CN107193717A - It is a kind of to realize that system and determination methods are presented in BMC firmwares trusted status based on web interface - Google Patents
It is a kind of to realize that system and determination methods are presented in BMC firmwares trusted status based on web interface Download PDFInfo
- Publication number
- CN107193717A CN107193717A CN201710355754.2A CN201710355754A CN107193717A CN 107193717 A CN107193717 A CN 107193717A CN 201710355754 A CN201710355754 A CN 201710355754A CN 107193717 A CN107193717 A CN 107193717A
- Authority
- CN
- China
- Prior art keywords
- bmc
- trusted
- reference value
- kernel
- cryptographic hash
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/32—Monitoring with visual or acoustical indication of the functioning of the machine
- G06F11/324—Display of status information
- G06F11/328—Computer systems status display
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44505—Configuring for program initiating, e.g. using registry, configuration files
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- Quality & Reliability (AREA)
- Stored Programmes (AREA)
Abstract
Realize that system is presented in BMC firmwares trusted status based on web interface the invention discloses one kind, including:BMC firmwares, including the kernel modules for the cryptographic Hash of measuring application program and trusted agent program, the Uboot modules of the cryptographic Hash for measuring kernel modules, trusted agent program, the application program of cryptographic Hash for measuring BIOS Boot Block;With BIOS Boot Block;And contrast module, it must be contrasted for carrying out metric and a reference value;With interface display module, for measurement behavior and comparing result to be included in web interface in the form of metrics logs and measurement results;With starting module, for electric in CPU progress, selection loading operating system.The invention also discloses a kind of determination methods that BMC firmware trusted status is realized based on web interface.The present invention is by the comparison to metric and a reference value, the foundation credible in this, as BMC firmwares are judged, while measurement results credible are intuitively shown in web interface including in web interface obtaining, BMC.
Description
Technical field
The present invention relates to BMC trusted technologies field, specifically one kind realizes the credible shape of BMC firmwares based on web interface
System and determination methods are presented in state.
Background technology
BMC is the abbreviation of baseboard management controller, and server field is widely used at present.Using virtual keyboard,
Interface, mouse, power supply etc. provide remote management capability for server.User monitors the physical features of server using BMC, such as each
Temperature, voltage, fan operating state, power supply supply and cabinet invasion of part etc..But it is based on TPM/TCM technologies existing
In the server for building credible platform, the trusted status of BMC firmwares or BIOS Boot Block etc. can not but pass through BMC
Web interface is intuitively shown, when measurement results are insincere, also can not directly take corresponding control by BMC web interfaces
Behavior.
The content of the invention
Realize that system and judgement is presented in BMC firmwares trusted status based on web interface it is an object of the invention to provide one kind
Method, the trusted status for solving BMC firmwares or BIOS Boot Block etc. but can not be directly perceived by BMC web interfaces
The problem of ground is shown.
The technical scheme adopted by the invention to solve the technical problem is that:One kind realizes that BMC firmwares are credible based on web interface
State presentation system, it is characterized in that, by calling the api interface in intermediate layer to realize the credible shape of BMC firmwares in BMC web interfaces
The presentation of state, including:
BMC firmwares, including kernel modules for the cryptographic Hash of measuring application program and trusted agent program, for spending
The trusted agent mould of the Uboot modules of the cryptographic Hash of amount kernel modules, the cryptographic Hash for measuring BIOS Boot Block
Block, application program;
BIOS Boot Block;With
Contrast module, must be contrasted for carrying out metric and a reference value;With,
Interface display module, for measurement behavior and comparing result to be included in the form of metrics logs and measurement results
Web interface;With,
Starting module, for electric in CPU progress, selection loading operating system.
Further, described a reference value include in BMC firmwares in kernel a reference value, BMC firmwares application program and
A reference value, the BIOS Boot Block a reference value of trusted agent program;
Further, a reference value of the BIOS Boot Block measures BIOS Boot Block Hash for first time
Value.
Further, in BMC firmwares in kernel a reference value and BMC firmwares application program and trusted agent program base
The configuration interface that the acquisition of quasi- value is provided by trusted agent program.
Further, the Uboot measurements kernel of described metric including BMC firmwares cryptographic Hash, BMC firmwares
Kernel measures cryptographic Hash, the trusted agent program of the BMC firmwares measurement BIOS Boot of application program and trusted agent program
Block cryptographic Hash.
Further, described metrics logs include BMC Uboot measurements Kernel daily record, BMC Kernel measurements
Daily record, the BMC trusted agents program measurement BIOS Boot Block daily record of application program.
Further, described selection loading operating system includes restarting, opened into insincere working condition, privilege
It is dynamic.
