The content of the invention
In view of this, it is an object of the invention to provide a kind of active safety of credible industrial control computer startup stageMeans of defence and credible industrial control computer, to solve bootstrap loader present in prior art (bootloader) textAfter part is tampered and/or system image file is tampered, caused operating system can not normally start, or the operation startedThe system technical problem different from the operating system for needing to start.
To prevent in a first aspect, the embodiments of the invention provide a kind of active safety of credible industrial control computer startup stageMaintaining method, applied in the credible platform control module of credible industrial control computer, in the credible industrial control computerAlso include:Flash memory, power-supply controller of electric and the device controller being connected with the credible platform control module, methods described include:
After power supply is accessed, the power-supply controller of electric is controlled to store guiding in the flash memory for electricity on the flash memoryLoading procedure file and system image file;
After the bootstrap loader file is read in the flash memory, using the close SM2 and SM3 algorithms of state to instituteThe integrality for stating bootstrap loader file is verified;
After the completeness check success of the bootstrap loader file, it is the equipment to control the power-supply controller of electricIt is electric on controller, so that described in the device controller read by running the bootstrap loader file in the flash memorySystem image file, and then the device controller is called SM2 the and SM3 algorithm engines of TCM safety chips to the systemThe integrality of image file is verified;
After the completeness check failure of the bootstrap loader file, the power-supply controller of electric is controlled to described credibleUnder industrial control computer electricity or restart.
With reference in a first aspect, the embodiments of the invention provide the possible embodiment of the first of first aspect, wherein, instituteState and the integrality of the bootstrap loader file is verified using state's close SM2 and SM3 algorithms, including:
Hash computing is carried out to the bootstrap loader file using state's close SM3 algorithms, obtains the first Hash Value;
Default bootstrap file signature data and safety management certificate are read from default memory space;
Using the close SM2 algorithms of state, using the safety management certificate and first Hash Value, to bootstrap textPart signed data carries out signature verification;
When signature verification success, the completeness check success of the bootstrap loader file is determined;
When signature verification fails, the completeness check failure of the bootstrap loader file is determined.
Second aspect, the embodiments of the invention provide a kind of active safety of credible industrial control computer startup stage to preventMaintaining method, in the device controller applied to credible industrial control computer, also include in the credible industrial control computer:Flash memory, power-supply controller of electric and credible platform control module, the methods described being connected with the device controller include:
After upper electricity, system image file is read in the flash memory by running bootstrap loader file;
After the system image file is read in the flash memory, by the SM2 and SM3 that call TCM safety chipsAlgorithm engine verifies to the integrality of the system image file;
After the completeness check success of the system image file, the system image file is run;
After the completeness check failure of the system image file, the power-supply controller of electric is controlled to the credible industryUnder control computer electricity or restart.
With reference to second aspect, the embodiments of the invention provide the possible embodiment of the first of second aspect, wherein, instituteState by calling SM2 the and SM3 algorithm engines of TCM safety chips to verify the integrality of the system image file, wrapInclude:
Hash computing is carried out to the system image file using state's close SM3 algorithms, obtains the second Hash Value;
Default system image file signature data and safety management certificate are read from default memory space;
Using the close SM2 algorithms of state, management certificate safe to use and second Hash Value, to the system image file labelName data carry out signature verification;
When signature verification success, the completeness check success of the system image file is determined;
When signature verification fails, the completeness check failure of the system image file is determined.
With reference to second aspect, the embodiments of the invention provide the possible embodiment of second of second aspect, wherein, instituteStating method also includes:
One group of safety management public key, safety management private key and safety management elliptic curve ginseng are generated using the close SM2 algorithms of stateNumber, the safety management private key are stored by safety officer;
Hash calculating, generation are carried out to bootstrap loader file and system image file respectively using the close SM3 algorithms of stateThe Hash Value of bootstrap loader file and the Hash Value of system image file;
Using the close SM2 algorithms of state, the Hash Value of the Hash Value to bootstrap loader file and system image file enters respectivelyRow digital signature, respectively obtain bootstrap file signature data and system image file signature data;
The bootstrap file signature data and system image file signature data Cun Chudao are preset into memory space;
According to the safety management public key, the identity information of the safety officer, safety management elliptic curve ginsengNumber generation safety management certificate, and the default memory space is arrived into safety management certificate storage.
