CN103353929A - Method for adding and checking ID card information in basic input/output system (BIOS) initiating process - Google Patents
Method for adding and checking ID card information in basic input/output system (BIOS) initiating process Download PDFInfo
- Publication number
- CN103353929A CN103353929A CN2013103272380A CN201310327238A CN103353929A CN 103353929 A CN103353929 A CN 103353929A CN 2013103272380 A CN2013103272380 A CN 2013103272380A CN 201310327238 A CN201310327238 A CN 201310327238A CN 103353929 A CN103353929 A CN 103353929A
- Authority
- CN
- China
- Prior art keywords
- card
- bios
- uefi
- signature information
- card reader
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Stored Programmes (AREA)
Abstract
The invention discloses a method for adding and checking ID card information in a basic input/output system (BIOS) initiating process and belongs to the technical field of computer BIOS. The method comprises the following steps of: (1) adding a unified extensible firmware interface (UEFI) driver of an ID card reader-writer in the UEFIBIOS, and mounting the UEFI driver below a universal serial bus (USB) bus driver; (2) increasing codes for reading signature information of the ID card system at the BDS stage; (3) modifying a path for acquiring the system signature information in Secure Boot; (4) compiling and updating a modified BIOS file into system firmware; (5) writing the required system signature information in the Secure Boot into an ID card; (6) accessing the ID card reader-writer to a USB interface of a computer. According to the method for adding and checking the ID card information in the BIOS initiating process, workers for starting the computer are verified, and the safety protection in the process of starting a computer system is improved.
Description
Technical field
The present invention relates to a kind of computer BIOS technical field, specifically a kind of method of in the BIOS start-up course, adding check ID card information.
Background technology
BIOS is the abbreviation of English " Basic Input Output System ", and literally rear Chinese is exactly " Basic Input or Output System (BIOS) ".It is one group of program that is cured in the computing machine on the mainboard on the rom chip, self-check program and system's self-triggered program after the program of the most important basic input and output of its in store computing machine, system's configuration information, the start.Its major function provides the bottom, the most direct hardware setting and control for computing machine.
UEFI i.e. the abbreviation of " Unified Extensible Firmware Interface ", is translated as " unified Extensible Firmware Interface ".This interface of UEFI is used for operating system automatically from the operating environment of pretrigger, is loaded on a kind of operating system, thereby boot program is abbreviatied, and saves time.
UEFI BIOS is the BIOS system according to graphical demand redesign, is a primary graphical BIOS.The start of UEFI BIOS is carried out flow process and is generally comprised SEC (security security), PEI (pre-EFI Initialization initialization), DXE (Driver Execution Environment driver execution environment), 4 stages of BDS (Boot Device Select selects starting outfit); C language execution environment is prepared in the basic initialization of SEC stage executive system; The PEI stage is waken CPU and internal memory initialization up, enters the C code context, and descriptive system resource and initialization information pass to the DXE stage after the end; The DXE stage is carried out initialization and configuration to computer system device; The BDS stage finishes and enters the front preliminary work of booting operating system.
Secure Boot is translated as clean boot, is the module of UEFI BIOS, plays the function of clean boot in UEFI BIOS start-up course.
Usually all preserved important file and the information of company in the computing machine of enterprise.If after allowing computing machine when starting, check the information of company personnel ID card, just allow the unlatching computer, also be a kind of good mode for the information privacy of company.
How allowing computing machine check the information of company personnel ID card when starting, is those skilled in the art's technical matterss in the urgent need to address.
Summary of the invention
Technical assignment of the present invention is for above weak point, provide a kind of by in UEFI BIOS, adding one section code, inspection user ID card information when system starts, if just normal start-up system of corresponding authority is arranged, otherwise prompting does not have corresponding authority to open a kind of method of adding check ID card information in the BIOS start-up course of computer.
The technical solution adopted for the present invention to solve the technical problems is:
Described method step is:
(1), write guide adds the ID card reader in UEFI BIOS source code UEFI according to UEFI standard and driving and drive, the UEFI of this ID card reader drives as a device drives carry below usb bus drives;
(2), increase the code that reads system signature information in the ID card in the BDS stage of UEFI BIOS;
(3), revise the path that obtains system signature information among the Secure Boot of UEFI BIOS;
(4), compile and upgrade amended BIOS file in system firmware;
(5), needed system signature information exchange among the Secure Boot being crossed the ID card reader is written in the ID card;
(6), USB ID card reader is accessed the USB interface of computing machine.
