阅读说明：本技术 一种终端可信控制模块及控制方法、装置、电子设备 (Terminal trusted control module, control method and device and electronic equipment ) 是由 王志皓 赵保华 陈连栋 祝金会 孙辰军 于 2021-07-28 设计创作，主要内容包括：本发明公开的一种终端可信控制模块及控制方法、装置、电子设备,其中方法通过切换模块使得终端可以访问第一存储芯片或第二存储芯片；并且可信控制芯片通过切换模块控制终端在访问第一存储芯片时,控制终端无法访问第二存储芯片,避免了第二存储芯片所存储的可信数据被外部硬件修改,从而保障第二存储芯片的可信数据安全。同时,通过切换第一存储芯片以及第二存储芯片获取终端的启动程序,可以避免因启动程序数据遭受外部破坏现象,发生可信数据信息不安全的问题。(The invention discloses a terminal trusted control module, a control method, a control device and electronic equipment, wherein in the method, a terminal can access a first storage chip or a second storage chip through a switching module; and when the trusted control chip controls the terminal to access the first storage chip through the switching module, the control terminal cannot access the second storage chip, so that the trusted data stored by the second storage chip is prevented from being modified by external hardware, and the security of the trusted data of the second storage chip is guaranteed. Meanwhile, the first storage chip and the second storage chip are switched to obtain the starting program of the terminal, so that the problem that the trusted data information is unsafe due to the fact that the starting program data is damaged externally can be avoided.)

1. A terminal trusted control module, comprising: the switching module is arranged on the terminal and comprises a trusted control chip, a switching module, a first storage chip and a second storage chip which are respectively arranged on a control panel of the terminal;

the trusted control chip is connected with a central processing chip of a terminal arranged on the control panel, and is used for storing a reference credibility value, a data size value and a storage position of a starting program of the terminal and executing switching operation among the central processing chip of the terminal, the first storage chip and the second storage chip through a switching module;

the first storage chip is connected with the trusted control chip through the switching module and is used for storing a starting program for starting the terminal;

and the second storage chip is connected with the trusted control chip through the switching module and is used for backing up the starting program of the terminal.

2. The terminal trusted control module according to claim 1, further comprising: and the first communication interface, the second communication interface, the third communication interface and the fourth communication interface are respectively connected with the switching module.

3. The terminal trusted control module according to claim 2, wherein the first communication interface is connected to the central processing chip of the terminal, the second communication interface is connected to the trusted control chip, the third communication interface is connected to the first memory chip, and the fourth communication interface is connected to the second memory chip.

4. A terminal trusted control module control method for a terminal trusted control module according to any one of claims 1 to 3, comprising the steps of:

responding to the power-on of a central processing chip of a terminal, and controlling the central processing chip to execute reset operation;

controlling the switching module to switch to a first storage chip and reading a starting program of the terminal stored by the first storage chip;

identifying a current reliability value of a starting program of a terminal according to a reference reliability value of the starting program of the terminal;

and controlling the switching module to execute switching operation among a central processing chip, the first storage chip and the second storage chip of the terminal according to the identification result of the current credibility value.

5. The method according to claim 4, wherein the step of controlling the switching module to perform a switching operation among the central processing chip, the first memory chip and the second memory chip of the terminal according to the identification result of the current reliability value further comprises:

if the current reliability value is larger than or equal to the reference reliability value, controlling the switching module to switch to a central processing chip and controlling the terminal to stop resetting operation;

and controlling the terminal to execute the starting operation by using the starting program read from the first storage chip.

6. The method according to claim 4, wherein the step of controlling the switching module to perform a switching operation among the central processing chip, the first memory chip and the second memory chip of the terminal according to the identification result of the current reliability value further comprises:

if the current reliability is smaller than the reference reliability value, controlling the switching module to switch from the first storage chip to a second storage chip;

reading the starting program backed up by the second storage chip and controlling the terminal to stop the reset operation;

and controlling the terminal to execute the starting operation by using the starting program read from the second storage chip.

7. The method according to claim 5, wherein the step of controlling the switching module to switch to the first memory chip and controlling the terminal to stop the reset operation if the current reliability value is greater than or equal to the reference reliability value further comprises:

and if the current reliability value is greater than or equal to the reference reliability value, controlling the switching module to switch to the first storage chip through the third communication interface, and controlling the terminal to stop the reset operation through the first communication interface.

8. The method according to claim 6, wherein the step of controlling the switching module to switch from the first memory chip to the second memory chip if the current reliability is less than the reference reliability value further comprises:

and controlling the switching module to disconnect the third communication interface and switch from the first storage chip to the second storage chip through the fourth communication interface.

