CN107038381A - A kind of managed firmware guard method based on binding mechanism - Google Patents

A kind of managed firmware guard method based on binding mechanism Download PDF

Info

Publication number
CN107038381A
CN107038381A CN201710244703.2A CN201710244703A CN107038381A CN 107038381 A CN107038381 A CN 107038381A CN 201710244703 A CN201710244703 A CN 201710244703A CN 107038381 A CN107038381 A CN 107038381A
Authority
CN
China
Prior art keywords
binding
firmware
managed
authentication
identifier information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710244703.2A
Other languages
Chinese (zh)
Inventor
李清石
刘强
赵素梅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jinan Inspur Hi Tech Investment and Development Co Ltd
Original Assignee
Jinan Inspur Hi Tech Investment and Development Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jinan Inspur Hi Tech Investment and Development Co Ltd filed Critical Jinan Inspur Hi Tech Investment and Development Co Ltd
Priority to CN201710244703.2A priority Critical patent/CN107038381A/en
Publication of CN107038381A publication Critical patent/CN107038381A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/572Secure firmware programming, e.g. of basic input output system [BIOS]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/73Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Storage Device Security (AREA)
  • Stored Programmes (AREA)

Abstract

The present invention provides a kind of managed firmware guard method based on binding mechanism; belong to server admin technical field; managed firmware obtains certain unique identifier information when starting for the first time from Management Controller; and write in the Flash of storage management firmware; managed firmware is bound together with this Management Controller; managed firmware is prevented to be used for other boards, so as to be protected to managed firmware.

Description

A kind of managed firmware guard method based on binding mechanism
Technical field
The present invention relates to server admin technology, more particularly to a kind of managed firmware guard method based on binding mechanism.
Background technology
Data center has substantial amounts of server, in order to which these servers are carried out with effective management, server admin system System is essential, and server admin firmware plays an important role in server management system, it is therefore desirable to solid to management Part is protected.The use of encryption chip technology is a kind of conventional programmed protection solution, but this scheme needs increase outer Portion's dedicated devices, and need in production for encryption chip preset key, to add production process.How simply and effectively to protect It is the major issue for needing to solve that managed firmware program, which is not stolen illegally,.
The content of the invention
In order to solve the above technical problems, the present invention proposes a kind of managed firmware guard method based on binding mechanism.
The technical scheme is that:
A kind of managed firmware guard method based on binding mechanism, managed firmware obtains certain when starting for the first time from Management Controller Unique identifier information is planted, and is write in the Flash of storage management firmware, managed firmware is bundled in this Management Controller Together, managed firmware is prevented to be used for other boards, so as to be protected to managed firmware.
Mainly include the following steps that:
(1) burning managed firmware is to Flash, electricity in management system;
(2) operation binding is set up and authentication processes before firmware starts managing process, whether has storage mark in detection Flash The region of information is accorded with, if there is no then thinking that firmware is to run for the first time, binding is performed and sets up operation:
Read certain unique identifier information of Management Controller typing when manufacturing, it is preferable that this identifier letter Breath represents that being stored in can be managed in the piece of firmware access in ROM using GUID;
Read-write storage region is created in Flash, and the above- mentioned information got is write;
Binding is re-executed to set up and the binding foundation in authentication processes and authentication operation;
(3) binding authentication behaviour is performed if binding is set up and authentication processes detect the region of existing storage identifier information Make:
Read the identifier information in Management Controller and identifier memory area domain;
The above-mentioned identifier information of contrast, identical then binding authentication success, can start managing process, differ then binding authentication mistake Lose, it is impossible to start managing process;
(4) binding is set up operation and only carried out when firmware first powers on startup, is only tied up in the start-up course after firmware Determine authentication operation.
The premise that the present invention is realized is, it is necessary to which Management Controller chip has when manufacturing has been written into unique identifier Addressable ROM in the piece of information.
The essence of the present invention is entered using managed firmware in the unique identifier information and Flash of Management Controller chip Row binding, can be because Management Controller is different and can not run management therein if stealing managed firmware and being put into other boards Process.
The beneficial effects of the invention are as follows:
The present invention is authenticated using the unique identifier information in ROM built in Management Controller, it is not necessary to which external dedicated is encrypted Device, it is easy and effective.
Brief description of the drawings
Fig. 1 is the schematic diagram of the present invention.
Embodiment
More detailed illustrate is carried out to present disclosure below:
There is one piece of server master board, BMC (a Baseboard Management Controller, substrate pipe are placed on board Manage controller), BMC has addressable ROM in piece, the unique GUID information of manufacturer's typing before BMC dispatches from the factory, pipe Reason firmware is placed in SPI Flash, is articulated in by SPI interface on BMC.
It is electric on server, after BMC operating system nucleus start completions, perform binding and set up and authentication processes.Binding is set up Whether there is with authentication processes detection/conf/binding.ini files, if there is no then think BMC be for the first time perform this Process sets up operation, establishment/conf/binding.ini files and by ROM in the BMC pieces read, it is necessary to carry out binding In this file of GUID Data Enters, re-execute binding and set up and the binding foundation in authentication processes and authentication operation, due to Binding file is established, it is necessary to carry out binding authentication operation, the GUID stored in the GUID information and binding file in contrast BMC Information, binding authentication success, can start managing process if consistent, and binding authentication fails if inconsistent, it is impossible to open Dynamic managing process.Due to having to pass through the process of upper electro-detection before product export, managed firmware had performed binding and set up Operation, therefore the firmware read from the SPI Flash of product by binding authentication operation because just can not can not be employed To other boards.