Use that the setting up procedure of computing machine is after the described method:
(1), UEFI BIOS starts;
(2), at first be written into usb bus and drive, find the UEFI of ID card reader to drive again, the UEFI driving with this ID card reader is mounted under the usb bus driving again;
(3), in the BDS stage of UEFI BIOS, drive the UEFI driving of lower ID card reader by calling usb bus, visit USB ID card reader;
(4) if the ID card reader does not have the ID card, setting up procedure stops;
(5), the ID card reader has the ID card, and the system signature information that reads on the ID card is kept at a region of memory;
(6), after Secure Boot starts, the system signature information on the ID card of storing in the check internal memory authenticates;
(7), system signature information and the needed system signature information inconsistency of Secure Boot on the ID card, authentication is not passed through, system prompt does not have authority to start computing machine, again reads the system signature information of the ID card on the ID card reader;
(8), the system signature information on the ID card is consistent with the needed system signature information of Secure Boot, authentication is passed through, and normally starts the operating system of computing machine.
A kind of method of adding check ID card information in the BIOS start-up course of the present invention is compared with existing technology, and is that the personnel that open computing machine are verified, has increased the safeguard protection of computer system starting.Have the following advantages:
1, add one section code in the BIOS of UEFI, inspection user ID card information when system starts if just normal start-up system of corresponding authority is arranged, does not have corresponding authority unlatching computer otherwise point out;
2, by at the POST of BIOS stage inspection user ID card information, not only can be used for the legitimacy of authentication of users access computer, can also by check ID card information, obtain the authority that BIOS is upgraded;
3, because BIOS is kept in the firmware, unlike the operating system that is kept in the hard disk, easily by virus damage, can not lose because of the damage of hard disk this security function yet, therefore have preferably safety protection function;
4, because the employee of secure information storage after in employee ID card, therefore leaving office as long as its ID card is regained by company, just can't open computer again; Security information is write in new employee's the ID card, the new employee just can be from this computer of new use; Increased the security of company information, and convenient operation.
Description of drawings
The present invention is further described below in conjunction with accompanying drawing.
Accompanying drawing 1 is a kind of process flow diagram that adds the method for check ID card information in the BIOS start-up course;
Accompanying drawing 2 is that the system after a kind of method of adding check ID card information in the BIOS start-up course starts process flow diagram.
Embodiment
The invention will be further described below in conjunction with the drawings and specific embodiments.
A kind of method of in the BIOS start-up course, adding check ID card information of the present invention,
As shown in Figure 1, described method step is:
(1), write guide adds the ID card reader in UEFI BIOS source code UEFI according to UEFI standard and driving and drive, the UEFI of this ID card reader drives as a device drives carry below usb bus drives;
(2), increase the code that reads system signature information in the ID card in the BDS stage of UEFI BIOS;
(3), revise the path that obtains system signature information among the Secure Boot of UEFI BIOS;
(4), compile and upgrade amended BIOS file in system firmware;
(5), needed system signature information exchange among the Secure Boot being crossed the ID card reader is written in the ID card;
(6), USB ID card reader is accessed the USB interface of computing machine.
As shown in Figure 2, use that the setting up procedure of computing machine is after the described method:
(1), UEFI BIOS starts;
(2), at first be written into usb bus and drive, find the UEFI of ID card reader to drive again, the UEFI driving with this ID card reader is mounted under the usb bus driving again;
(3), in the BDS stage of UEFI BIOS, drive the UEFI driving of lower ID card reader by calling usb bus, visit USB ID card reader;
(4) if the ID card reader does not have the ID card, setting up procedure stops;
(5), the ID card reader has the ID card, and the system signature information that reads on the ID card is kept at a region of memory;
(6), after Secure Boot starts, the system signature information on the ID card of storing in the check internal memory authenticates;
(7), system signature information and the needed system signature information inconsistency of Secure Boot on the ID card, authentication is not passed through, system prompt does not have authority to start computing machine, again reads the system signature information of the ID card on the ID card reader;
(8), the system signature information on the ID card is consistent with the needed system signature information of Secure Boot, authentication is passed through, and normally starts the operating system of computing machine.
