CN114780929A - Electronic equipment and processing method - Google Patents

Electronic equipment and processing method Download PDF

Info

Publication number
CN114780929A
CN114780929A CN202210348362.4A CN202210348362A CN114780929A CN 114780929 A CN114780929 A CN 114780929A CN 202210348362 A CN202210348362 A CN 202210348362A CN 114780929 A CN114780929 A CN 114780929A
Authority
CN
China
Prior art keywords
file
interface
electronic device
bios
present application
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210348362.4A
Other languages
Chinese (zh)
Inventor
胡斌
翁振业
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Lenovo Beijing Ltd
Original Assignee
Lenovo Beijing Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lenovo Beijing Ltd filed Critical Lenovo Beijing Ltd
Priority to CN202210348362.4A priority Critical patent/CN114780929A/en
Publication of CN114780929A publication Critical patent/CN114780929A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Stored Programmes (AREA)

Abstract

本申请公开了一种电子设备及处理方法,该电子设备包括:壳体,形成有容纳空间,所述壳体上和/或所述容纳空间内设置有第一接口,通过所述第一接口能够获得存储于与所述第一接口连接的第一存储空间中的第一文件,所述第一文件为用于支持第一系统运行的文件,所述第一系统用于初始化所述电子设备。通过第一接口获取用于支持第一系统运行的第一文件,有效保证第一系统运行的安全性。

Figure 202210348362

The present application discloses an electronic device and a processing method. The electronic device comprises: a housing with a accommodating space formed thereon, a first interface is provided on the housing and/or in the accommodating space, and a first interface is provided on the housing and/or in the accommodating space. A first file stored in a first storage space connected to the first interface can be obtained, the first file is a file used to support the operation of a first system, and the first system is used to initialize the electronic device . The first file used to support the operation of the first system is acquired through the first interface, thereby effectively ensuring the security of the operation of the first system.

Figure 202210348362

Description

一种电子设备及处理方法An electronic device and processing method

技术领域technical field

本申请涉及信息安全技术领域,尤其涉及一种电子设备及处理方法。The present application relates to the technical field of information security, and in particular, to an electronic device and a processing method.

背景技术Background technique

随着计算机信息技术的发展,电子设备的安全性越来越受到重视。PC(PersonalComputer,计算机)的启动主要从BIOS(Basic Input and Output System,基本输入输出系统)开始,如果BIOS不安全,那么整个PC的安全性就无法保证。With the development of computer information technology, the security of electronic equipment has been paid more and more attention. The startup of a PC (Personal Computer) mainly starts from a BIOS (Basic Input and Output System, a basic input and output system). If the BIOS is not secure, the security of the entire PC cannot be guaranteed.

发明内容SUMMARY OF THE INVENTION

本申请实施例提供一种电子设备及处理方法。Embodiments of the present application provide an electronic device and a processing method.

根据本申请第一方面,提供了一种电子设备,包括:壳体,形成有容纳空间,所述壳体上和/或所述容纳空间内设置有第一接口,通过所述第一接口能够获得存储于与所述第一接口连接的第一存储空间中的第一文件,所述第一文件为用于支持第一系统运行的文件,所述第一系统用于初始化所述电子设备。According to a first aspect of the present application, there is provided an electronic device, comprising: a casing with a accommodating space formed thereon, a first interface is provided on the casing and/or in the accommodating space, through which the first interface can A first file stored in a first storage space connected to the first interface is obtained, where the first file is a file used to support the operation of a first system, and the first system is used to initialize the electronic device.

根据本申请一实施方式,所述壳体上和/或所述容纳空间内还设置有:第二接口,用于在所述第一系统对所述初始化后能够通过第二接口传送数据。According to an embodiment of the present application, the casing and/or the accommodating space is further provided with: a second interface, which is used to transmit data through the second interface after the first system initializes the first system.

根据本申请一实施方式,所述电子设备还包括:第一处理器,用于通过所述第一接口获得所述第一文件,并对所述第一文件进行安全验证,以使得通过所述安全验证的第一文件支持所述第一系统运行。According to an embodiment of the present application, the electronic device further includes: a first processor, configured to obtain the first file through the first interface, and perform security verification on the first file, so that the The first file of security verification supports the operation of the first system.

根据本申请一实施方式,所述电子设备还包括:第二处理器,与所述第一接口相关联,用于接收所述第一处理器访问所述第一接口的访问请求,基于所述访问请求对所述第一处理器进行身份验证,并在所述第一处理器的身份验证通过的情况下,允许所述第一处理器通过所述第一接口获取数据。According to an embodiment of the present application, the electronic device further includes: a second processor, associated with the first interface, configured to receive an access request from the first processor to access the first interface, based on the The access request authenticates the first processor, and if the authentication of the first processor is passed, the first processor is allowed to acquire data through the first interface.

根据本申请第二方面,还提供一种处理方法,所述方法包括:通过不需要初始化的第一接口,获得存储于与所述第一接口连接的第一存储空间的第一文件,所述第一文件为用于支持第一系统运行的文件,所述第一系统用于初始化电子设备;基于所述第一文件,支持所述第一系统启动。According to a second aspect of the present application, there is also provided a processing method, the method comprising: obtaining a first file stored in a first storage space connected to the first interface through a first interface that does not require initialization, the The first file is a file used to support the operation of the first system, and the first system is used to initialize the electronic device; based on the first file, the first system is supported to be started.

根据本申请一实施方式,所述基于所述第一文件,支持所述第一系统启动,包括:基于所述第一文件,支持第一系统的第一部分运行,所述第一系统的第一部分用于对电子设备进行初始化;通过第二接口获取与所述第二接口连接的第二存储空间中的第二文件;基于所述第二文件,支持第一系统的第二部分运行,所述第一系统的第二部分用于引导操作系统启动。According to an embodiment of the present application, the supporting the startup of the first system based on the first file includes: supporting the running of the first part of the first system based on the first file, the first part of the first system used to initialize the electronic device; obtain the second file in the second storage space connected to the second interface through the second interface; based on the second file, support the second part of the first system to run, the The second part of the first system is used for booting the operating system.

根据本申请一实施方式,所述基于所述第一文件,支持第一系统的第一部分运行,包括:对所述第一文件进行安全验证,以使得通过所述安全验证的第一文件支持所述第一系统的第一部分运行。According to an embodiment of the present application, supporting the operation of the first part of the first system based on the first file includes: performing security verification on the first file, so that the first file that has passed the security verification supports all The first part of the first system operates.

