A security control method and a network device, the security control method comprises: a network device acquires confidential data generated by a software trusted platform module (TPM) running in the network device, the confidential data comprising immutable confidential data and refreshable confidential data (101); the immutable confidential data is data incapable of being updated in a first-time startup process of the network device, while the refreshable confidential data is data capable of being updated in a first-time startup process of the network device; the network device encrypts the immutable confidential data by using a white-box algorithm (102); the network device stores the immutable confidential data encrypted by using the white-box algorithm and the refreshable confidential data in a storage unit with a hidden address (103). The method increases system security upon software realization of a TPM.