Abstract: A microcode signature security management system based on a Trustzone technology comprises the steps of: starting a normal operating system; acquiring the signature-encrypted microcode file and outputting the signature-encrypted microcode file and a switching signal by the normal operating system; receiving the switching signal and starting the monitor mode by the microprocessor to start a secure operating system; receiving the signature-encrypted microcode file, performing signature verification on the signature-encrypted microcode file, loading the file when the signature verification passes, otherwise outputting microcode error information when the signature verification fails by the secure operating system. The security of microcode is ensured on the basis of a secure operating system safety environment to which a system layer is inaccessible.

Abstract: The present disclosure provides a trusted execution environment-based key burning system. After a terminal device is enabled, a normal operating system is started, the normal operating system acquires key data to be burned and outputs a switching signal and the key data to be burned, a microprocessor receives the switching signal in a monitor mode and the microprocessor is switched to the secure operating system from the normal operating system, the secure operating system receives the key data to be burned and decrypts the data to be burned according to preset key data, to acquire and write the corresponding original key data into a secure storage area of the secure operating system. Due to the use of the trusted execution environment-based key burning, the key is burned, stored and used safely. In addition, the cryptography protects the key from unexpected damage in transmission and keeps the key integral.

Abstract: The present disclosure provides a trusted execution environment-based key burning system. After a terminal device is enabled, a normal operating system is started, the normal operating system acquires key data to be burned and outputs a switching signal and the key data to be burned, a microprocessor receives the switching signal in a monitor mode and the microprocessor is switched to the secure operating system from the normal operating system, the secure operating system receives the key data to be burned and decrypts the data to be burned according to preset key data, to acquire and write the corresponding original key data into a secure storage area of the secure operating system. Due to the use of the trusted execution environment-based key burning, the key is burned, stored and used safely. In addition, the cryptography protects the key from unexpected damage in transmission and keeps the key integral.

Abstract: The present invention provides a microcode signature security management system based on a Trustzone technology, and belongs to the field of data security storage. The microcode signature security management system comprises the steps of: starting a normal operating system after the hardware equipment is started; acquiring the signature-encrypted microcode file and outputting the signature-encrypted microcode file and a switching signal by the normal operating system; receiving the switching signal and starting the monitor mode by the microprocessor to start a secure operating system; receiving the signature-encrypted microcode file, performing signature verification on the signature-encrypted microcode file, loading the file when the signature verification passes, otherwise outputting microcode error information when the signature verification fails by the secure operating system.

Abstract: A method for improving the security of a trusted application comprises: signing the trusted application in a hierarchical signature mode by the upper computer to generate a signature file package about the trusted application, and saving the signature file package in a main operation system; obtaining the signature file package and loading the signature file package to the second operation environment by the security execution system; parsing the signature file package by the security execution system to obtain a parsed result; and performing hierarchical verification on the parsed result by the security execution system, and if the hierarchical verification is passed, it will indicate that the trusted application is in a security state, otherwise, it is in a non-security state. The defects of lack of a security authentication mode for the trusted application and relatively low security due to mere adoption of a simple digital signature mechanism are overcome.

Abstract: A method for improving the security of a trusted application comprises: signing the trusted application in a hierarchical signature mode by the upper computer to generate a signature file package about the trusted application, and saving the signature file package in a main operation system; obtaining the signature file package and loading the signature file package to the second operation environment by the security execution system; parsing the signature file package by the security execution system to obtain a parsed result; and performing hierarchical verification on the parsed result by the security execution system, and if the hierarchical verification is passed, it will indicate that the trusted application is in a security state, otherwise, it is in a non-security state. The defects of lack of a security authentication mode for the trusted application and relatively low security due to mere adoption of a simple digital signature mechanism are overcome.