根据本申请一实施方式,所述第一文件包括所述第一系统的第一子文件和第二子文件,所述第一子文件根据为所述第一系统配置的私钥生成,所述私钥存储在独立于所述电子设备的第三存储空间;相应的,所述基于所述第一文件,支持第一系统的第一部分运行,包括:根据预先存储的公钥对所述第一子文件进行解密,得到解密结果;将所述解密结果与预存验证数据进行比对,以验证所述第一文件的安全性;在所述解密结果与预存验证数据一致的情况下,运行所述第一文件,以支持所述第一系统的第一部分运行;其中,所述公钥与所述私钥相对应。According to an embodiment of the present application, the first file includes a first sub-file and a second sub-file of the first system, the first sub-file is generated according to a private key configured for the first system, the The private key is stored in a third storage space independent of the electronic device; correspondingly, supporting the operation of the first part of the first system based on the first file includes: pairing the first system with a pre-stored public key. Decrypt the sub-file to obtain a decryption result; compare the decryption result with the pre-stored verification data to verify the security of the first file; under the condition that the decryption result is consistent with the pre-stored verification data, run the a first file to support the operation of the first part of the first system; wherein the public key corresponds to the private key.

根据本申请一实施方式,在通过不需要初始化的第一接口从与所述第一接口连接的第一存储空间中获取第一文件之前,所述方法还包括:响应于启动所述电子设备的触发信号,请求获取所述电子设备的第一系统的启动密码;接收所述启动密码;对所述启动密码进行验证;在所述启动密码验证通过的情况下,执行前述过程,以使得所述电子设备启动。According to an embodiment of the present application, before acquiring the first file from the first storage space connected to the first interface through the first interface that does not require initialization, the method further includes: in response to starting the electronic device's triggering signal, requesting to obtain the startup password of the first system of the electronic device; receiving the startup password; verifying the startup password; in the case of passing the startup password verification, execute the foregoing process to make the startup password Electronic equipment starts.

根据本申请一实施方式,所述第一文件为加密文件;相应的,所述基于所述第一文件,支持所述第一系统启动,包括:对所述第一文件进行安全验证;在所述第一文件验证通过的情况下,根据所述第一文件对第三文件进行验证,第三文件的存储位置与第一文件不同,且第三文件为基本输入输出系统文件。According to an embodiment of the present application, the first file is an encrypted file; correspondingly, supporting the first system startup based on the first file includes: performing security verification on the first file; If the first file is verified successfully, the third file is verified according to the first file, the storage location of the third file is different from that of the first file, and the third file is a basic input output system file.

本申请实施例提供的电子设备及处理方法,该电子设备包括:壳体,形成有容纳空间,所述壳体上和/或所述容纳空间内设置有第一接口,通过所述第一接口能够获得存储于与所述第一接口连接的第一存储空间中的第一文件,所述第一文件为用于支持第一系统运行的文件,所述第一系统用于初始化所述电子设备。通过第一接口获取用于支持第一系统运行的第一文件,有效保证第一系统运行的安全性。The electronic device and the processing method provided by the embodiments of the present application include: a housing with a accommodating space formed thereon, a first interface is provided on the housing and/or in the accommodating space, and a first interface is provided on the housing and/or in the accommodating space. A first file stored in the first storage space connected to the first interface can be obtained, the first file is a file used to support the operation of a first system, and the first system is used to initialize the electronic device . The first file used to support the operation of the first system is acquired through the first interface, thereby effectively ensuring the security of the operation of the first system.

需要理解的是,本申请的教导并不需要实现上面所述的全部有益效果,而是特定的技术方案可以实现特定的技术效果,并且本申请的其他实施方式还能够实现上面未提到的有益效果。It should be understood that the teachings of the present application do not need to achieve all the above-mentioned beneficial effects, but specific technical solutions can achieve specific technical effects, and other embodiments of the present application can also achieve the beneficial effects not mentioned above. Effect.

附图说明Description of drawings

通过参考附图阅读下文的详细描述,本申请示例性实施方式的上述以及其他目的、特征和优点将变得易于理解。在附图中,以示例性而非限制性的方式示出了本申请的若干实施方式,其中:The above and other objects, features and advantages of exemplary embodiments of the present application will become readily understood by reading the following detailed description with reference to the accompanying drawings. In the accompanying drawings, several embodiments of the present application are shown by way of example and not limitation, wherein:

在附图中,相同或对应的标号表示相同或对应的部分。In the drawings, the same or corresponding reference numerals denote the same or corresponding parts.

图1示出了本申请实施例电子设备的组成结构示意图;FIG. 1 shows a schematic diagram of the composition and structure of an electronic device according to an embodiment of the present application;

图2示出了本申请实施例电子设备的应用示例的组成结构示意图;FIG. 2 shows a schematic structural diagram of an application example of an electronic device according to an embodiment of the present application;

图3示出了本申请第一实施例提供的处理方法的实现流程示意图;FIG. 3 shows a schematic flowchart of the implementation of the processing method provided by the first embodiment of the present application;

图4示出了本申请第二实施例提供的处理方法的实现流程示意图;FIG. 4 shows a schematic flowchart of the implementation of the processing method provided by the second embodiment of the present application;

图5示出了本申请第三实施例提供的处理方法的实现流程示意图;FIG. 5 shows a schematic flowchart of the implementation of the processing method provided by the third embodiment of the present application;

图6示出了本申请第四实施例提供的处理方法的实现流程示意图;FIG. 6 shows a schematic flowchart of the implementation of the processing method provided by the fourth embodiment of the present application;

图7示出了本申请第五实施例提供的处理方法的实现流程示意图。FIG. 7 shows a schematic flowchart of the implementation of the processing method provided by the fifth embodiment of the present application.

具体实施方式Detailed ways

下面将参考若干示例性实施方式来描述本申请的原理和精神。应当理解,给出这些实施方式仅仅是为使本领域技术人员能够更好地理解进而实现本申请,而并非以任何方式限制本申请的范围。相反,提供这些实施方式是为使本申请更加透彻和完整,并能够将本申请的范围完整地传达给本领域的技术人员。The principles and spirit of the present application will be described below with reference to several exemplary embodiments. It should be understood that these embodiments are only provided for those skilled in the art to better understand and implement the present application, but do not limit the scope of the present application in any way. Rather, these embodiments are provided so that this application will be thorough and complete, and will fully convey the scope of this application to those skilled in the art.

下面结合附图和具体实施例对本申请的技术方案进一步详细阐述。The technical solutions of the present application will be further elaborated below with reference to the accompanying drawings and specific embodiments.

图1示出了本申请实施例电子设备的组成结构示意图。FIG. 1 shows a schematic diagram of the composition and structure of an electronic device according to an embodiment of the present application.

参考图1,本申请实施例电子设备10,包括:壳体101,形成有容纳空间102,壳体101上和/或容纳空间102内设置有第一接口103,通过第一接口103能够获得存储于与第一接口103连接的第一存储空间104中的第一文件,第一文件为用于支持第一系统运行的文件,第一系统用于初始化电子设备10。Referring to FIG. 1 , an electronic device 10 according to an embodiment of the present application includes a housing 101 formed with a accommodating space 102 , a first interface 103 is provided on the housing 101 and/or in the accommodating space 102 , and storage can be obtained through the first interface 103 The first file in the first storage space 104 connected to the first interface 103 is a file used to support the operation of the first system, and the first system is used to initialize the electronic device 10 .