9. A terminal trusted control module control apparatus for the terminal trusted control module according to any one of claims 1 to 3, comprising:

the reset control module is used for responding to the electrification of a central processing chip of the terminal and controlling the central processing chip to execute reset operation;

the control reading module is used for controlling the switching module to switch to the first storage chip and reading the stored starting program of the terminal;

the reliability identification module is used for identifying the current reliability value of the starting program of the terminal according to the reference reliability value of the starting program of the terminal;

and the switching control module is used for controlling the switching module to execute switching operation among the central processing chip, the first storage chip and the second storage chip of the terminal according to the identification result of the current credibility value.

10. A computer-readable storage medium, characterized in that the computer-readable storage medium stores computer instructions for causing the computer to execute the terminal trusted control module control method according to any one of claims 4 to 9.

11. An electronic device, comprising: the terminal trusted control module of any one of claims 1 to 3, a memory, and a processor, the terminal trusted control module, the memory, and the processor being communicatively coupled to each other, the memory having stored therein computer instructions, the processor being configured to execute the computer instructions to perform the terminal trusted control module control method of any one of claims 4 to 9.

Technical Field

The invention relates to the technical field of information security, in particular to a terminal trusted control module, a control method and a control device and electronic equipment.

Background

With the development and progress of science and technology, the world has entered the digital age currently. Our information is promoted and propagated at a great speed through computer storage, processing and propagation techniques. The main idea of trusted computing is to introduce a security chip on a hardware platform to improve the security of a terminal device.

At present, because the storage capacity of the trusted control chip is limited, if all the boot program data for booting the terminal, the backup data thereof, the switch data, etc. are stored in the trusted control chip, obviously, the data is easily damaged from the outside, and the security of the trusted data information is affected.

Disclosure of Invention

Therefore, the technical problem to be solved by the present invention is to overcome the defects that the storage capacity of the trusted control chip in the prior art is limited, and if all the boot data for booting the terminal are stored in the trusted control chip, the data is easily damaged from the outside, and the security of the trusted data information is affected, so as to provide a terminal trusted control module, a control method, an apparatus, and an electronic device.

According to a first aspect, an embodiment of the present invention provides a terminal trusted control module, including: the switching module is arranged on the terminal and comprises a trusted control chip, a switching module, a first storage chip and a second storage chip which are respectively arranged on a control panel of the terminal;

the trusted control chip is connected with a central processing chip of a terminal arranged on the control panel, and is used for storing a reference credibility value, a data size value and a storage position of a starting program of the terminal and executing switching operation among the central processing chip of the terminal, the first storage chip and the second storage chip through a switching module;

the first storage chip is connected with the trusted control chip through the switching module and is used for storing a starting program for starting the terminal;

and the second storage chip is connected with the trusted control chip through the switching module and is used for backing up the starting program of the terminal.

In one embodiment, the terminal trusted control module further includes: and the first communication interface, the second communication interface, the third communication interface and the fourth communication interface are respectively connected with the switching module.

In one embodiment, in the terminal trusted control module, the first communication interface is connected to the central processing chip of the terminal, the second communication interface is connected to the trusted control chip, the third communication interface is connected to the first storage chip, and the fourth communication interface is connected to the second storage chip.

According to a second aspect, an embodiment of the present invention provides a method for controlling a terminal trusted control module, which is used for the terminal trusted control module described in the first aspect or any implementation manner of the first aspect, and includes the following steps:

responding to the power-on of a central processing chip of a terminal, and controlling the central processing chip to execute reset operation;

controlling the switching module to switch to a first storage chip and reading a starting program of the terminal stored by the first storage chip;

identifying a current reliability value of a starting program of a terminal according to a reference reliability value of the starting program of the terminal;

and controlling the switching module to execute switching operation among a central processing chip, the first storage chip and the second storage chip of the terminal according to the identification result of the current credibility value.

In one embodiment, the step of controlling the switching module to perform a switching operation among the central processing chip, the first memory chip and the second memory chip of the terminal according to the recognition result of the current reliability value further includes:

if the current reliability value is larger than or equal to the reference reliability value, controlling the switching module to switch to a central processing chip and controlling the terminal to stop resetting operation;

and controlling the terminal to execute the starting operation by using the starting program read from the first storage chip.