One kind realizes BMC firmware trusted status determination methods based on web interface, and BMC is realized based on web interface using one kind
System is presented in firmware trusted status, it is characterized in that, specifically include following steps:
1) server master board power supply, is connected, starts BMC;
2), BMC trusted agent program receives the benchmark of kernel a reference value, application program and trusted agent program
Value, obtains a reference value of a reference value of kernel modules, application program and trusted agent program in BMC;
3), the Uboot modules in BMC firmwares measure the cryptographic Hash of kernel modules, kernel modules measurement important application
The cryptographic Hash of program and trusted agent program, obtains the degree of metric, application program and the trusted agent program of kernel modules
Value;
4), BMC trusted agent program receives the cryptographic Hash of measurement BIOS Boot Block for the first time, obtains BIOS
Boot Block a reference value;
5), BMC trusted agent program measurement BIOS Boot Block cryptographic Hash, obtains BIOS Boot Block's
Metric;
6), contrast module is respectively by a reference value and metric, application program and trusted agent program of kernel modules
A reference value and metric, BIOS Boot Block a reference value and metric are contrasted, and judge whether BMC is credible;If base
Quasi- value is consistent with metric contrast, then it represents that BMC is credible;If a reference value contrasts inconsistent with metric, represent that BMC can not
Letter, then carry out step 7) operation;
7) operating system needed for loading, is selected.
Further, step 3) specific method of cryptographic Hash of Uboot modules measurement kernel modules is in operation:
311), the upper electricity of BMC;
312), the measuring procedure in Uboot startup programs calls the soft algorithm measurement BMC of domestic SM3 linux kernel
Kernel programs;
313), metric extends;
314) metric, is stored into the safe space to BMC;
The specific method that kernel modules measure the cryptographic Hash of important application program and trusted agent program is:
321), the measuring procedure in Kernel calls the soft algorithm measurement BMC of domestic SM3 application program and trusted agent journey
Sequence;
322), metric extends;
323) metric, is stored into the safe space to BMC;
Step 4) the operation vacuum metrics BIOS Boot Block specific method of cryptographic Hash is:
41), the trusted agent program in BMC reads BIOS Boot Block codes;
42), the soft algorithms of the domestic SM3 of trusted agent routine call in BMC carry out hash to BIOS Boot Block codes
Computing, obtains a cryptographic Hash.
Further, step 7) load in operation needed for operating system include restarting, into insincere work shape
State, privilege start.
The beneficial effects of the invention are as follows:
The present invention is by the metric to BMC firmwares and the comparison of a reference value, in this, as judging BMC firmwares credibility
Foundation, while measurement results are included in web interface, obtains BMC and credible is intuitively shown in web interface.
Brief description of the drawings
Fig. 1 is system architecture connection figure of the invention;
Fig. 2 is the schematic diagram that measurement results of the present invention are shown in web interface;
Fig. 3 is the schematic diagram that metrics logs of the present invention are shown in web interface;
Fig. 4 is credible determination methods flow chart of the invention.
Embodiment
For the technical characterstic for illustrating this programme can be understood, below by embodiment, and its accompanying drawing is combined, to this hair
It is bright to be described in detail.Following disclosure provides many different embodiments or example is used for realizing the different knots of the present invention
Structure.In order to simplify disclosure of the invention, hereinafter the part and setting of specific examples are described.In addition, the present invention can be with
Repeat reference numerals and/or letter in different examples.This repetition is that for purposes of simplicity and clarity, itself is not indicated
Relation between various embodiments are discussed and/or set.It should be noted that part illustrated in the accompanying drawings is not necessarily to scale
Draw.Present invention omits the description to known assemblies and treatment technology and process to avoid being unnecessarily limiting the present invention.
As shown in figure 1, a kind of realize that system is presented in BMC firmwares trusted status based on web interface, by BMC Web circle
The api interface in intermediate layer is called to realize the presentation of BMC firmware trusted status in face, including:
BMC firmwares, including kernel modules for the cryptographic Hash of measuring application program and trusted agent program, for spending
The trusted agent mould of the Uboot modules of the cryptographic Hash of amount kernel modules, the cryptographic Hash for measuring BIOS Boot Block
Block, application program;
BIOS Boot Block;With
Contrast module, must be contrasted for carrying out metric and a reference value;With,
Interface display module, for measurement behavior and comparing result to be included in the form of metrics logs and measurement results
Web interface;With,
Starting module, for electric in CPU progress, selection loading operating system.
A reference value includes the base of application program and trusted agent program in kernel a reference value, BMC firmwares in BMC firmwares
Quasi- value, BIOS Boot Block a reference value.
BIOS Boot Block a reference value measures BIOS Boot Block cryptographic Hash for first time.
The a reference value of application program and trusted agent program is obtained in kernel a reference value and BMC firmwares in BMC firmwares
The configuration interface provided by trusted agent program is taken to be obtained.