在本申请这一实施方式中,电子设备10可以是便携式笔记本电脑、台式机或服务器等。第一接口103可以是符合NVMe(Non Volatile Memory Express,非易失性内存主机控制器接口规范)的逻辑接口,在EC上电后可直接使用。In this embodiment of the present application, the electronic device 10 may be a portable notebook computer, a desktop computer, a server, or the like. The first interface 103 may be a logical interface conforming to NVMe (Non Volatile Memory Express, non-volatile memory host controller interface specification), and can be used directly after the EC is powered on.

第一存储空间可以是SSD等具有符合NVMe的逻辑接口的非易失性存储设备。The first storage space may be a non-volatile storage device such as an SSD having a logical interface conforming to NVMe.

第一系统可以是BIOS。The first system may be the BIOS.

在本申请这一实施方式中,第一文件可以至少包括BIOS系统启动的数字签名或数字证书。还可以包括部分或全部的BIOS系统文件。In this embodiment of the present application, the first file may include at least a digital signature or a digital certificate for BIOS system startup. Some or all of the BIOS system files may also be included.

在本申请这一实施方式中,壳体101上和/或容纳空间102内还设置有第二接口105,第二接口105用于在第一系统对初始化后能够通过第二接口105传送数据。In this embodiment of the present application, a second interface 105 is further provided on the casing 101 and/or in the accommodating space 102 , and the second interface 105 is used to transmit data through the second interface 105 after the first system pair is initialized.

在本申请这一实施方式中,第二接口需要通过对第一系统进行初始化之后使用,通过所述第二接口能够获取到与所述第二接口连接的第二存储空间中的第二文件,所述第二文件与所述第一文件组成用于支持所述第一系统运行的完整文件。举例说明,如果第一文件仅包括BIOS系统启动的数字签名或数字证书,则第二文件为的BIOS系统的完整文件。如果第一文件包括BIOS系统启动的数字证书和部分的BIOS系统文件,则第二文件为的BIOS系统文件中除第一文件所包含的部分之外的其他文件。In this embodiment of the present application, the second interface needs to be used after initializing the first system, and the second file in the second storage space connected to the second interface can be obtained through the second interface, The second file and the first file form a complete file for supporting the operation of the first system. For example, if the first file only includes the digital signature or digital certificate for booting the BIOS system, the second file is the complete file of the BIOS system. If the first file includes the digital certificate for booting the BIOS system and part of the BIOS system file, the second file is other files in the BIOS system file except the part included in the first file.

在本申请这一实施方式中,电子设备10还包括:第一处理器106,用于通过第一接口103获得第一文件,并对第一文件进行安全验证,以使得通过安全验证的第一文件支持第一系统运行。In this embodiment of the present application, the electronic device 10 further includes: a first processor 106, configured to obtain the first file through the first interface 103, and perform security verification on the first file, so that the first file that has passed the security verification The file supports the operation of the first system.

在本申请这一实施方式中,第一处理器106可以是CPU或SOC或Chipset(芯片组),例如:北桥和南桥。In this embodiment of the present application, the first processor 106 may be a CPU or a SOC or a Chipset (chipset), such as a north bridge and a south bridge.

在本申请这一实施方式中,电子设备10还包括:第二处理器107,与第一接口103相关联,用于接收第一处理器106访问第一接口103的访问请求,基于访问请求对第一处理器106进行身份验证,并在第一处理器106的身份验证通过的情况下,允许第一处理器106通过第一接口103获取数据。In this embodiment of the present application, the electronic device 10 further includes: a second processor 107, associated with the first interface 103, for receiving an access request from the first processor 106 to access the first interface 103, and based on the access request The first processor 106 performs identity verification, and allows the first processor 106 to acquire data through the first interface 103 if the identity verification of the first processor 106 is passed.

在本申请这一实施方式中,第二处理器107可以是NVMe存储设备自带的处理芯片,NVMe存储设备可以是固态硬盘等自带的处理芯片。In this embodiment of the present application, the second processor 107 may be a processing chip provided by an NVMe storage device, and the NVMe storage device may be a processing chip provided by a solid state drive or the like.

在本申请这一实施方式中,通过第一接口103获取的数据可以是第一文件,也可以是其它文件。In this embodiment of the present application, the data acquired through the first interface 103 may be the first file or other files.

此外,需要说明的是,第二接口105、第一处理器106以及第二处理器107为本发明更为优选的实施例中所包括的,在本申请这一实施例中,对此不做具体限定。In addition, it should be noted that the second interface 105, the first processor 106 and the second processor 107 are included in a more preferred embodiment of the present invention, and are not made in this embodiment of the present application. Specific restrictions.

图2示出了本申请实施例电子设备的应用示例的组成结构示意图。FIG. 2 shows a schematic structural diagram of an application example of an electronic device according to an embodiment of the present application.

参考图2,应用本申请实施例电子设备,将BIOS文件分为两部分,其中一部分保存至具有符合NVMe的接口的存储设备中,例如:固态硬盘。可以基于如图2所示的电子设备,通过以下操作流程保证电子设备的安全性:Referring to FIG. 2 , applying the electronic device according to the embodiment of the present application, the BIOS file is divided into two parts, and one part is stored in a storage device having an NVMe-compliant interface, such as a solid-state hard disk. Based on the electronic device shown in Figure 2, the security of the electronic device can be guaranteed through the following operation process:

1、使用电子设备的所有者的私钥对存储至具有SPI接口的存储空间的BIOS文件以及存储至具有NVMe接口的存储空间的BIOS文件进行加密,得到数字证书。1. Use the private key of the owner of the electronic device to encrypt the BIOS file stored in the storage space with the SPI interface and the BIOS file stored in the storage space with the NVMe interface to obtain a digital certificate.

2、将加密得到的数字证书存储至设定位置,例如:可以将数字证书存储存储至具有NVMe接口的固态硬盘中。2. Store the encrypted digital certificate in a set location, for example, you can store the digital certificate in a solid-state drive with an NVMe interface.

3、在电子设备上电开始启动时通过NVMe启动分区技术从外置的具有NVMe接口的固态硬盘中获得数字证书,然后对存储至Boot FW SPI FLASH(具有SPI接口的硬盘)的第一部分BIOS文件和存储至NVMe BIOS FW(具有符合NVMe的接口的固态硬盘)的第二部分BIOS文件分别进行验证。如果验证通过,则可以正常Boot(开机),若验证不通过,则执行halt(停机)操作。3. When the electronic device is powered on and starts to start, the digital certificate is obtained from the external solid-state hard disk with NVMe interface through the NVMe boot partition technology, and then the first part of the BIOS file stored in the Boot FW SPI FLASH (hard disk with SPI interface) is stored and the second part of the BIOS file stored to the NVMe BIOS FW (SSD with NVMe-compliant interface) are verified separately. If the verification is passed, it can be booted normally. If the verification is not passed, the halt (stop) operation will be performed.

需要说明的是,在本申请的实施例中也将具有NVMe接口的固态硬盘称为NVMe密钥盘。It should be noted that, in the embodiments of the present application, the solid-state disk having the NVMe interface is also referred to as the NVMe key disk.