In one embodiment, the step of controlling the switching module to perform a switching operation among the central processing chip, the first memory chip and the second memory chip of the terminal according to the recognition result of the current reliability value further includes:

if the current reliability is smaller than the reference reliability value, controlling the switching module to switch from the first storage chip to a second storage chip;

reading the starting program backed up by the second storage chip and controlling the terminal to stop the reset operation;

and controlling the terminal to execute the starting operation by using the starting program read from the second storage chip.

In one embodiment, the step of controlling the switching module to switch to the first memory chip and controlling the terminal to stop the reset operation if the current reliability value is greater than or equal to the reference reliability value further includes:

and if the current reliability value is greater than or equal to the reference reliability value, controlling the switching module to switch to the first storage chip through the third communication interface, and controlling the terminal to stop the reset operation through the first communication interface.

In one embodiment, the step of controlling the switching module to switch from the first memory chip to the second memory chip if the current reliability is smaller than the reference reliability value further includes:

and controlling the switching module to disconnect the third communication interface and switch from the first storage chip to the second storage chip through the fourth communication interface.

According to a third aspect, an embodiment of the present invention provides a device for controlling a terminal trusted control module, which is used for the terminal trusted control module described in the first aspect or any implementation manner of the first aspect, and includes the following modules:

the reset control module is used for responding to the electrification of a central processing chip of the terminal and controlling the central processing chip to execute reset operation;

the control reading module is used for controlling the switching module to switch to the first storage chip and reading the stored starting program of the terminal;

the reliability identification module is used for identifying the current reliability value of the starting program of the terminal according to the reference reliability value of the starting program of the terminal;

and the switching control module is used for controlling the switching module to execute switching operation among the central processing chip, the first storage chip and the second storage chip of the terminal according to the identification result of the current credibility value.

According to a fourth aspect, an embodiment of the present invention provides a computer-readable storage medium, where computer instructions are stored, and the computer instructions are configured to cause the computer to execute the terminal trusted control module control method described in the second aspect or any implementation manner of the second aspect.

According to a fifth aspect, an embodiment of the present invention provides an electronic device, including: the terminal trusted control module, the memory and the processor are communicatively connected to each other, the memory stores computer instructions, and the processor executes the computer instructions to execute the method for controlling the terminal trusted control module according to the second aspect or any of the embodiments of the second aspect.

The technical scheme of the invention has the following advantages:

the embodiment of the invention discloses a terminal trusted control module, a control method, a control device and electronic equipment, wherein in the method, a terminal can access a first memory chip or a second memory chip through a switching module; the trusted control chip controls the terminal to access the first storage chip through the switching module; the control terminal cannot access the second storage chip, so that the trusted data stored by the second storage chip is prevented from being modified by external hardware, and the security of the trusted data of the second storage chip is guaranteed. Meanwhile, the first storage chip and the second storage chip are switched to obtain the starting program of the terminal, so that the problem that the trusted data information is unsafe due to the fact that the starting program data is damaged externally can be avoided.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.

Fig. 1 is a block diagram of a trusted control module of a terminal in an embodiment of the present invention;

fig. 2 is a flowchart of a control method of a terminal trusted control module according to an embodiment of the present invention;

fig. 3 is a block diagram of a terminal trusted control module control apparatus according to an embodiment of the present invention;

fig. 4 is a hardware diagram of an electronic device according to an embodiment of the present invention.

Reference numerals:

11-a control panel; 110-a trusted control chip; 111-a switching module;

112-a first memory chip; 113-a second memory chip; 114-a first communication interface;

115-a second communication interface; 116-a third communication interface; 117-fourth communication interface;

12-central processing chip.

Detailed Description

The technical solutions of the present invention will be described clearly and completely with reference to the accompanying drawings, and it should be understood that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

In the description of the present invention, it should be noted that the terms "center", "upper", "lower", "left", "right", "vertical", "horizontal", "inner", "outer", etc., indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings, and are only for convenience of description and simplicity of description, but do not indicate or imply that the device or element being referred to must have a particular orientation, be constructed and operated in a particular orientation, and thus, should not be construed as limiting the present invention. Furthermore, the terms "first," "second," and "third" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.

In the description of the present invention, it should be noted that, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral connection; can be mechanically or electrically connected; the two elements may be directly connected or indirectly connected through an intermediate medium, or may be communicated with each other inside the two elements, or may be wirelessly connected or wired connected. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.

In addition, the technical features involved in the different embodiments of the present invention described below may be combined with each other as long as they do not conflict with each other.