The third aspect, the embodiments of the invention provide a kind of credible industrial control computer, flash memory, power-supply controller of electric, canBelieve platform control module and device controller;
The output end of the flash memory is connected with the credible platform control module and the device controller respectively, for depositingStore up bootstrap loader file and system image file;
The input of the power-supply controller of electric is connected with the credible platform control module, output end respectively with the equipmentController connects with the flash memory, for being the flash memory according to the first control instruction of the credible platform control moduleElectricity, it is electricity on the device controller according to the second control instruction of the credible platform control module;
The credible platform control module, is connected with the device controller, for after power supply is accessed, to describedCredible platform control module sends the first control instruction, the integrality of the bootstrap loader file is verified, when integrality schoolAfter testing successfully, the second control instruction is sent to the credible platform control module, after completeness check failure, controls the electricitySource controller is to electricity under the credible industrial control computer or restarts;
The device controller, for after the power-up, the system being read by running the bootstrap loader fileImage file, the integrality of the system image file is verified, after completeness check success, run the system image textPart, after completeness check failure, the power-supply controller of electric is controlled to electricity under the credible industrial control computer or is restarted.
With reference to the third aspect, the embodiments of the invention provide the possible embodiment of the first of the third aspect, wherein, instituteStating credible platform control module includes:Memory, the computer that is stored on the memory and can run on the microprocessorThe randomizer of the random number that program, the close SM3 algorithms of generation state and the close SM2 algorithms of state use, the close SM3 algorithms of generation state andWhether key generator, the verification bootstrap loader file of the key that the close SM2 algorithms of state use are complete actively to be measuredThe cryptographic algorithm engine and microprocessor of unit, the close SM3 algorithms of the storage state and the close SM2 algorithms of state, the microprocessor are heldThe step of method described in above-mentioned first aspect being realized during the row computer program.
Fourth aspect, the embodiment of the present invention additionally provide a kind of credible platform control module, including:Memory, it is stored inOn the memory and computer program, the close SM2 algorithms of the close SM3 algorithms of generation state and state that can run on the microprocessor useThe key generator of the key that uses of randomizer, the close SM3 algorithms of generation state and the close SM2 algorithms of state of random number, schoolTest the whether complete active metric element of the bootstrap loader file, the close SM3 algorithms of the storage state and the close SM2 algorithms of stateCryptographic algorithm engine and microprocessor, the microprocessor realizes above-mentioned power first aspect institute when performing the computer programThe step of method stated.
5th aspect, the embodiment of the present invention additionally provide a kind of non-volatile program code that can perform with microprocessorComputer-readable medium, described program code makes the microprocessor perform the method described in aforementioned first aspect.
6th aspect, the embodiment of the present invention also provide a kind of non-volatile program code that can perform with microprocessorComputer-readable medium, described program code make the microprocessor perform the method described in foregoing second aspect.
The embodiment of the present invention brings following beneficial effect:The embodiment of the present invention by first after power supply is accessed,Credible platform control module controls the power-supply controller of electric as electricity on the flash memory, when reading the guiding in the flash memoryAfter loading procedure file, credible platform control module is using the close SM2 and SM3 algorithms of state to the bootstrap loader fileIntegrality is verified, and after the completeness check failure of the bootstrap loader file, credible platform control module can be withThe power-supply controller of electric is controlled to electricity under the credible industrial control computer or is restarted;When the bootstrap loader fileAfter completeness check success, credible platform control module can control the power-supply controller of electric as electricity on the device controller.
On device controller after electricity, device controller reads system by running bootstrap loader file in the flash memorySystem image file, after the system image file is read in the flash memory, device controller is by calling the safe cores of TCMSM2 the and SM3 algorithm engines of piece verify to the integrality of the system image file;It is complete when the system image fileAfter whole property verifies successfully, device controller can run the system image file;When the integrality of the system image fileVerification failure after, device controller can control the power-supply controller of electric under the credible industrial control computer electricity or againOpen.