Above-mentioned embodiment only is concrete case of the present invention; scope of patent protection of the present invention includes but not limited to above-mentioned embodiment; claims of any a kind of method of in the BIOS start-up course, adding check ID card information according to the invention and any person of an ordinary skill in the technical field to its suitable variation or replacement of doing, all should fall into scope of patent protection of the present invention.
Claims (2)
1. one kind is added the method for checking the ID card information in the BIOS start-up course, it is characterized in that described method step is:
(1), write guide adds the ID card reader in UEFI BIOS source code UEFI according to UEFI standard and driving and drive, the UEFI of this ID card reader drives as a device drives carry below usb bus drives;
(2), increase the code that reads system signature information in the ID card in the BDS stage of UEFI BIOS;
(3), revise the path that obtains system signature information among the Secure Boot of UEFI BIOS;
(4), compile and upgrade amended BIOS file in system firmware;
(5), needed system signature information exchange among the Secure Boot being crossed the ID card reader is written in the ID card;
(6), USB ID card reader is accessed the USB interface of computing machine.
2. a kind of method of adding check ID card information in the BIOS start-up course according to claim 1 is characterized in that using that the setting up procedure of computing machine is after the described method:
(1), UEFI BIOS starts;
(2), at first be written into usb bus and drive, find the UEFI of ID card reader to drive again, the UEFI driving with this ID card reader is mounted under the usb bus driving again;
(3), in the BDS stage of UEFI BIOS, drive the UEFI driving of lower ID card reader by calling usb bus, visit USB ID card reader;
(4) if the ID card reader does not have the ID card, setting up procedure stops;
(5), the ID card reader has the ID card, and the system signature information that reads on the ID card is kept at a region of memory;
(6), after Secure Boot starts, the system signature information on the ID card of storing in the check internal memory authenticates;
(7), system signature information and the needed system signature information inconsistency of Secure Boot on the ID card, authentication is not passed through, system prompt does not have authority to start computing machine, again reads the system signature information of the ID card on the ID card reader;
(8), the system signature information on the ID card is consistent with the needed system signature information of Secure Boot, authentication is passed through, and normally starts the operating system of computing machine.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013103272380A CN103353929A (en) | 2013-07-31 | 2013-07-31 | Method for adding and checking ID card information in basic input/output system (BIOS) initiating process |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013103272380A CN103353929A (en) | 2013-07-31 | 2013-07-31 | Method for adding and checking ID card information in basic input/output system (BIOS) initiating process |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103353929A true CN103353929A (en) | 2013-10-16 |
Family
ID=49310300
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2013103272380A Pending CN103353929A (en) | 2013-07-31 | 2013-07-31 | Method for adding and checking ID card information in basic input/output system (BIOS) initiating process |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103353929A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107451463A (en) * | 2017-08-18 | 2017-12-08 | 郑州云海信息技术有限公司 | A kind of method of checking secure boot functions |
| CN109614156A (en) * | 2018-12-26 | 2019-04-12 | 贵州华芯通半导体技术有限公司 | Support the methods, devices and systems of the driving of starting class external equipment |
| CN110287686A (en) * | 2019-06-24 | 2019-09-27 | 深圳市同泰怡信息技术有限公司 | A kind of the clean boot right management method and equipment of basic input output system |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1609748A (en) * | 2004-10-14 | 2005-04-27 | 苏州超锐微电子有限公司 | Method for realizing starting up lock function in network card bootstrap zone |
| CN1797335A (en) * | 2004-12-30 | 2006-07-05 | 联想(北京)有限公司 | Method for expanding function of basic input / output system |
| US20090210689A1 (en) * | 2008-02-18 | 2009-08-20 | Dell Products L.P. | Remote management of uefi bios settings and configuration |
| CN101645127A (en) * | 2009-06-17 | 2010-02-10 | 北京交通大学 | Method for establishing trusted booting system based on EFI |