4、如果电子设备设置了开机BIOS密码,则可以把加密后的开机BIOS密码的密文存储至具有符合NVMe的接口的固态硬盘中。例如:可以在设置开机BIOS密码的过程中,使用MD5摘要值算法计算开机BIOS密码的第一哈希值,并将开机BIOS密码的第一哈希值存储至具有符合NVMe的接口的固态硬盘中,在后续对开机BIOS密码进行验证时使用。在电子设备下次开机过程中,接收到电子设备开机请求的情况下,检测开机BIOS密码,并在检测到电子设备的使用者输入的开机BIOS密码时,计算所接收到的开机BIOS密码的第二哈希值,然后将第二哈希值与第一哈希值进行比对,如果相同则判定开机BIOS密码通过。4. If a power-on BIOS password is set for the electronic device, the encrypted ciphertext of the power-on BIOS password can be stored in a solid-state hard disk having an NVMe-compliant interface. For example, in the process of setting the power-on BIOS password, the MD5 digest value algorithm can be used to calculate the first hash value of the power-on BIOS password, and the first hash value of the power-on BIOS password can be stored in the solid state drive with the NVMe-compliant interface , which is used in subsequent verification of the power-on BIOS password. During the next power-on process of the electronic device, in the case of receiving the power-on request of the electronic device, the power-on BIOS password is detected, and when the power-on BIOS password input by the user of the electronic device is detected, the first digit of the received power-on BIOS password is calculated. Second hash value, and then compare the second hash value with the first hash value, if they are the same, it is determined that the boot BIOS password is passed.

此外,还可以在启动BIOS之前就进行身份验证。举例说明,可以生成一个BootKey(启动密码),用电子设备的所有者的私钥对BootKey进行加密,将加密后的BootKey存储至具有符合NVMe的接口的固态硬盘中。当检测到电子设备的开机请求时,CPU可以利用NVMeBoot Partition(NVMe启动分区)技术读取加密后的BootKey,然后使用与私钥相对应的公钥对加密后的BootKey进行验证,验证通过则正常执行BIOS的后续启动流程。若电子设备设置了开机BIOS密码,则在验证启动密码之后需要验证开机BIOS密码,并在开机BIOS密码也验证通过的情况下,正常执行BIOS的后续启动流程。In addition, authentication can be performed before the BIOS is started. For example, it is possible to generate a BootKey (startup password), encrypt the BootKey with the private key of the owner of the electronic device, and store the encrypted BootKey in a solid-state hard disk with an NVMe-compliant interface. When the power-on request of the electronic device is detected, the CPU can use the NVMeBoot Partition (NVMe boot partition) technology to read the encrypted BootKey, and then use the public key corresponding to the private key to verify the encrypted BootKey, and the verification is normal. Execute the subsequent boot process of the BIOS. If the power-on BIOS password is set on the electronic device, the power-on BIOS password needs to be verified after the boot-up password is verified, and if the power-on BIOS password is also verified, the subsequent boot process of the BIOS is normally performed.

图3示出了本申请第一实施例提供的处理方法的实现流程示意图。FIG. 3 shows a schematic flowchart of the implementation of the processing method provided by the first embodiment of the present application.

参考图3,本申请实施例处理方法,至少包括如下操作流程:操作301,通过不需要初始化的第一接口,获得存储于与第一接口连接的第一存储空间的第一文件,第一文件为用于支持第一系统运行的文件,第一系统用于初始化电子设备;操作302,基于第一文件,支持第一系统启动。Referring to FIG. 3 , the processing method according to the embodiment of the present application includes at least the following operation flow: In operation 301, a first file stored in a first storage space connected to the first interface is obtained through a first interface that does not require initialization. The first file The first system is a file for supporting the operation of the first system, and the first system is used to initialize the electronic device; in operation 302, based on the first file, the first system is supported to be started.

在操作301中,通过不需要初始化的第一接口,获得存储于与第一接口连接的第一存储空间的第一文件,第一文件为用于支持第一系统运行的文件,第一系统用于初始化电子设备。In operation 301, a first file stored in a first storage space connected to the first interface is obtained through a first interface that does not require initialization. The first file is a file used to support the operation of the first system. to initialize electronic equipment.

在本申请这一实施例中,第一接口可以是符合NVMe的接口。In this embodiment of the present application, the first interface may be an NVMe-compliant interface.

在操作302中,基于第一文件,支持第一系统启动。In operation 302, based on the first file, a first system startup is supported.

在本申请这一实施例中,第一文件至少包括BIOS系统的数字证书,还可以包括部分BIOS文件。这里首先以第一文件包括BIOS系统的数字证书为例,对本申请实施例进行说明。In this embodiment of the present application, the first file includes at least the digital certificate of the BIOS system, and may also include part of the BIOS file. Here first, the embodiment of the present application is described by taking the first file including the digital certificate of the BIOS system as an example.

举例说明,CPU在获取到BIOS系统的数字证书的情况下,CPU可以根据自身存储的公钥对第一文件进行解密,得到解密得到的数据。将解密得到的数据与预存验证数据进行比对,以验证第一文件的安全性。For example, when the CPU obtains the digital certificate of the BIOS system, the CPU can decrypt the first file according to the public key stored by the CPU to obtain the decrypted data. The decrypted data is compared with the pre-stored verification data to verify the security of the first file.

具体的,可以利用公钥对数字证书进行解密,得到第一散列值,并对第一文件进行哈希运算,得到第二散列值,在第一哈希值与第二哈希值相同的情况下,判定第一文件验证通过。此时可以对电子设备的BIOS进行初始化,以使得CPU能够通过第二接口传输数据,以通过第二接口获得第二文件,完成第一系统的启动。Specifically, a public key can be used to decrypt the digital certificate to obtain a first hash value, and a hash operation is performed on the first file to obtain a second hash value, where the first hash value is the same as the second hash value In the case of , it is determined that the verification of the first file is passed. At this time, the BIOS of the electronic device can be initialized, so that the CPU can transmit data through the second interface, so as to obtain the second file through the second interface, and complete the startup of the first system.

其中,公钥为预先为BIOS配置的公钥,并且公钥与存储在独立于电子设备的第三存储空间的私钥相对应。第三存储空间可以是云端、专用密钥存储设备、U盘或存储密钥的电脑端等。The public key is a pre-configured public key for the BIOS, and the public key corresponds to a private key stored in a third storage space independent of the electronic device. The third storage space may be the cloud, a dedicated key storage device, a USB flash drive, or a computer that stores keys, etc.

图4示出了本申请第二实施例提供的处理方法的实现流程示意图。FIG. 4 shows a schematic flowchart of the implementation of the processing method provided by the second embodiment of the present application.

参考图4,本申请实施例处理方法,至少包括如下操作流程:Referring to FIG. 4 , the processing method of the embodiment of the present application includes at least the following operation flow:

操作401,通过不需要初始化的第一接口,获得存储于与第一接口连接的第一存储空间的第一文件,第一文件为用于支持第一系统运行的文件,第一系统用于初始化电子设备。Operation 401: Obtain a first file stored in a first storage space connected to the first interface through a first interface that does not require initialization, where the first file is a file used to support the operation of the first system, and the first system is used for initialization Electronic equipment.

