatile or non-volatile storage device or their combination, such as static random access memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable Programmable Read Only Memory (EPROM), Programmable Read Only Memory (PROM), Read Only Memory (ROM), Magnetic Memory, Flash Memory, Magnetic or Optical Disk.

The power supply component 606 provides power to various components of the device 600 . Power components 606 may include a power management system, one or more power supplies, and other components associated with generating, managing, and distributing power for device 600 .

The multimedia component 608 includes a screen that provides an output interface between the device 600 and the user. In some embodiments, the screen may include a liquid crystal display (LCD) and a touch panel (TP). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive input signals from a user. The touch panel includes one or more touch sensors to sense touches, swipes, and gestures on the touch panel. The touch sensor may not only sense a boundary of a touch or swipe action, but also detect duration and pressure associated with the touch or swipe action. In some embodiments, the multimedia component 608 includes a front camera and/or a rear camera. When the device 600 is in an operation mode, such as a shooting mode or a video mode, the front camera and/or the rear camera can receive external multimedia data. Each front camera and rear camera can be a fixed optical lens system or have focal length and optical zoom capability.

The audio component 610 is configured to output and/or input audio signals. For example, the audio component 610 includes a microphone (MIC) configured to receive external audio signals when the device 600 is in operation modes, such as call mode, recording mode and voice recognition mode. Received audio signals may be further stored in memory 604 or sent via communication component 616 . In some embodiments, the audio component 610 also includes a speaker for outputting audio signals.

The I/O interface 612 provides an interface between the processing component 602 and a peripheral interface module. The peripheral interface module may be a keyboard, a click wheel, a button, and the like. These buttons may include, but are not limited to: a home button, volume buttons, start button, and lock button.

Sensor assembly 614 includes one or more sensors for providing status assessments of various aspects of device 600 . For example, the sensor component 614 can detect the open/closed state of the device 600, the relative positioning of components, such as the display and keypad of the device 600, and the sensor component 614 can also detect a change in the position of the device 600 or a component of the device 600 , the presence or absence of user contact with the device 600 , the device 600 orientation or acceleration/deceleration and the temperature change of the device 600 . The sensor assembly 614 may include a proximity sensor configured to detect the presence of nearby objects in the absence of any physical contact. Sensor assembly 614 may also include optical sensors, such as CMOS or CCD image sensors, for use in imaging applications. In some embodiments, the sensor component 614 may also include an acceleration sensor, a gyroscope sensor, a magnetic sensor, a pressure sensor or a temperature sensor.

The communication component 616 is configured to facilitate wired or wireless communication between the apparatus 600 and other devices. The device 600 can access wireless networks based on communication standards, such as WiFi, 2G or 3G, or a combination thereof. In an exemplary embodiment, the communication component 616 receives broadcast signals or broadcast related information from an external broadcast management system via a broadcast channel. In an exemplary embodiment, the communication component 616 also includes a near field communication (NFC) module to facilitate short-range communication. For example, the NFC module may be implemented based on Radio Frequency Identification (RFID) technology, Infrared Data Association (IrDA) technology, Ultra Wide Band (UWB) technology, Bluetooth (BT) technology and other technologies.

In an exemplary embodiment, apparatus 600 may be programmed by one or more application specific integrated circuits (ASICs), digital signal processors (DSPs), digital signal processing devices (DSPDs), programmable logic devices (PLDs), field programmable A gate array (FPGA), controller, microcontroller, microprocessor or other electronic component implementation for performing the methods described above.

In an exemplary embodiment, there is also provided a non-transitory computer-readable storage medium including instructions, such as the memory 604 including instructions, which can be executed by the processor 620 of the device 600 to implement the above method. For example, the non-transitory computer readable storage medium may be ROM, random access memory (RAM), CD-ROM, magnetic tape, floppy disk, optical data storage device, and the like.

Wherein, when the instructions in the storage medium are executed by the processor, the device 600 is enabled to execute a method for starting an operating system, including:

When the boot loading task is running, a security check is performed on whether the operating system files stored in the system partition have been tampered with.

If the security verification is successful, the operating system file is used to start the operating system.