Claims (4)

1. a kind of managed firmware guard method based on binding mechanism, it is characterised in that
A kind of unique identifier information is obtained from Management Controller when managed firmware starts for the first time, and writes storage management and is consolidated In the Flash of part, managed firmware is bound together with this Management Controller.
2. according to the method described in claim 1, it is characterised in that
Comprise the following steps:
(1) burning managed firmware is to Flash, electricity in management system;
(2) operation binding is set up and authentication processes before firmware starts managing process, whether has storage mark in detection Flash The region of information is accorded with, if there is no then thinking that firmware is to run for the first time, binding is performed and sets up operation:
A kind of unique identifier information of Management Controller typing when manufacturing is read,
Read-write storage region is created in Flash, and the above- mentioned information got is write;
Binding is re-executed to set up and the binding foundation in authentication processes and authentication operation;
(3) binding authentication behaviour is performed if binding is set up and authentication processes detect the region of existing storage identifier information Make:
Read the identifier information in Management Controller and identifier memory area domain;
The above-mentioned identifier information of contrast, identical then binding authentication success, can start managing process, differ then binding authentication mistake Lose, it is impossible to start managing process.
3. method according to claim 2, it is characterised in that
Binding is set up operation and only carried out when firmware first powers on startup, and binding is only carried out in the start-up course after firmware and is recognized Card operation.
4. method according to claim 2, it is characterised in that
Identifier information represents that being stored in can be managed in the piece of firmware access in ROM using GUID.
CN201710244703.2A 2017-04-14 2017-04-14 A kind of managed firmware guard method based on binding mechanism Pending CN107038381A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710244703.2A CN107038381A (en) 2017-04-14 2017-04-14 A kind of managed firmware guard method based on binding mechanism

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710244703.2A CN107038381A (en) 2017-04-14 2017-04-14 A kind of managed firmware guard method based on binding mechanism

Publications (1)

Publication Number Publication Date
CN107038381A true CN107038381A (en) 2017-08-11

Family

ID=59535041

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710244703.2A Pending CN107038381A (en) 2017-04-14 2017-04-14 A kind of managed firmware guard method based on binding mechanism

Country Status (1)