操作402,基于第一文件,支持第一系统的第一部分运行,第一系统的第一部分用于对电子设备进行初始化。In operation 402, based on the first file, the first part of the first system is supported to run, and the first part of the first system is used to initialize the electronic device.

举例说明,第一存储空间具有符合NVMe接口规范的接口与主板连接的存储器,第二存储空间为SPI Flash(具有SPI接口的存储器)。第一系统为BIOS。第一文件包括BIOS系统启动的数字证书部分的BIOS系统文件。For example, the first storage space has a memory whose interface conforms to the NVMe interface specification and is connected to the motherboard, and the second storage space is SPI Flash (a memory with an SPI interface). The first system is the BIOS. The first file includes the BIOS system file of the digital certificate part of the BIOS system startup.

在获得第一文件后,首先对参考上述操作302对数字证书进行安全验证。在安全验证通过的情况下,运行从第一存储空间获得的部分的BIOS系统文件,以完成BIOS系统的初始化,BIOS的初始化至少包括对第二接口的初始化,在完成BIOS初始化后,可以执行如下操作403,通过第二接口获取与第二接口连接的第二存储空间中的第二文件。After the first file is obtained, the digital certificate is firstly verified with reference to the above operation 302 for security. In the case of passing the security verification, run a part of the BIOS system file obtained from the first storage space to complete the initialization of the BIOS system. The initialization of the BIOS at least includes the initialization of the second interface. After the BIOS initialization is completed, the following can be performed. In operation 403, the second file in the second storage space connected to the second interface is acquired through the second interface.

操作403,通过第二接口获取与第二接口连接的第二存储空间中的第二文件。In operation 403, the second file in the second storage space connected to the second interface is acquired through the second interface.

操作404,基于第二文件,支持第一系统的第二部分运行,第一系统的第二部分用于引导操作系统启动。In operation 404, based on the second file, the second part of the first system is supported to run, and the second part of the first system is used to boot the operating system to start.

在本申请这一实施方式中,支持第一系统的第一部分和第二部分运行后,即可完成BIOS启动。In this embodiment of the present application, after the first part and the second part of the first system are supported to run, the BIOS can be started.

举例说明,利用CPU中存储的公钥对第一存储空间的数字证书进行安全验证。在数字证书验证通过的情况下,从第一存储空间获取支持BIOS运行的第一部分,从利用数字证书对BIOS的第一部分进行安全验证。对BIOS的第一部分进行安全验证通过的情况下,从第二存储空间获取支持BIOS运行的第二部分,并再次根据数字证书对支持BIOS运行的第二部分进行验证。在支持BIOS运行的第一部分和第二部分均验证通过的情况下,运行支持BIOS运行的第一部分和第二部分,完成BIOS的初始化。For example, the digital certificate in the first storage space is securely verified by using the public key stored in the CPU. In the case that the verification of the digital certificate is passed, the first part that supports the running of the BIOS is obtained from the first storage space, and the first part of the BIOS is securely verified by using the digital certificate. If the security verification of the first part of the BIOS is passed, the second part that supports the running of the BIOS is obtained from the second storage space, and the second part that supports the running of the BIOS is verified again according to the digital certificate. When both the first part and the second part supporting the running of the BIOS are verified and passed, the first part and the second part supporting the running of the BIOS are run to complete the initialization of the BIOS.

由此,对BIOS两个部分的文件交叉验签,两个部分中任何一部分被破坏或者被篡改均禁止开机,有效保证电子设备的数据安全性。As a result, the files of the two parts of the BIOS are cross-checked, and any part of the two parts is damaged or tampered with, it is forbidden to boot, thereby effectively ensuring the data security of the electronic device.

在本申请这一实施方式中,对第一文件进行安全验证,以使得通过安全验证的第一文件支持第一系统运行,并由此实现基于第一文件,支持第一系统的第一部分运行。In this embodiment of the present application, security verification is performed on the first file, so that the first file that has passed the security verification supports the operation of the first system, and thus supports the operation of the first part of the first system based on the first file.

其中,操作401的具体实现过程与图1所示实施例中操作101的具体实现过程相类似,这里不再赘述。The specific implementation process of operation 401 is similar to the specific implementation process of operation 101 in the embodiment shown in FIG. 1 , and details are not repeated here.

图5示出了本申请第三实施例提供的处理方法的实现流程示意图。FIG. 5 shows a schematic flowchart of the implementation of the processing method provided by the third embodiment of the present application.

参考图5,本申请实施例处理方法,第一文件包括第一系统的第一子文件和第二子文件,第一子文件根据为第一系统配置的私钥生成,私钥存储在独立于电子设备的第三存储空间,至少包括如下操作流程:Referring to FIG. 5, in the processing method of the embodiment of the present application, the first file includes a first sub-file and a second sub-file of the first system, the first sub-file is generated according to the private key configured for the first system, and the private key is stored in an independent The third storage space of the electronic device at least includes the following operation procedures:

操作501,通过不需要初始化的第一接口,获得存储于与第一接口连接的第一存储空间的第一文件,第一文件为用于支持第一系统运行的文件,第一系统用于初始化电子设备。Operation 501: Obtain a first file stored in a first storage space connected to the first interface through a first interface that does not require initialization, where the first file is a file used to support the operation of the first system, and the first system is used for initialization Electronic equipment.

操作502,根据处理器自身存储的公钥对第一子文件进行解密,得到解密结果,其中,公钥为第一系统配置的公钥,并且公钥与私钥相对应。In operation 502, the first subfile is decrypted according to the public key stored by the processor to obtain a decryption result, wherein the public key is the public key configured by the first system, and the public key corresponds to the private key.

操作503,将解密结果与预存验证数据进行比对,以验证第一文件的安全性。In operation 503, the decryption result is compared with the pre-stored verification data to verify the security of the first file.

操作504,在解密结果与预存验证数据一致的情况下,运行第一文件。In operation 504, if the decryption result is consistent with the pre-stored verification data, run the first file.

其中,操作501~504的具体实现过程与图1所示实施例中操作101~102的具体实现过程相类似,这里不再赘述。The specific implementation process of operations 501 to 504 is similar to the specific implementation process of operations 101 to 102 in the embodiment shown in FIG. 1 , and details are not repeated here.

图6示出了本申请第四实施例提供的处理方法的实现流程示意图。FIG. 6 shows a schematic flowchart of the implementation of the processing method provided by the fourth embodiment of the present application.

参考图6,本申请实施例处理方法,至少包括如下操作流程:Referring to FIG. 6 , the processing method of the embodiment of the present application includes at least the following operation flow:

操作601,响应于启动电子设备的触发信号,请求获取电子设备的第一系统的启动密码。In operation 601, in response to a trigger signal for starting the electronic device, request to obtain a start-up password of a first system of the electronic device.

操作602,接收启动密码。In operation 602, an activation password is received.

