MICROCODE SIGNATURE SECURITY MANAGEMENT SYSTEM AND METHOD BASED ON TRUSTZONE TECHNOLOGY

摘要

The present invention relates to the field of data security storage, and provides a microcode signature security management system based on a Trustzone technology. The method comprises: start a common operating system after a hardware device is started; the common operating system obtains a signature-encrypted microcode file and outputs the signature-encrypted microcode file and a switching signal; a microprocessor receives the switching signal and starts a monitoring mode to start a secure operating system; the secure operating system receives the signature-encrypted microcode file, performs signature verification on the signature-encrypted microcode file, loads the file if the signature verification is successful, and outputs microcode error information if the signature verification fails. By means of the present invention, the security of microcode is ensured on the basis of a secure operating system (secure os) safety environment to which a system layer is inaccessible. A cryptography tool measure is adopted, so that the security, integrity and correctness of loaded microcode are ensured, and the risk of breaking, modifying and replacing an existing microcode management mechanism is lowered.