The embodiment of the present invention can be in the device controller in industry control network before upper electricity, and credible platform control module is activelyThe integrality of bootstrap loader file is verified so that trust chain is begun setting up at " the first moment of power-up ", is being verifiedDuring success, control power-supply controller of electric is to electricity on device controller, and on device controller after electricity, equipment device controller is actively rightThe integrality of system image file is verified, just normal to start only in the completeness check success of system image fileOperating system, realize that active of the operating system of credible industrial control computer in credible industrial control computer startup stage is pacifiedFull protection.
Other features and advantages of the present invention will illustrate in the following description, also, partly become from specificationObtain it is clear that or being understood by implementing the present invention.The purpose of the present invention and other advantages are in specification, claimsAnd specifically noted structure is realized and obtained in accompanying drawing.
To enable the above objects, features and advantages of the present invention to become apparent, preferred embodiment cited below particularly, and coordinateAppended accompanying drawing, is described in detail below.
Embodiment
To make the purpose, technical scheme and advantage of the embodiment of the present invention clearer, below in conjunction with accompanying drawing to the present inventionTechnical scheme be clearly and completely described, it is clear that described embodiment is part of the embodiment of the present invention, rather thanWhole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art are not making creative work premiseLower obtained every other embodiment, belongs to the scope of protection of the invention.
, will at present after bootstrap loader (bootloader) file is tampered and/or system image file is tamperedOperating system can be caused not start normally, or the operating system started different from the operating system that needs start is askedTopic, based on this, in order to improve the two-way isolation of industrial production net, Office Network on the premise of strengthen industrial control computer securityEnergy;The boot program loads file in the operating system in industrial control computer and system image file data is avoided to be usurpedChange the industry control network safety problem caused by replacing, a kind of credible industrial control computer provided in an embodiment of the present invention starts rankThe active safety means of defence and credible industrial control computer of section, can be in the device controller in industry control network in upper electricityBefore, credible platform control module actively verifies to the integrality of bootstrap loader file so that trust chain is in " power-up theOne moment " begins setting up, and when verifying successfully, control power-supply controller of electric is to electric on device controller, the electricity on device controllerAfterwards, device controller actively verifies to the integrality of system image file, only the integrality school in system image fileTest by when, just normal start-up operation system, realizes the operating system of credible industrial control computer in credible Industry Control meterThe active safety protection of calculation machine startup stage.
For ease of understanding the present embodiment, first to a kind of credible Industry Control meter disclosed in the embodiment of the present inventionCalculation machine describes in detail, as shown in figure 1, the credible industrial control computer includes:Flash memory 11, power-supply controller of electric 12, canBelieve platform control module 13 and device controller 14, in actual applications, signal switch unit 15 can also be included in Fig. 1;ItsIn, flash memory 11, power-supply controller of electric 12, credible platform control module 13, device controller 14, signal switch unit 15 can be simultaneouslyConfiguration in the printed circuit board of credible industrial control computer, credible platform control module 13 can also by EBI withDevice controller 14 and signal switch unit 15 in the printed circuit board of credible industrial control computer connect.
The output end of the flash memory 11 is connected with the credible platform control module 13 and the device controller 14 respectively,For storing bootstrap loader file and system image file;The power input of the flash memory 11 switches with the signalUnit 15 connects.
The input of the power-supply controller of electric 12 is connected with signal switch unit 15, and output end controls with the equipment respectivelyDevice 14 and the flash memory 11 connect, for what is sent according to the credible platform control module 13 by signal switch unit 15First control instruction is that the flash memory 11 is powered, and is sent according to the credible platform control module 13 by signal switch unit 15The second control instruction power for the device controller 14;
Power-supply controller of electric can refer to CPLD (Complex Programmable Logic Device, complex programmable controlLogic) device etc..
The credible platform control module 13, is connected with the device controller, for after power supply is accessed, generatingFirst control instruction, the first control instruction is sent to the credible platform control module by signal switch unit 15, verifies instituteThe integrality of bootstrap loader file is stated, the control of generation second after the completeness check success of the bootstrap loader fileSystem instruction, is sent or the second control instruction to the credible platform control module by signal switch unit 15, drawn when describedAfter leading the completeness check failure of loading procedure file, the power-supply controller of electric is controlled under the credible industrial control computerElectricity is restarted;
The device controller 14, for after the power-up, the system being read by running the bootstrap loader fileSystem image file, the integrality of the system image file is verified, after the completeness check success of the system image file,The system image file is run, after the completeness check failure of the system image file, controls the power-supply controller of electricTo electricity under the credible industrial control computer or restart.