The trusted computing taking the trusted control chip as the trust root adopts components such as cryptographic technology, trust root chip, trusted basic software and the like to build a brand-new trusted computing system structure framework, forms a trusted immune architecture by a trusted computing subsystem logically independent of the traditional system, and connects each trusted node into a complete trusted system. The method lays a firm foundation for autonomous and controllable network security in the modern information systems such as the computer application field, industrial control systems, cloud computing, internet of things, big data, mobile intelligent networks and the like.

In the related art, the storage capacity of the trusted control chip is limited, and if all the boot program data for booting the terminal, the backup data thereof, the switch data, and the like are stored in the trusted control chip, it is obvious that the data is easily damaged from the outside, and the security of the trusted data information is affected.

In view of this, an embodiment of the present invention discloses a terminal trusted control module, as shown in fig. 1, including: the terminal comprises a trusted control chip 110, a switching module 111, a first memory chip 112 and a second memory chip 113 which are respectively arranged on a control panel 11 of the terminal.

The trusted control chip 110 is connected to the central processing chip 12 of the terminal disposed on the control panel 11, and the trusted control chip 110 is configured to store a reference confidence value, a data size value, and a storage location of a start program of the terminal. For example: the control panel 11 may be a PCB circuit board and the central processing chip 12 may be a CPU chip. The trusted control chip 110 is used for performing a switching operation among the central processing chip 12, the first memory chip 112 and the second memory chip 113 of the terminal through the switching module 111.

Specifically, in fig. 1, the central processing chip 12 may be connected to the trusted control chip 110 through a first communication interface 114, where the first communication interface 114 may be a flash communication interface of a terminal, or an SPI communication interface. The reference reliability value, the data size value and the storage position of the starting program of the Flash storage terminal in the trusted control chip 110 are mainly stored through the Flash in the chip. Of course, the trusted control chip 110 may also store some trusted switching signals. In addition, the trusted control chip 110 may control the switching module 111 to implement a switching function according to a trusted switching signal stored therein. Namely, the switching module 111 is controlled by the trusted control chip 110, and the central processing chip 12, the first memory chip 112 and the second memory chip 113 are switched through the switching module 111, so that the terminal can access one Flash in the first memory chip 112 or the second memory chip 113. In fig. 1, the first communication interface 114, the second communication interface 115, the third communication interface 116, and the fourth communication interface 117 may be SPI communication interfaces. For example: when the trusted control chip 110 controls the switching module 111 to switch to the first memory chip 112 through the third communication interface 116, the fourth communication interface 117 is in a disconnected state with the second memory chip 113. For example: when the trusted control chip 110 controls the switching module 111 to switch to the second memory chip 113 through the fourth communication interface 117, the third communication interface 116 is disconnected from the first memory chip 112. The switching module 111 in the above may be a switch.

The first memory chip 112 is connected to the trusted control chip 110 through the switching module 111, and is configured to store a boot program for booting the terminal. Specifically, in fig. 1, the first memory chip 112 may be connected with the switching module 111 through the third communication interface 116. The starting procedure here mainly includes: a motherboard program and a kernel program. The first memory chip 112 may be an SPI NOR Flash chip for storing a start-up program of the terminal.

The second storage chip 113 is connected to the trusted control chip 110 through the switching module 111, and is used for backing up a start program of the terminal. Specifically, in fig. 1, the second memory chip 113 may be connected with the switching module 111 through the fourth communication interface 117. In case the boot program is backed up to prevent the boot program in the first memory chip 112 from being changed, it may be switched to the second memory chip 113 through the fourth communication interface 117. The second memory chip 113 may be an SPI NAND Flash, which has a large memory capacity, is mainly used for storing backup data of a start program of the terminal, and may also store some program image data, a confidence metric value, and the like.

In the terminal trusted control module in the embodiment of the present invention, the terminal can access the first memory chip 112 or the second memory chip 113 through the switching module 111; and the trusted control chip 110 controls the terminal to access the first memory chip 112 through the switching module 111; the control terminal cannot access the second memory chip 113, and therefore trusted data stored in the second memory chip 113 is prevented from being modified by external hardware, and the security of the trusted data of the second memory chip 113 is guaranteed. Meanwhile, if all the data storage information of the first memory chip 112 and the second memory chip 113 are stored in the trusted control chip 110 with limited capacity, the data is easily damaged from the outside, which affects the security of the trusted data information.

Based on the same concept, an embodiment of the present invention further provides a method for controlling a terminal trusted control module, which is used for the terminal trusted control module in the foregoing embodiment, and as shown in fig. 2, the method includes the following steps:

step S21: and controlling the central processing chip to execute reset operation in response to the power-on of the central processing chip of the terminal.