操作603,对启动密码进行验证。In operation 603, the activation password is verified.

操作604,在启动密码验证通过的情况下,执行前述过程,以使得电子设备启动。In operation 604, if the startup password verification is passed, the foregoing process is performed to enable the electronic device to be started.

具体的,BIOS的启动分为3个阶段:第1阶段是BIOS启动的上电自检过程;第2阶段是BIOS启动,电子设备初始化的过程;第3阶段是引导操作系统启动的过程。Specifically, the startup of the BIOS is divided into three stages: the first stage is the power-on self-check process of BIOS startup; the second stage is the process of BIOS startup and electronic device initialization; the third stage is the process of booting the operating system.

以上图3-5中的操作均在BIOS启动的第二阶段执行。The operations in Figure 3-5 above are all executed in the second stage of BIOS startup.

在本申请这一实施方式中,在BIOS启动的第一阶段,即在启动BIOS之前就进行身份验证。举例说明,可以生成一个BootKey(启动密码),用电子设备的所有者的私钥对BootKey进行加密,将加密后的BootKey存储至具有符合NVMe的接口的固态硬盘中。当检测到电子设备的开机请求时,CPU可以利用NVMe Boot Partition(NVMe启动分区)技术读取加密后的BootKey,然后使用与私钥相对应的公钥对加密后的BootKey进行验证,验证通过则正常执行BIOS的后续启动流程。若电子设备设置了开机BIOS密码,则在验证启动密码之后需要验证开机BIOS密码,并在开机BIOS密码也验证通过的情况下,正常执行BIOS的后续启动流程。In this embodiment of the present application, authentication is performed in the first stage of BIOS startup, that is, before the BIOS is started. For example, it is possible to generate a BootKey (startup password), encrypt the BootKey with the private key of the owner of the electronic device, and store the encrypted BootKey in a solid-state hard disk with an NVMe-compliant interface. When the power-on request of the electronic device is detected, the CPU can use the NVMe Boot Partition (NVMe Boot Partition) technology to read the encrypted BootKey, and then use the public key corresponding to the private key to verify the encrypted BootKey. Execute the subsequent startup process of the BIOS normally. If the power-on BIOS password is set on the electronic device, the power-on BIOS password needs to be verified after the boot-up password is verified, and if the power-on BIOS password is also verified, the subsequent boot process of the BIOS is normally performed.

操作605,通过不需要初始化的第一接口,获得存储于与第一接口连接的第一存储空间的第一文件,第一文件为用于支持第一系统运行的文件,第一系统用于初始化电子设备。Operation 605: Obtain a first file stored in a first storage space connected to the first interface through a first interface that does not require initialization, where the first file is a file used to support the operation of the first system, and the first system is used for initialization Electronic equipment.

操作606,基于第一文件,支持第一系统启动。In operation 606, based on the first file, the first system startup is supported.

其中,操作605和606的具体实现过程与图1所示实施例中操作101和102的具体实现过程相类似,这里不再赘述。The specific implementation process of operations 605 and 606 is similar to the specific implementation process of operations 101 and 102 in the embodiment shown in FIG. 1 , and details are not repeated here.

图7示出了本申请第五实施例提供的处理方法的实现流程示意图。FIG. 7 shows a schematic flowchart of the implementation of the processing method provided by the fifth embodiment of the present application.

参考图7,本申请实施例处理方法中,第一文件为加密文件,本申请实施例处理方法至少包括如下操作流程:Referring to FIG. 7 , in the processing method of the embodiment of the present application, the first file is an encrypted file, and the processing method of the embodiment of the present application includes at least the following operation flow:

操作701,通过不需要初始化的第一接口,获得存储于与第一接口连接的第一存储空间的第一文件,第一文件为用于支持第一系统运行的文件,第一系统用于初始化电子设备。Operation 701: Obtain a first file stored in a first storage space connected to the first interface through a first interface that does not require initialization, where the first file is a file used to support the operation of the first system, and the first system is used for initialization Electronic equipment.

操作702,对第一文件进行安全验证。In operation 702, security verification is performed on the first file.

操作703,在第一文件验证通过的情况下,根据第一文件对第三文件进行验证,第三文件的存储位置与第一文件不同,且第三文件为BIOS文件。In operation 703, if the first file is verified successfully, verify the third file according to the first file, the storage location of the third file is different from that of the first file, and the third file is a BIOS file.

举例说明,CPU可以首先从具有符合NVMe的接口的固态硬盘中获取BIOS的数字证书。利用CPU中预先存储的为BIOS配置的公钥对数字证书进行解密,以对数字证书进行安全验证。在数字证书验证通过的情况下,从硬盘获得BIOS文件,并根据数字证书对BIOS文件进行验证。For example, the CPU may first obtain the digital certificate of the BIOS from the solid-state drive with the NVMe-compliant interface. The digital certificate is decrypted by using the public key pre-stored in the CPU and configured for the BIOS, so as to perform security verification on the digital certificate. In the case that the verification of the digital certificate is passed, the BIOS file is obtained from the hard disk, and the BIOS file is verified according to the digital certificate.

其中,操作701~703的其他具体实现过程与图1所示实施例中操作101~102的具体实现过程相类似,这里不再赘述。Wherein, other specific implementation processes of operations 701 to 703 are similar to the specific implementation processes of operations 101 to 102 in the embodiment shown in FIG. 1 , and details are not repeated here.

通过以上处理方法,将BIOS的密钥存储至具有符合NVMe的接口的存储空间,必须将具有符合NVMe的接口的存储空间连接至电子设备并且对BIOS的数字证书验证通过的情况下,才能完成对电子设备的BIOS进行初始化,并进一步启动电子设备。具有符合NVMe的接口的存储空间为能够独立保存的物理设备,由此,充分利用电子设备的物理设备之间的依赖关系,有效提高电子设备的数据安全性。若缺失具有符合NVMe的接口的存储空间的情况下,则无法完成对BIOS的验证,也无法完成电子设备的开机操作。Through the above processing method, the key of the BIOS is stored in the storage space with the NVMe-compliant interface. The storage space with the NVMe-compliant interface must be connected to the electronic device and the verification of the BIOS digital certificate can be completed. The BIOS of the electronic device is initialized and further starts the electronic device. A storage space having an interface conforming to NVMe is a physical device that can be stored independently. Therefore, the dependency relationship between the physical devices of the electronic device is fully utilized, and the data security of the electronic device is effectively improved. If the storage space with the NVMe-compliant interface is missing, the verification of the BIOS cannot be completed, and the power-on operation of the electronic device cannot be completed.

本申请实施例提供的电子设备及处理方法,该电子设备包括:壳体101,形成有容纳空间102,壳体101上和/或容纳空间102内设置有第一接口,通过第一接口能够获得存储于与第一接口连接的第一存储空间中的第一文件,第一文件为用于支持第一系统运行的文件,第一系统用于初始化电子设备。通过第一接口获取用于支持第一系统运行的第一文件,有效保证第一系统运行的安全性。In the electronic device and the processing method provided by the embodiments of the present application, the electronic device includes: a housing 101 with a accommodating space 102 formed therein, and a first interface is provided on the housing 101 and/or in the accommodating space 102, through which the first interface can be obtained The first file stored in the first storage space connected to the first interface is a file used to support the operation of the first system, and the first system is used to initialize the electronic device. The first file used to support the operation of the first system is acquired through the first interface, thereby effectively ensuring the security of the operation of the first system.