If the safety verification fails, the operating system is started using the operating system backup file, which is a pre-stored operating system file that has not been tampered with.

Other embodiments of the present disclosure will be readily apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. The present disclosure is intended to cover any modification, use or adaptation of the present disclosure. These modifications, uses or adaptations follow the general principles of the present disclosure and include common knowledge or conventional technical means in the technical field not disclosed in the present disclosure. . The specification and examples are to be considered exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.

It should be understood that the present disclosure is not limited to the precise constructions which have been described above and shown in the drawings, and various modifications and changes may be made without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.

The above descriptions are only preferred embodiments of the present disclosure, and are not intended to limit the present disclosure. Any modifications, equivalent replacements, improvements, etc. made within the spirit and principles of the present disclosure shall be included in the present disclosure within the scope of protection.

Claims (11)

1. A method for starting an operating system, characterized in that the method comprises: When the boot loading task is running, perform a security check on whether the operating system files stored in the system partition have been tampered with; If the security check is successful, then use the operating system file to start the operating system; If the safety verification fails, the operating system is started using the operating system backup file, which is a pre-stored operating system file that has not been tampered with. 2. The method according to claim 1, wherein said performing a security check on whether the operating system file in the system partition has been tampered with includes: Acquiring the target verification identifier of the operating system file; Comparing the pre-stored verification identifier with the target verification identifier, the pre-stored verification identifier is obtained in advance by using an operating system file that has not been tampered with; If the pre-stored verification identifier is the same as the target verification identifier, it is determined that the security verification is successful; If the pre-stored verification identifier is different from the target verification identifier, it is determined that the security verification fails. 3. The method according to claim 2, wherein said acquiring the target check mark of said operating system file comprises: Using a cryptographic algorithm to calculate the ciphertext of the operating system file as the target verification identifier; The pre-stored verification identifier includes: a ciphertext obtained by pre-calculating the operating system file that has not been tampered with by using the cryptographic algorithm. 4. The method according to claim 1, wherein the operating system backup file is obtained by decrypting an encrypted file pre-stored in the system backup partition. 5. The method according to claim 1 or 4, wherein said starting the operating system using the operating system backup file comprises: After the operating system backup file is overwritten with the operating system file, the operating system backup file is used as a new operating system file to start the operating system. 6. A starting device for an operating system, characterized in that the device comprises: The safety verification module is configured to perform a safety verification on whether the operating system files stored in the system partition have been tampered with when the boot loading task is running; The startup module is configured to: use the operating system file to start the operating system when the safety verification is successful; use the operating system backup file to start the operating system when the safety verification fails, and the operating system backup file The files are pre-stored operating system files that have not been tampered with. 7. The device according to claim 6, wherein the safety verification module comprises: An identification obtaining submodule configured to obtain the target verification identification of the operating system file; The comparison sub-module is configured to compare the pre-stored verification identifier with the target verification identifier, the pre-stored verification identifier is obtained in advance by using an operating system file that has not been tampered with; The verification determination submodule is configured to: if the pre-stored verification identification is the same as the target verification identification, then determine that the security verification is successful; if the pre-stored verification identification is different from the target verification identification, then determine the security verification fail. 8. The device according to claim 7, wherein the identification acquisition submodule comprises: The identification calculation submodule is configured to use a cryptographic algorithm to calculate the ciphertext of the operating system file as the target verification identification; The pre-stored verification identifier includes: a ciphertext obtained by pre-calculating the operating system file that has not been tampered with by using the cryptographic algorithm. 9. The device according to claim 6, wherein the operating system backup file is obtained by decrypting an encrypted file pre-stored in the system backup partition. 10. The device according to claim 6 or 9, wherein the startup module comprises: The starting sub-module is configured to use the operating system backup file as a new operating system file to start the operating system after overwriting the operating system file with the operating system backup file. 11. A terminal, characterized in that, comprising: processor; memory for storing processor-executable instructions; Wherein, the processor is configured as: When the boot loading task is running, perform a security check on whether the operating system files stored in the system partition have been tampered with; If the security check is successful, then use the operating system file to start the operating system; If the safety verification fails, the operating system is started using the operating system backup file, which is a pre-stored operating system file that has not been tampered with.