Since in fig. 1, the terminal is connected to the central processing chip of the terminal through the first communication interface, when the trusted control chip triggers a response when the terminal is powered on, the trusted control chip controls the CPU to execute a reset operation. I.e., the CPU is in a reset off state at this time.

Step S22: and controlling the switching module to switch to the first storage chip and read the stored starting program of the terminal.

In fig. 1, the switching module is connected to the first memory chip through the third communication interface, and the trusted control chip is switched to the first memory chip through the third communication interface to read the boot program stored in the first memory chip. At this time, according to the principle characteristic of the switching module, when the first memory chip and the switching module establish communication connection through the third communication interface, the fourth communication interface and the second memory chip are in a disconnected state, so that the terminal cannot access the second memory chip through the first communication chip, and the security of data information stored in the second memory chip can be ensured.

Step S23: and identifying the current reliability value of the starting program of the terminal according to the reference reliability value of the starting program of the terminal.

The reference reliability value here corresponds to a reference value that measures the current reliability value of the boot program. If the current credibility value is greater than or equal to the reference credibility value, the current credibility of the starting program of the terminal reaches the safety standard, otherwise, if the current credibility value is less than the reference credibility value, the current credibility of the starting program of the terminal does not reach the safety standard.

Step S24: and controlling a switching module to execute switching operation among a central processing chip, a first storage chip and a second storage chip of the terminal according to the identification result of the current credibility value.

In an embodiment, the step S24 of controlling the switching module to perform the switching operation among the central processing chip, the first memory chip and the second memory chip of the terminal according to the identification result of the current reliability value further includes the following steps:

firstly: and if the current reliability value is greater than or equal to the reference reliability value, the control switching module is switched to the central processing chip and the control terminal to stop the reset operation.

Specifically, the trusted control chip may control the switching module to switch from the first storage chip to the central processing chip, and control the terminal to stop the reset operation through the first communication interface. In fig. 1, the switching module is connected to the central processing chip of the terminal through a first communication interface, and the switching module is connected to the first memory chip through a third communication interface. Namely, when the current credibility value of the starting program of the terminal reaches the safety standard, the third communication interface and the fourth communication interface can be disconnected, the switching module is ensured to be connected with the central control chip through the first communication interface, and the control of the terminal to stop the reset operation by the credible control chip can be realized.

Then: and controlling the terminal to execute the starting operation by using the starting program read from the first storage chip.

At this time, the boot program of the first memory chip reaches the safety standard, which means that the boot program is not modified by the external environment, and therefore, the terminal can be controlled to perform a normal boot operation by using the boot program read from the first memory chip.

In another embodiment, the step S24 of controlling the switching module to perform the switching operation among the central processing chip, the first memory chip and the second memory chip of the terminal according to the recognition result of the current reliability value further includes the steps of:

firstly: and if the current reliability is smaller than the reference reliability value, controlling the switching module to switch from the first storage chip to the second storage chip.

Specifically, the trusted control chip may control the switching module to switch from the first storage chip to the second storage chip, and the switching module establishes a communication connection with the second storage chip through the fourth communication interface. At this time, the third communication interface is disconnected from the first memory chip to prevent the terminal from accessing the data information stored in the second memory chip. That is, when the current credibility value of the start-up program of the terminal does not reach the safety standard, which means that the data information stored in the first memory chip has been changed, the third communication interface can be disconnected.

Then: and reading the starting program of the second storage chip backup and controlling the terminal to stop the reset operation.

The control terminal is also required to stop the reset operation when reading the start-up program stored in the second memory chip.

And finally: and controlling the terminal to execute the starting operation by using the starting program read from the second storage chip.

The starting program of the terminal backup is read from the first storage chip, and when the starting program is modified or damaged by an external environment, the starting program read from the second storage chip can be used as the backup starting program, so that the terminal can be ensured to be capable of avoiding normal starting operation when the terminal is damaged accidentally.

According to the terminal trusted control module control method in the embodiment of the invention, the terminal can access the first memory chip or the second memory chip through the switching module; the trusted control chip controls the terminal to access the first storage chip through the switching module; the control terminal cannot access the second storage chip, so that the trusted data stored by the second storage chip is prevented from being modified by external hardware, and the security of the trusted data of the second storage chip is guaranteed. Meanwhile, the first storage chip and the second storage chip are switched to obtain the starting program of the terminal, so that the problem that the trusted data information is unsafe due to the fact that the starting program data is damaged externally can be avoided.