Metric includes the Uboot measurements kernel cryptographic Hash of BMC firmwares, the kernel measurements of BMC firmwares and applies journey
Cryptographic Hash, the trusted agent program of the BMC firmwares measurement BIOS Boot Block cryptographic Hash of sequence and trusted agent program.
As shown in Fig. 2 comparing result is shown in web interface.
As shown in figure 3, metrics logs include BMC Uboot measurements Kernel daily record, BMC Kernel measurement applications
Daily record, the BMC trusted agents program measurement BIOS Boot Block daily record of program.
Selection loading operating system includes restarting, started into insincere working condition, privilege.
As shown in figure 4, one kind realizes BMC firmware trusted status determination methods based on web interface, claim 1-7 is utilized
One kind described in any one realizes that system is presented in BMC firmwares trusted status based on web interface, it is characterized in that, specifically include with
Lower step:
1) server master board power supply, is connected, starts BMC;
2), BMC trusted agent program receives the benchmark of kernel a reference value, application program and trusted agent program
Value, obtains a reference value of a reference value of kernel modules, application program and trusted agent program in BMC;
3), the Uboot modules in BMC firmwares measure the cryptographic Hash of kernel modules, kernel modules measurement important application
The cryptographic Hash of program and trusted agent program, obtains the degree of metric, application program and the trusted agent program of kernel modules
Value;
4), BMC trusted agent program receives the cryptographic Hash of measurement BIOS Boot Block for the first time, obtains BIOS
Boot Block a reference value;
5), BMC trusted agent program measurement BIOS Boot Block cryptographic Hash, obtains BIOS Boot Block's
Metric;
6), contrast module is respectively by a reference value and metric, application program and trusted agent program of kernel modules
A reference value and metric, BIOS Boot Block a reference value and metric are contrasted, and judge whether BMC is credible;If base
Quasi- value is consistent with metric contrast, then it represents that BMC is credible;If a reference value contrasts inconsistent with metric, represent that BMC can not
Letter, then carry out step 7) operation;
7) operating system needed for loading, is selected.
The step 2 of the method for the present invention) operation is to step 5) operation order may be permuted combination, not only it is only limited to
Said sequence and above-mentioned steps.
Step 3) specific method of cryptographic Hash of Uboot modules measurement kernel modules is in operation:
311), the upper electricity of BMC;
312), the measuring procedure in Uboot startup programs calls the soft algorithm measurement BMC of domestic SM3 linux kernel
Kernel programs;
313), metric extends;
314) metric, is stored into the safe space to BMC;
The specific method that kernel modules measure the cryptographic Hash of important application program and trusted agent program is:
321), the measuring procedure in Kernel calls the soft algorithm measurement BMC of domestic SM3 application program and trusted agent journey
Sequence;
322), metric extends;
323) metric, is stored into the safe space to BMC;
Step 4) the operation vacuum metrics BIOS Boot Block specific method of cryptographic Hash is:
41), the trusted agent program in BMC reads BIOS Boot Block codes;
42), the soft algorithms of the domestic SM3 of trusted agent routine call in BMC carry out hash to BIOS Boot Block codes
Computing, obtains a cryptographic Hash.
Step 7) load in operation needed for operating system include restarting, open into insincere working condition, privilege
It is dynamic.User can carry out which kind of system selection enters according to required.
Simply the preferred embodiment of the present invention described above, for those skilled in the art,
Without departing from the principles of the invention, some improvements and modifications can also be made, these improvements and modifications are also regarded as this hair
Bright protection domain.
Claims (10)
1. a kind of realize that system is presented in BMC firmwares trusted status based on web interface, it is characterized in that, by BMC web interfaces
The api interface in intermediate layer is called to realize the presentation of BMC firmware trusted status, including:
BMC firmwares, including kernel modules for the cryptographic Hash of measuring application program and trusted agent program, for measuring
The Uboot modules of the cryptographic Hash of kernel modules, the trusted agent program of cryptographic Hash for measuring BIOS Boot Block,
Application program;
BIOS Boot Block;With
Contrast module, must be contrasted for carrying out metric and a reference value;With,
Interface display module, for measurement behavior and comparing result to be included in web in the form of metrics logs and measurement results
Interface;With,
Starting module, for electric in CPU progress, selection loading operating system.
2. one kind according to claim 1 realizes that system is presented in BMC firmwares trusted status based on web interface, it is characterized in that,
Described a reference value includes the benchmark of application program and trusted agent program in kernel a reference value, BMC firmwares in BMC firmwares
Value, BIOS Boot Block a reference value.
3. one kind according to claim 2 realizes that system is presented in BMC firmwares trusted status based on web interface, it is characterized in that,
The a reference value of the BIOS Boot Block measures BIOS Boot Block cryptographic Hash for first time.