Signal switch unit 15 in Fig. 1, refer to for receiving the power supply that credible platform control module 13 sends over(power supply instruction can refer to the first control instruction, can also refer to the second control instruction) is made, power supply instruction is solvedAnalysis, and power supply instruction is sent to power-supply controller of electric 12, realize power supply of the credible platform control module 13 to whole platformIt is controlled, when the completeness check of bootstrap loader file or system image file loses in plateform system start-up courseLose, credible platform control module 13 can directly transmit control power command complete under credible industrial control computer electricity or againOpen.
In this embodiment, as shown in Fig. 2 credible platform control module 13 can include:Memory 21, it is stored in instituteState the computer program that can be run on memory and on microprocessor 22, the close SM2 algorithms of the close SM3 algorithms of generation state and state useRandom number the key generator of key that uses of randomizer 23, the close SM3 algorithms of generation state and the close SM2 algorithms of state24th, it is close that the whether complete active metric element 25 of the bootstrap loader file, the close SM3 algorithms of the storage state and state are verifiedThe cryptographic algorithm engine 26 and microprocessor 22 of SM2 algorithms, the microprocessor are realized when performing the computer program:UnderThe step of method of embodiment of the method offer is provided.
Industrial control system processor in Fig. 2 on the right side of bus can refer to device controller 14 in embodiments of the present invention,Domestic TCM trust computings security module in Fig. 2 can refer to TCM safety chips, device controller, I/ in embodiments of the present inventionO unit and TCM safety chips can be connected by bus with the I2C buses of credible platform control module.
In actual applications, credible platform control module 13 can also include timer, control unit and input and output bridgeOrder member, timer can be used for timer counter, and microprocessor can send interruption after timer counter meets related application requirementSignal, related application perform interrupt handling routine;Control unit is mainly responsible for terminal platform program circuit management, is microprocessorCommand and control center, to coordinating whole terminal platform, work is as important in order, and input and output bridge-jointing unit can pass through LPCDevice controller, identification apparatus controller, I2C device controllers or GPIO device controllers connection system bus, enterAnd device controller and TCM safety chips etc. are connected by system bus.
Credible platform control module can be attached by other of I2C interface and industrial control computer chip, realExisting signal transmission.
The close SM3 algorithms of state are the national Password Management office Chinese commercial cipher hash algorithm standards announced in 2010.SM3 is calculatedDigital signature and checking of the method suitable for commercial cipher application, are a kind of algorithms that realization is improved on the basis of SHA-256.SM3 algorithms use Merkle-Damgard structures, and message block length is 512, and digest value length is 256.SM3 algorithmsCompression function has similar structure to SHA-256 compression function, but the design of SM3 algorithms is more complicated, for example compressesThe each round of function all uses 2 message words.
The close SM2 algorithms of state:Public key algorithm, SM2 algorithms were sent out by national Password Management office on December 17th, 2010Cloth, full name are elliptic curve.
In actual applications, the sum in the credible platform control module 13 in cryptographic algorithm engine 26 can directly be utilizedThe integrality of the close SM2 algorithms verification bootstrap loader file of state, and, calculated using the close SM3 of state in cryptographic algorithm engine 26The integrality of the close SM2 algorithms check system image file of method and state.
In practical application, domestic TCM (Trusted Cryptography are also set up in industrial control computerModule, credible password module) safety chip, hereinafter referred to as TCM, it is stored with for the complete of check system image file in TCMThe close SM2 algorithms of the close SM3 algorithms of state and state of whole property, TCM are the core components that industry control terminal system provides security function, are hadCrypto-operation and secure storage function, major function include:1) defencive function, performed with trusted manner and calculate safety storage numberAccording to;2) integrity measurement function, protected module will cause its Hash Value to change after being maliciously tampered, by calculating justModule Hash Value in operation can just detect module problem in time;3) authentication function, TCM can assist to complete and terminalBetween authentication, PCR platform registers can realize terminal and platform hardware configuration mutually binding, realization is mutually authenticated,Communication function.
In embodiments of the present invention, can be drawn when verifying the integrality of bootstrap loader file using cryptographic algorithmThe close SM2 algorithms of the close SM3 algorithms of 26 offer states and state are provided, in check system image file, provide state close SM3 algorithms using TCMWith the close SM2 algorithms of state.
When using the integrality of TCM check system image files, it is possible to achieve be subject to root of trust control work(on the basis of TCMCan, form the host being made up of credible platform control module and TCM and add believable credible node metric, operating system is arrived in realizationTrust transitivity, authentic hardware environ-ment platform is provided for upper strata;Peripheral resources are carried out with the credible control of hardware of bus level.
On the basis of previous embodiment, in another embodiment of the present invention, the credible platform control module 13 canTo be arranged inside industry control network safety means, can also be connected with industry control network safety means by EBI, in realityIn, EBI can refer to LPC (Low Pin Count) interface, 33MHz of the lpc bus interface based on Intel standards4bit parallel bus protocols;EBI can also refer to I2C (Inter-Integrated Circuit, IC bus) and connectMouthful;EBI can also refer to PCI-Express (peripheral component interconnect express) and connectMouthful, PCI-Express interfaces use point-to-point serial data transmission technology, and it is anti-that industry control network safety means can refer to industryWall with flues, industry control safety auditing system, industrial control system leak analysis instrument or industry control safety comprehensive supervising platform etc..
As shown in Fig. 2 credible platform control module 13 can include:Memory 21, it is stored on the memory and canThe random number that the computer program that is run on microprocessor 22, the close SM3 algorithms of generation state and the close SM2 algorithms of state use it is randomThe key generator 24 for the key that number generator 23, the close SM3 algorithms of generation state and the close SM2 algorithms of state use, the verification guidingThe password of the whether complete active metric element 25 of loading procedure file, the close SM3 algorithms of the storage state and the close SM2 algorithms of state is calculatedMethod engine 26 and microprocessor 22, the microprocessor are realized when performing the computer program:Following embodiments of the method provideMethod the step of.
In actual applications, credible platform control module 13 can also include timer, control unit and input and output bridgeOrder member, timer can be used for timer counter, and microprocessor can send interruption after timer counter meets related application requirementSignal, related application perform interrupt handling routine;Control unit is mainly responsible for terminal platform program circuit management, is microprocessorCommand and control center, to coordinating whole terminal platform, work is as important in order, and input and output bridge-jointing unit can pass through LPCDevice controller, identification apparatus controller, I2C device controllers or GPIO device controllers connection system bus, enterAnd device controller and TCM safety chips etc. are connected by system bus.
Credible platform control module can be attached by other of I2C interface and industrial control computer chip, realExisting signal transmission.
On the basis of previous embodiment, in another embodiment of the present invention, as shown in figure 3, the embodiment of the present invention is alsoA kind of active safety means of defence of credible industrial control computer startup stage is provided, due to credible platform in previous embodimentControl module is to send power supply instruction to signal switch unit, and power supply instruction is simply transmitted to by signal switch unitThe break-make of power-supply controller of electric, actually power controller controls power supply, so it is single to omit signal switching in the present embodimentMember, on/off control directly is described using power-supply controller of electric.The active peace of the credible industrial control computer startup stageFull protection method can apply to as in the credible industrial control computer of previous embodiment, the described method comprises the following steps.
In step S101, after power supply is accessed, credible platform control module controls the power-supply controller of electric as instituteState electric on flash memory;Bootstrap loader file and system image file are stored in the flash memory.
In step s 102, after the bootstrap loader file is read in the flash memory, credible platform controlModule is verified using the close SM2 and SM3 algorithms of state to the integrality of the bootstrap loader file.
In this step, key computing can be carried out by the close SM2 and SM3 algorithms of state, can so guarantee safety andEfficiency, double certificate structure, simplifies certificate management, improves availability and pipe.
In embodiments of the present invention, the step S102 may comprise steps of.
Hash computing is carried out to the bootstrap loader file using state's close SM3 algorithms, obtains the first Hash Value;From pre-If default bootstrap file signature data and safety management certificate are read in memory space;Using the close SM2 algorithms of state, useThe safety management certificate and first Hash Value, signature verification is carried out to the bootstrap file signature data;Work as labelWhen name is proved to be successful, the completeness check success of the bootstrap loader file is determined;
When signature verification fails, the completeness check failure of the bootstrap loader file is determined.
In step s 103, after the completeness check success of the bootstrap loader file, the power supply control is controlledDevice processed is electricity on the device controller, so that the device controller is by running the bootstrap loader file describedThe system image file is read in flash memory, and then makes SM2 the and SM3 algorithms of the device controller calling TCM safety chipsEngine verifies to the integrality of the system image file.
In step S104, after the completeness check failure of the bootstrap loader file, the power supply control is controlledDevice processed is to electricity under the credible industrial control computer or restarts.
In step S105, on device controller after electricity, read by running bootstrap loader file in the flash memoryTake system image file.
Also include between step S104 and step S105:Control is released to guiding loading by credible platform control moduleProgram file.
In step s 106, after the system image file is read in the flash memory, device controller passes through tuneThe integrality of the system image file is verified with SM2 the and SM3 algorithm engines of TCM safety chips.
In step s 107, after the completeness check success of the system image file, described in device controller operationSystem image file.
In embodiments of the present invention, the step S107 may comprise steps of.
Hash computing is carried out to the system image file using state's close SM3 algorithms, obtains the second Hash Value;Deposited from defaultStorage reads default system image file signature data and safety management certificate in space;It is safe to use using the close SM2 algorithms of stateCertificate and second Hash Value are managed, signature verification is carried out to the system image file signature data;When signature verification intoDuring work(, the completeness check success of the system image file is determined;When signature verification fails, the system image text is determinedThe completeness check failure of part.
In step S108, after the completeness check failure of the system image file, described in device controller controlPower-supply controller of electric is to electricity under the credible industrial control computer or restarts.
The embodiment of the present invention is in device controller before upper electricity, and credible platform control module is actively to bootstrap loader textPart is measured so that trust chain is begun setting up at " the first moment of power-up ";And utilize more measurement agencies to establish trust chain, it isState and virtual measurement provide support.Realize the active control and measurement based on password;Using brand-new architecture, with certainlyBased on main password, control chip is pillar, and double mainboards that melt are platform, and trusted software is core, credible to be connected as tie, strategyManagement and control architectonical, carry out realizing the purpose that secure and trusted protects application.
As shown in figure 4, when credible industrial control computer starts first, it is described in another embodiment of the present inventionMethod also includes the step of industrial control computer platform completes safety management mandate.
Step S201, device controller using the close SM2 algorithms of state generate one group of safety management public key, safety management private key andSafety management elliptic curve parameter, the safety management private key are stored by safety officer.
In this step, safety management private key needs safety officer's voluntarily kept secure.
Step S202, device controller is using the close SM3 algorithms of state respectively to bootstrap loader file and system image textPart carries out hash calculating, generates the Hash Value of bootstrap loader file and the Hash Value of system image file.
Step S203, device controller the Hash Value to bootstrap loader file and are respectively using the close SM2 algorithms of stateThe Hash Value of system image file is digitally signed, and respectively obtains bootstrap file signature data and system image file signatureData.
Step S204, device controller deposit the bootstrap file signature data and system image file signature dataStore up default memory space.
In this step, default memory space refers to TCM data confidentiality memory module and/or credible platform control module.
Step S205, device controller is according to the safety management public key, the identity information, described of the safety officerSafety management elliptic curve parameter generates safety management certificate, and safety management certificate storage is empty to the default storageBetween.
As shown in figure 5, in another embodiment of the present invention, a kind of credible industrial control computer startup stage is also providedActive safety protector, described device includes:First control module 41, the first correction verification module 42, the second control module 43With the 3rd control module 44;
First control module 41, for after power supply is accessed, controlling the power-supply controller of electric as electricity on the flash memory;
First correction verification module 42, for root after the bootstrap loader file is read in the flash memory, utilizeThe close SM2 and SM3 algorithms of state verify to the integrality of the bootstrap loader file;
Second control module 43, for after the completeness check success of the bootstrap loader file, described in controlPower-supply controller of electric is electricity on the device controller, so that the device controller is by running the bootstrap loader fileThe system image file is read in the flash memory, so make the device controller call TCM safety chips SM2 andSM3 algorithm engines verify to the integrality of the system image file;
3rd control module 44, for after the completeness check failure of the bootstrap loader file, described in controlPower-supply controller of electric is to electricity under the credible industrial control computer or restarts.