Based on the same concept, an embodiment of the present invention further provides a device for controlling a terminal trusted control module, which is used for the terminal trusted control module in the foregoing embodiment, and as shown in fig. 3, includes the following modules:

and the reset control module 31 is configured to control the central processing chip to perform a reset operation in response to the central processing chip of the terminal being powered on.

And the control reading module 32 is used for controlling the switching module to switch to the first storage chip and reading the stored starting program of the terminal.

The reliability identification module 33 is configured to identify a current reliability value of the start program of the terminal according to the reference reliability value of the start program of the terminal.

And the switching control module 34 is configured to control the switching module to perform a switching operation among the central processing chip, the first memory chip, and the second memory chip of the terminal according to the identification result of the current confidence value.

In the apparatus for controlling a terminal trusted control module in the embodiment of the present invention, the switching control module 34 further includes:

the first control submodule is used for controlling the switching module to switch to the central processing chip and the control terminal to stop the reset operation if the current reliability value is greater than or equal to the reference reliability value;

and the second control submodule is used for controlling the terminal to execute the starting operation by using the starting program read from the first storage chip.

In the apparatus for controlling a terminal trusted control module in the embodiment of the present invention, the switching control module 34 further includes:

the third control sub-module is used for controlling the switching module to switch from the first storage chip to the second storage chip if the current reliability is smaller than the reference reliability value;

the reading control module is used for reading a starting program of the second storage chip backup and controlling the terminal to stop the reset operation;

and the fourth control submodule is used for controlling the terminal to execute the starting operation by using the starting program read from the second storage chip.

In the apparatus for controlling a terminal trusted control module in an embodiment of the present invention, the first control sub-module further includes:

and the first control unit is used for controlling the switching module to switch to the first storage chip through the third communication interface and controlling the terminal to stop the reset operation through the first communication interface if the current reliability value is greater than or equal to the reference reliability value.

In the apparatus for controlling a terminal trusted control module in an embodiment of the present invention, the second control sub-module further includes:

and the second control unit is used for controlling the switching module to disconnect the third communication interface and switch from the first storage chip to the second storage chip through the fourth communication interface.

The terminal trusted control module control device in the embodiment of the invention enables the terminal to access the first memory chip or the second memory chip through the switching module; the trusted control chip controls the terminal to access the first storage chip through the switching module; the control terminal cannot access the second storage chip, so that the trusted data stored by the second storage chip is prevented from being modified by external hardware, and the security of the trusted data of the second storage chip is guaranteed. Meanwhile, the first storage chip and the second storage chip are switched to obtain the starting program of the terminal, so that the problem that the trusted data information is unsafe due to the fact that the starting program data is damaged externally can be avoided.

Based on the same concept, an embodiment of the present invention further provides an electronic device, as shown in fig. 4, the electronic device may include a processor 41, a memory 42, and a terminal trusted control module 43, where the processor 41, the memory 42, and the terminal trusted control module 43 may be connected by a bus or in another manner, and fig. 4 takes the connection by the bus as an example.

The processor 41 may be a Central Processing Unit (CPU). The Processor 41 may also be other general purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components, or combinations thereof.

The memory 42, which is a non-transitory computer readable storage medium, may be used to store non-transitory software programs, non-transitory computer executable programs, and modules. The processor 41 executes various functional applications and data processing of the processor by executing the non-transitory software programs, instructions and modules stored in the memory 42, that is, implements the terminal trusted control module control method in the above method embodiment.

The memory 42 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created by the processor 41, and the like. Further, the memory 42 may include high speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, memory 42 may optionally include memory located remotely from processor 41, which may be connected to processor 41 via a network. Examples of such networks include, but are not limited to, the power grid, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.

The one or more modules are stored in the memory 42, and when executed by the processor 41, perform the terminal trusted control module control method in the embodiment shown in the drawings.

The details of the electronic device may be understood by referring to the corresponding related descriptions and effects in the embodiments shown in the drawings, and are not described herein again.

It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic Disk, an optical Disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a Flash Memory (Flash Memory), a Hard Disk (Hard Disk Drive, abbreviated as HDD), a Solid State Drive (SSD), or the like; the storage medium may also comprise a combination of memories of the kind described above.

It should be understood that the above examples are only for clarity of illustration and are not intended to limit the embodiments. Other variations and modifications will be apparent to persons skilled in the art in light of the above description. And are neither required nor exhaustive of all embodiments. And obvious variations or modifications therefrom are within the scope of the invention.