Country Link
CN (1) CN107038381A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107832588A (en) * 2017-11-17 2018-03-23 珠海市多泰吉智能技术有限公司 A kind of anti-method and apparatus and computer-readable storage medium divulged a secret of Flash
CN109117332A (en) * 2018-08-29 2019-01-01 郑州云海信息技术有限公司 A kind of information-reading method and device
CN111079124A (en) * 2019-12-21 2020-04-28 广州小鹏汽车科技有限公司 Security chip activation method and device, terminal equipment and server
CN111291363A (en) * 2020-01-19 2020-06-16 深圳信可通讯技术有限公司 Communication module operation processing method and device, communication module and computer readable medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101145906A (en) * 2006-09-13 2008-03-19 北京邦天科技有限公司 Method and system for authenticating legality of receiving terminal in unidirectional network
CN101589398A (en) * 2006-12-28 2009-11-25 桑迪士克股份有限公司 Upgrading a memory card that has security mechanisms that prevent copying of secure content and applications
CN105069350A (en) * 2015-08-24 2015-11-18 上海繁易电子科技有限公司 Encryption method and apparatus for embedded operating system
US20160140344A1 (en) * 2013-06-24 2016-05-19 Nippon Telegraph And Telephone Corporation Security information management system and security information management method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101145906A (en) * 2006-09-13 2008-03-19 北京邦天科技有限公司 Method and system for authenticating legality of receiving terminal in unidirectional network
CN101589398A (en) * 2006-12-28 2009-11-25 桑迪士克股份有限公司 Upgrading a memory card that has security mechanisms that prevent copying of secure content and applications
US20160140344A1 (en) * 2013-06-24 2016-05-19 Nippon Telegraph And Telephone Corporation Security information management system and security information management method
CN105069350A (en) * 2015-08-24 2015-11-18 上海繁易电子科技有限公司 Encryption method and apparatus for embedded operating system

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107832588A (en) * 2017-11-17 2018-03-23 珠海市多泰吉智能技术有限公司 A kind of anti-method and apparatus and computer-readable storage medium divulged a secret of Flash
CN109117332A (en) * 2018-08-29 2019-01-01 郑州云海信息技术有限公司 A kind of information-reading method and device
CN111079124A (en) * 2019-12-21 2020-04-28 广州小鹏汽车科技有限公司 Security chip activation method and device, terminal equipment and server
CN111079124B (en) * 2019-12-21 2023-02-10 广州小鹏汽车科技有限公司 Security chip activation method and device, terminal equipment and server
CN111291363A (en) * 2020-01-19 2020-06-16 深圳信可通讯技术有限公司 Communication module operation processing method and device, communication module and computer readable medium
CN111291363B (en) * 2020-01-19 2022-02-15 深圳信可通讯技术有限公司 Communication module operation processing method and device, communication module and computer readable medium

Similar Documents

Publication Publication Date Title
CN107038381A (en) A kind of managed firmware guard method based on binding mechanism
CN105069350B (en) Encryption method and device for embedded operating system
CN100378609C (en) Method and apparatus for unlocking a computer system hard drive
CN102831079B (en) A kind of method that mobile terminal is detected and mobile terminal
US20070006290A1 (en) USB-compliant personal key
CN102955921A (en) Electronic device and safe starting method
CN101334827A (en) Magnetic disc encryption method and magnetic disc encryption system for implementing the method
KR20170020324A (en) Method for completing a secure erase operation
CN106161442A (en) A kind of system control user login method
CN107679421A (en) A kind of movable memory apparatus monitoring means of defence and system
US11023140B2 (en) NVDIMM with removable storage
CN112560120B (en) Secure memory bank and method for starting secure memory bank
CN104408364A (en) Server management program protection method and system
CN103294971A (en) Method for realizing burglary prevention and data protection of hard disk
CN105337995A (en) Rapid personalization method and system for smart card
CN104965767A (en) Method for decoding encoded and inaccessible Hitachi hard disk
CN110730079B (en) System for safe starting and trusted measurement of embedded system based on trusted computing module
CN104361298B (en) The method and apparatus of Information Security
JP5163522B2 (en) USB storage device, host computer, USB storage system, and program
JP2009129413A (en) Shared management method of portable storage device, and portable storage device
JP3491273B2 (en) Chip card and how to import information on it
CN109885731A (en) A kind of power monitoring platform data information MAP matching process and system
CN111125723A (en) Encryption card identification method, device, equipment and storage medium
CN103105783B (en) embedded element and control method
CN111832057A (en) Self-destruction method for U disk file

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20170811