同理,基于上文处理方法,本申请实施例还提供一种计算机可读存储介质,计算机可读存储介质存储有程序,当程序被处理器执行时,使得处理器至少执行如下的操作步骤:操作301,通过不需要初始化的第一接口,获得存储于与第一接口连接的第一存储空间的第一文件,第一文件为用于支持第一系统运行的文件,第一系统用于初始化电子设备;操作302,基于第一文件,支持第一系统启动。Similarly, based on the above processing method, an embodiment of the present application further provides a computer-readable storage medium, where the computer-readable storage medium stores a program, and when the program is executed by the processor, the processor is caused to perform at least the following operation steps: Operation 301: Obtain a first file stored in a first storage space connected to the first interface through a first interface that does not require initialization, where the first file is a file used to support the operation of the first system, and the first system is used for initialization The electronic device; in operation 302, based on the first file, support the startup of the first system.

这里需要指出的是:以上对针对图1和2电子设备实施例的描述,与前述图2至7所示的方法实施例的描述是类似的,具有同图2至7所示的方法实施例相似的有益效果,因此不做赘述。对于本申请设备实施例中未披露的技术细节,请参照本申请图2至7所示的处理方法实施例的描述而理解,为节约篇幅,因此不再赘述。It should be pointed out here that the above description of the electronic device embodiments in FIGS. 1 and 2 is similar to the description of the method embodiments shown in FIGS. Similar beneficial effects are not repeated here. For technical details that are not disclosed in the device embodiments of the present application, please refer to the descriptions of the processing method embodiments shown in FIGS. 2 to 7 of the present application for understanding. In order to save space, they will not be repeated.

需要说明的是,在本文中,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者装置不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者装置所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括该要素的过程、方法、物品或者装置中还存在另外的相同要素。It should be noted that, herein, the terms "comprising", "comprising" or any other variation thereof are intended to encompass non-exclusive inclusion, such that a process, method, article or device comprising a series of elements includes not only those elements, It also includes other elements not expressly listed or inherent to such a process, method, article or apparatus. Without further limitation, an element qualified by the phrase "comprising a..." does not preclude the presence of additional identical elements in a process, method, article or apparatus that includes the element.

在本申请所提供的几个实施例中,应该理解到,所揭露的设备和方法,可以通过其它的方式实现。以上所描述的设备实施例仅仅是示意性的,例如,单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,如:多个单元或组件可以结合,或可以集成到另一个系统,或一些特征可以忽略,或不执行。另外,所显示或讨论的各组成部分相互之间的耦合、或直接耦合、或通信连接可以是通过一些接口,设备或单元的间接耦合或通信连接,可以是电性的、机械的或其它形式的。In the several embodiments provided in this application, it should be understood that the disclosed apparatus and method may be implemented in other manners. The device embodiments described above are only illustrative. For example, the division of units is only a logical function division. In actual implementation, there may be other division methods. For example, multiple units or components may be combined or integrated. to another system, or some features can be ignored, or not implemented. In addition, the coupling, or direct coupling, or communication connection between the components shown or discussed may be through some interfaces, and the indirect coupling or communication connection of devices or units may be electrical, mechanical or other forms. of.

上述作为分离部件说明的单元可以是、或也可以不是物理上分开的,作为单元显示的部件可以是、或也可以不是物理单元;既可以位于一个地方,也可以分布到多个网络单元上;可以根据实际的需要选择其中的部分或全部单元来实现本实施例方案的目的。The unit described above as a separate component may or may not be physically separated, and the component displayed as a unit may or may not be a physical unit; it may be located in one place or distributed to multiple network units; Some or all of the units may be selected according to actual needs to achieve the purpose of the solution in this embodiment.

另外,在本申请各实施例中的各功能单元可以全部集成在一个处理单元中,也可以是各单元分别单独作为一个单元,也可以两个或两个以上单元集成在一个单元中;上述集成的单元既可以采用硬件的形式实现,也可以采用硬件加软件功能单元的形式实现。In addition, each functional unit in each embodiment of the present application may all be integrated into one processing unit, or each unit may be separately used as a unit, or two or more units may be integrated into one unit; the above integration The unit can be implemented either in the form of hardware or in the form of hardware plus software functional units.

本领域普通技术人员可以理解:实现上述方法实施例的全部或部分步骤可以通过程序指令相关的硬件来完成,前述的程序可以存储于计算机可读取存储介质中,该程序在执行时,执行包括上述方法实施例的步骤;而前述的存储介质包括:移动存储设备、只读存储器(Read Only Memory,ROM)、磁碟或者光盘等各种可以存储程序代码的介质。Those of ordinary skill in the art can understand that all or part of the steps of implementing the above method embodiments can be completed by program instructions related to hardware, the aforementioned program can be stored in a computer-readable storage medium, and when the program is executed, the execution includes: The steps of the above method embodiments; and the aforementioned storage medium includes: a removable storage device, a read only memory (Read Only Memory, ROM), a magnetic disk or an optical disk and other media that can store program codes.

或者,本申请上述集成的单元如果以软件功能模块的形式实现并作为独立的产品销售或使用时,也可以存储在一个计算机可读取存储介质中。基于这样的理解,本申请实施例的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机、服务器、或者网络设备等)执行本申请各个实施例方法的全部或部分。而前述的存储介质包括:移动存储设备、ROM、磁碟或者光盘等各种可以存储程序代码的介质。Alternatively, if the above-mentioned integrated units of the present application are implemented in the form of software function modules and sold or used as independent products, they may also be stored in a computer-readable storage medium. Based on such understanding, the technical solutions of the embodiments of the present application can be embodied in the form of software products in essence or in the parts that make contributions to the prior art. The computer software products are stored in a storage medium and include several instructions for A computer device (which may be a personal computer, a server, or a network device, etc.) is caused to execute all or part of the methods of the various embodiments of the present application. The aforementioned storage medium includes various media that can store program codes, such as a removable storage device, a ROM, a magnetic disk, or an optical disk.