As shown in fig. 6, in another embodiment of the present invention, a kind of credible industrial control computer startup stage is also providedActive safety protector, described device includes:First read module 51, the second correction verification module 52, operation module 53 and theFour control modules 54;
First read module 51, after upper electricity, read by running the bootstrap loader file in the flash memoryTake system image file;
Second correction verification module 52, for after the system image file is read in the flash memory, by calling TCMSM2 the and SM3 algorithm engines of safety chip verify to the integrality of the system image file;
Module 53 is run, for after the completeness check success of the system image file, running the system imageFile;
4th control module 54, for after the completeness check failure of the system image file, controlling the power supplyController is to electricity under the credible industrial control computer or restarts.
In another embodiment of the present invention, a kind of non-volatile program code that can perform with microprocessor is also providedComputer-readable medium, described program code makes the microprocessor perform the method described in above method embodiment.
The active safety means of defence for the credible industrial control computer startup stage that the embodiment of the present invention is provided and canBelieve the computer program product of industrial control computer, including store the computer-readable recording medium of program code, it is describedThe instruction that program code includes can be used for performing the method described in previous methods embodiment, and specific implementation can be found in method and implementExample, will not be repeated here.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing descriptionWith the specific work process of device, the corresponding process in preceding method embodiment is may be referred to, will not be repeated here.
In addition, in the description of the embodiment of the present invention, unless otherwise clearly defined and limited, term " installation ", " phaseEven ", " connection " should be interpreted broadly, for example, it may be being fixedly connected or being detachably connected, or be integrally connected;CanTo be mechanical connection or electrical connection;Can be joined directly together, can also be indirectly connected by intermediary, Ke YishiThe connection of two element internals.For the ordinary skill in the art, with concrete condition above-mentioned term can be understood at thisConcrete meaning in invention.
If the function is realized in the form of SFU software functional unit and is used as independent production marketing or in use, can be withIt is stored in a computer read/write memory medium.Based on such understanding, technical scheme is substantially in other wordsThe part to be contributed to prior art or the part of the technical scheme can be embodied in the form of software product, the meterCalculation machine software product is stored in a storage medium, including some instructions are causing a computer equipment (can bePeople's computer, server, or network equipment etc.) perform all or part of step of each embodiment methods described of the present invention.And foregoing storage medium includes:USB flash disk, mobile hard disk, read-only storage (ROM, Read-Only Memory), arbitrary access are depositedReservoir (RAM, Random Access Memory), magnetic disc or CD etc. are various can be with the medium of store program codes.
In the description of the invention, it is necessary to explanation, term " " center ", " on ", " under ", "left", "right", " vertical ",The orientation or position relationship of the instruction such as " level ", " interior ", " outer " be based on orientation shown in the drawings or position relationship, merely toBe easy to the description present invention and simplify description, rather than instruction or imply signified device or element must have specific orientation,With specific azimuth configuration and operation, therefore it is not considered as limiting the invention.In addition, term " first ", " second "," the 3rd " is only used for describing purpose, and it is not intended that instruction or hint relative importance.
Finally it should be noted that:Embodiment described above, it is only the embodiment of the present invention, to illustrate the present inventionTechnical scheme, rather than its limitations, protection scope of the present invention is not limited thereto, although with reference to the foregoing embodiments to this hairIt is bright to be described in detail, it will be understood by those within the art that:Any one skilled in the artThe invention discloses technical scope in, it can still modify to the technical scheme described in previous embodiment or can be lightChange is readily conceivable that, or equivalent substitution is carried out to which part technical characteristic;And these modifications, change or replacement, do not makeThe essence of appropriate technical solution departs from the spirit and scope of technical scheme of the embodiment of the present invention, should all cover the protection in the present inventionWithin the scope of.Therefore, protection scope of the present invention described should be defined by scope of the claims.