| CN103034510A (en) * | 2012-10-26 | 2013-04-10 | 中国航天科工集团第二研究院七〇六所 | UEFI and BIOS (unified extensible firmware interface and basic input output system) rapidly and safely starting method capable of being dynamically adjusted as requirements |
-
2013
- 2013-07-31 CN CN2013103272380A patent/CN103353929A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1609748A (en) * | 2004-10-14 | 2005-04-27 | 苏州超锐微电子有限公司 | Method for realizing starting up lock function in network card bootstrap zone |
| CN1797335A (en) * | 2004-12-30 | 2006-07-05 | 联想(北京)有限公司 | Method for expanding function of basic input / output system |
| US20090210689A1 (en) * | 2008-02-18 | 2009-08-20 | Dell Products L.P. | Remote management of uefi bios settings and configuration |
| CN101645127A (en) * | 2009-06-17 | 2010-02-10 | 北京交通大学 | Method for establishing trusted booting system based on EFI |
| CN103034510A (en) * | 2012-10-26 | 2013-04-10 | 中国航天科工集团第二研究院七〇六所 | UEFI and BIOS (unified extensible firmware interface and basic input output system) rapidly and safely starting method capable of being dynamically adjusted as requirements |
Non-Patent Citations (2)
| Title |
|---|
| 朱贺新 等: "《基于UEFI的可信BIOS研究与应用》", 《北京工业职业技术学院学报》 * |
| 潘林 等: "《基于EFI BIOS的UKEY设备驱动的设计与实现》", 《计算机工程与应用》 * |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107451463A (en) * | 2017-08-18 | 2017-12-08 | 郑州云海信息技术有限公司 | A kind of method of checking secure boot functions |
| CN107451463B (en) * | 2017-08-18 | 2020-06-16 | 苏州浪潮智能科技有限公司 | Method for verifying secure boot function |
| CN109614156A (en) * | 2018-12-26 | 2019-04-12 | 贵州华芯通半导体技术有限公司 | Support the methods, devices and systems of the driving of starting class external equipment |
| CN109614156B (en) * | 2018-12-26 | 2021-10-15 | 贵州华芯通半导体技术有限公司 | Method, device and system for supporting driving of starting type external equipment |
| CN110287686A (en) * | 2019-06-24 | 2019-09-27 | 深圳市同泰怡信息技术有限公司 | A kind of the clean boot right management method and equipment of basic input output system |
| CN110287686B (en) * | 2019-06-24 | 2021-06-15 | 深圳市同泰怡信息技术有限公司 | Safe starting authority management method and equipment for basic input output system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103412769B (en) | External card parameter configuration, equipment and system | |
| US10216936B2 (en) | Method of preventing computer malfunction, computer program, and computer | |
| US8086839B2 (en) | Authentication for resume boot path | |
| US20070061818A1 (en) | Detection of devices during operating system setup | |
| US20060064576A1 (en) | Boot systems and methods | |
| JP2004151785A (en) | Detachable device and method for starting program | |
| CN107479931B (en) | Method for refreshing BIOS (basic input output System) by application layer of linux system | |
| US20110154484A1 (en) | Information processing apparatus, method of controlling authentication process, and recording medium | |
| US10606677B2 (en) | Method of retrieving debugging data in UEFI and computer system thereof | |
| CN106909848A (en) | A kind of computer security strengthening system and its method based on BIOS extensions | |
| CN104572165A (en) | UEFI (Unified Extensible Firmware Interface) firmware implementation method based on Feiteng server | |
| CN101645127A (en) | Method for establishing trusted booting system based on EFI | |
| US20100049961A1 (en) | Update method for basic input/output system and update system thereof | |
| CN104572061A (en) | UEFI (Unified Extensible Firmware Interface) firmware implementation method based on Loongson server | |
| CN104572161A (en) | UEFI (Unified Extensible Firmware Interface) firmware implementation method based on Loongson portable computer | |
| CN103353929A (en) | Method for adding and checking ID card information in basic input/output system (BIOS) initiating process | |
| US20110296072A1 (en) | System and method for controlling pci-e slots of computer | |
| CN104657644A (en) | Method and device for acquiring and verifying fingerprint | |
| CN104035757A (en) | MIPS-based (microprocessor without interlocked piped stages-based) U-boot (universal boot loader) transplantation implementing method | |
| CN110096882B (en) | Safety measurement method in equipment operation process | |
| CN103455750A (en) | High-security verification method and high-security verification system for embedded devices | |
| US10146943B2 (en) | System and method to disable the erasure of an administrator password in an information handling system | |
| CN114443152B (en) | Network wake-up starting-up method and computer equipment | |
| US20100169584A1 (en) | System and method for erasing and writing desktop management interface data under a linux system | |
| CN104991774A (en) | System and method for guiding interception system in UEFI platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20131016 |