以上,仅为本申请的具体实施方式,但本申请的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本申请揭露的技术范围内,可轻易想到变化或替换,都应涵盖在本申请的保护范围之内。因此,本申请的保护范围应以权利要求的保护范围为准。The above are only specific embodiments of the present application, but the protection scope of the present application is not limited to this. Any person skilled in the art can easily think of changes or replacements within the technical scope disclosed in the present application, and should cover within the scope of protection of this application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (10)

1. An electronic device, comprising:
the electronic equipment comprises a shell, wherein an accommodating space is formed on the shell, a first interface is arranged on the shell and/or in the accommodating space, a first file stored in a first storage space connected with the first interface can be obtained through the first interface, the first file is a file used for supporting the operation of a first system, and the first system is used for initializing the electronic equipment.
2. The electronic device of claim 1, further comprising, disposed on the housing and/or within the receiving space:
a second interface for enabling data to be transferred through the second interface after the first system initializes the first system.
3. The electronic device of claim 1, further comprising:
and the first processor is used for obtaining the first file through the first interface and carrying out security verification on the first file so as to enable the first file passing the security verification to support the operation of the first system.
4. The electronic device of claim 3, further comprising:
and the second processor is associated with the first interface and used for receiving an access request of the first processor for accessing the first interface, authenticating the first processor based on the access request, and allowing the first processor to acquire data through the first interface under the condition that the authentication of the first processor is passed.
5. A method of processing, the method comprising:
the method comprises the steps that a first file stored in a first storage space connected with a first interface is obtained through the first interface which does not need to be initialized, the first file is used for supporting a first system to operate, and the first system is used for initializing electronic equipment;
supporting the first system boot based on the first file.
6. The method of claim 5, the enabling the first system boot based on the first file, comprising:
supporting a first part of a first system to run based on the first file, wherein the first part of the first system is used for initializing the electronic equipment;
acquiring a second file in a second storage space connected with a second interface through the second interface;
and supporting a second part of the first system to run based on the second file, wherein the second part of the first system is used for guiding the starting of the operating system.
7. The method of claim 6, the supporting a first portion of the operation of a first system based on the first file, comprising:
and performing security verification on the first file, so that the first file passing the security verification supports the operation of the first part of the first system.
8. The method of claim 6, the first file comprising a first subfile and a second subfile of the first system, the first subfile generated from a private key configured for the first system, the private key stored in a third storage space separate from the electronic device; accordingly, the method can be used for solving the problems that,
the supporting of the first part of the first system running based on the first file comprises:
decrypting the first subfile according to a pre-stored public key to obtain a decryption result;
comparing the decryption result with pre-stored verification data to verify the security of the first file;
under the condition that the decryption result is consistent with pre-stored verification data, operating the first file to support the first part operation of the first system;
wherein the public key corresponds to the private key.
9. The method of claim 5, prior to retrieving a first file from a first storage space connected to the first interface through a first interface that does not require initialization, the method further comprising:
responding to a trigger signal for starting the electronic equipment, and requesting to acquire a starting password of a first system of the electronic equipment;
receiving the starting password;
verifying the starting password;
and in the case that the starting password is verified, executing the process to enable the electronic equipment to start.
10. The method of any of claims 5 to 9, the first file being an encrypted file; accordingly, the method can be used for solving the problems that,
the supporting of the first system boot based on the first file includes:
performing security verification on the first file;
and under the condition that the first file passes the verification, verifying a third file according to the first file, wherein the storage position of the third file is different from that of the first file, and the third file is a basic input and output system file.
CN202210348362.4A 2022-04-01 2022-04-01 Electronic equipment and processing method Pending CN114780929A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210348362.4A CN114780929A (en) 2022-04-01 2022-04-01 Electronic equipment and processing method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210348362.4A CN114780929A (en) 2022-04-01 2022-04-01 Electronic equipment and processing method

Publications (1)

Publication Number Publication Date
CN114780929A true CN114780929A (en) 2022-07-22

Family

ID=82426530

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210348362.4A Pending CN114780929A (en) 2022-04-01 2022-04-01 Electronic equipment and processing method

Country Status (1)

Country Link
CN (1) CN114780929A (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104866396A (en) * 2014-02-24 2015-08-26 联想(北京)有限公司 Information processing method and electronic device
CN104915591A (en) * 2014-03-10 2015-09-16 联想(北京)有限公司 Data processing method and electronic equipment
US20160012233A1 (en) * 2014-07-14 2016-01-14 Lenovo (Singapore) Pte, Ltd. Verifying integrity of backup file in a multiple operating system environment
CN106990958A (en) * 2017-03-17 2017-07-28 联想(北京)有限公司 A kind of extension element, electronic equipment and startup method
CN109714303A (en) * 2017-10-25 2019-05-03 阿里巴巴集团控股有限公司 BIOS starts method and data processing method
CN110674525A (en) * 2019-09-30 2020-01-10 联想(北京)有限公司 Electronic equipment and file processing method thereof
CN112764667A (en) * 2019-10-21 2021-05-07 伊姆西Ip控股有限责任公司 Method, apparatus, storage system and computer program product for storage management

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104866396A (en) * 2014-02-24 2015-08-26 联想(北京)有限公司 Information processing method and electronic device
CN104915591A (en) * 2014-03-10 2015-09-16 联想(北京)有限公司 Data processing method and electronic equipment
US20160012233A1 (en) * 2014-07-14 2016-01-14 Lenovo (Singapore) Pte, Ltd. Verifying integrity of backup file in a multiple operating system environment
CN106990958A (en) * 2017-03-17 2017-07-28 联想(北京)有限公司 A kind of extension element, electronic equipment and startup method
CN109714303A (en) * 2017-10-25 2019-05-03 阿里巴巴集团控股有限公司 BIOS starts method and data processing method
CN110674525A (en) * 2019-09-30 2020-01-10 联想(北京)有限公司 Electronic equipment and file processing method thereof
CN112764667A (en) * 2019-10-21 2021-05-07 伊姆西Ip控股有限责任公司 Method, apparatus, storage system and computer program product for storage management

Similar Documents

Publication Publication Date Title
US11741230B2 (en) Technologies for secure hardware and software attestation for trusted I/O
KR101359841B1 (en) Methods and apparatus for trusted boot optimization
US8782801B2 (en) Securing stored content for trusted hosts and safe computing environments
CN101578609B (en) Secure booting a computing device
KR101662618B1 (en) Measuring platform components with a single trusted platform module
US9336394B2 (en) Securely recovering a computing device
CN101221613B (en) Method and apparatus for validating processing system components
JP4848458B2 (en) Persistent security system and persistent security method
US8544092B2 (en) Integrity verification using a peripheral device
CN102270288B (en) Method for performing trusted boot on operation system based on reverse integrity verification
US11909882B2 (en) Systems and methods to cryptographically verify an identity of an information handling system
US20080082813A1 (en) Portable usb device that boots a computer as a server with security measure
US10776095B2 (en) Secure live media boot system
CN107679425B (en) Trusted boot method based on firmware and USBKey combined full disk encryption
US11822669B2 (en) Systems and methods for importing security credentials for use by an information handling system
CN107408172A (en) Securely boot computers from user-trusted devices
US20230011005A1 (en) Systems and methods for authenticating configurations of an information handling system
US20230010345A1 (en) Systems and methods for authenticating hardware of an information handling system
CN112835628A (en) A server operating system booting method, device, device and medium
JP4724107B2 (en) User authentication method using removable device and computer
CN114780929A (en) Electronic equipment and processing method
CN116089967A (en) Data rollback prevention method and electronic equipment
TW200837630A (en) Method for code execution

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination