基于飞腾E2000的安全网关设计与实现  

作　　者：黄武 盛四华 田炜 蒋增文 李刚锋 HUANG Wu;SHENG Si-hua;TIAN Wei;JIANG Zeng-wen;LI Gang-feng(CEC Industrial Internet Co.,Ltd.,Changsha 410006,China)

机构地区：[1]中电工业互联网有限公司,湖南长沙410006

出　　处：《计算机技术与发展》2025年第2期48-53,共6页Computer Technology and Development

基　　金：湖南省创新型省份建设专项(2021GK4012)。

摘　　要：在万物互联的大背景下,实现系统的安全可信始终是最核心的目标。随着国产信息系统建设的不断深入,实现系统的安全可信已经成为最迫切的需求。为了解决工业互联网的多接口数据互联和数据安全问题,设计了一款基于飞腾嵌入式E2000处理器的安全网关设备。实现了3G/4G/5G无线VPN路由功能,同时支持以太网、RS232/485串口,CAN口接入,并支持Wifi/蓝牙通信以及GPS/北斗定位。通过分析VLAN协议原理,基于RTL8367SC芯片实现了内置网络交换机功能;融合基于RG200U的5G模块挂载方法,形成了网关的内置5G交换机系统,进一步解决了多通道数据互联的问题。通过分析飞腾安全处理器平台架构规范(Phytium Security Platform Architecture,PSPA),设计了网关的安全可信固件制作方法,保证了启动过程执行的所有代码都是安全可信的。通过搭建测试环境进行测试验证,测试结果表明,该系统实现了多种接口的数据互联,并基于多项E2000芯片内置安全加密算法,使安全性方面得到了较大提升。Under the background of the Internet of everything,to achieve the security and credibility of the system is always the core goal.With the deepening of the construction of domestic information systems,to achieve the security and credibility of the system has become the most urgent demand.In order to solve the problem of multi-interface data interconnection and data security of industrial gateway,a security gateway device based on Phytium embedded E2000 processor is designed.It realizes 3G/4G/5G wireless VPN routing function,while supporting Ethernet,RS232/485 serial port,CAN port access,Wifi/Bluetooth communication and GPS/Beidou positioning.By analyzing the principle of VLAN protocol,the function of built-in network switch is realized based on RTL8367SC chip.The 5G module mounting method based on RG200U is integrated to form a built-in 5G switch system of the gateway,which further solves the problem of multi-channel data interconnection.Based on Phytium Security Platform Architecture(PSPA),a method of making secure and trusted firmware of the gateway is designed to ensure that all the code executed during the startup process is safe and trusted.By building a test environment for test and verification,the test results show that the system realizes the data interconnection of multiple interfaces,and based on a number of E2000 chip built-in security encryption algorithms,the security has been greatly improved.

关 键 词：飞腾E2000 安全网关 PSPA RTL8367SC RG200U 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]