4. one kind according to claim 2 realizes that system is presented in BMC firmwares trusted status based on web interface, it is characterized in that,
In BMC firmwares in kernel a reference value and BMC firmwares the acquisition of a reference value of application program and trusted agent program by can
Believe the configuration interface that Agent is provided.
5. one kind according to claim 1 realizes that system is presented in BMC firmwares trusted status based on web interface, it is characterized in that,
Described metric includes the Uboot measurements kernel of BMC firmwares cryptographic Hash, the kernel measurement application programs of BMC firmwares
And cryptographic Hash, the trusted agent program of the BMC firmwares measurement BIOS Boot Block cryptographic Hash of trusted agent program.
6. one kind according to claim 1 realizes that system is presented in BMC firmwares trusted status based on web interface, it is characterized in that,
The Uboot measurements Kernel of described metrics logs including BMC daily record, the daily record of BMC Kernel measurement application programs,
BMC trusted agents program measurement BIOS Boot Block daily record.
7. one kind according to claim 1 realizes that system is presented in BMC firmwares trusted status based on web interface, it is characterized in that,
Described selection loading operating system includes restarting, started into insincere working condition, privilege.
8. one kind realizes BMC firmware trusted status determination methods based on web interface, using described in claim 1-7 any one
One kind based on web interface realize BMC firmwares trusted status present system, it is characterized in that, specifically include following steps:
1) server master board power supply, is connected, starts BMC;
2), BMC trusted agent program receives a reference value of kernel a reference value, application program and trusted agent program, obtains
The a reference value of a reference value of kernel modules, application program and trusted agent program into BMC;
3), the Uboot modules in BMC firmwares measure the cryptographic Hash of kernel modules, kernel modules measurement important application program
And the cryptographic Hash of trusted agent program, obtain the metric of metric, application program and the trusted agent program of kernel modules;
4), BMC trusted agent program receives the cryptographic Hash of measurement BIOS Boot Block for the first time, obtains BIOS Boot
Block a reference value;
5), BMC trusted agent program measurement BIOS Boot Block cryptographic Hash, obtains BIOS Boot Block measurement
Value;
6), contrast module is respectively by the benchmark of a reference value and metric, application program and trusted agent program of kernel modules
Value and metric, BIOS Boot Block a reference value and metric are contrasted, and judge whether BMC is credible;If a reference value
It is consistent with metric contrast, then it represents that BMC is credible;If a reference value contrasts inconsistent with metric, represent that BMC is insincere, then
Carry out step 7) operation;
7) operating system needed for loading, is selected.
9. one kind according to claim 8 realizes BMC firmware trusted status determination methods based on web interface, it is characterized in that,
Step 3) specific method of cryptographic Hash of Uboot modules measurement kernel modules is in operation:
311), the upper electricity of BMC;
312), the measuring procedure in Uboot startup programs calls the soft algorithm measurement BMC of domestic SM3 linux kernel Kernel journeys
Sequence;
313), metric extends;
314) metric, is stored into the safe space to BMC;
The specific method that kernel modules measure the cryptographic Hash of important application program and trusted agent program is:
321), the measuring procedure in Kernel calls the soft algorithm measurement BMC of domestic SM3 application program and trusted agent program;
322), metric extends;
323) metric, is stored into the safe space to BMC;
Step 4) the operation vacuum metrics BIOS Boot Block specific method of cryptographic Hash is:
41), the trusted agent program in BMC reads BIOS Boot Block codes;
42), the soft algorithms of the domestic SM3 of trusted agent routine call in BMC carry out hash fortune to BIOS Boot Block codes
Calculate, obtain a cryptographic Hash.
10. one kind according to claim 8 realizes BMC firmware trusted status determination methods, its feature based on web interface
Be, step 7) operation in load needed for operating system include restarting, into insincere working condition, privilege start.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710355754.2A CN107193717A (en) | 2017-05-19 | 2017-05-19 | It is a kind of to realize that system and determination methods are presented in BMC firmwares trusted status based on web interface |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710355754.2A CN107193717A (en) | 2017-05-19 | 2017-05-19 | It is a kind of to realize that system and determination methods are presented in BMC firmwares trusted status based on web interface |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107193717A true CN107193717A (en) | 2017-09-22 |
Family
ID=59874227
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710355754.2A Pending CN107193717A (en) | 2017-05-19 | 2017-05-19 | It is a kind of to realize that system and determination methods are presented in BMC firmwares trusted status based on web interface |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107193717A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109446815A (en) * | 2018-09-30 | 2019-03-08 | 华为技术有限公司 | Management method, device and the server of basic input output system firmware |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104615521A (en) * | 2015-01-05 | 2015-05-13 | 浪潮电子信息产业股份有限公司 | Method for testing blue screen capturing function of BMC |
US20160070929A1 (en) * | 2013-06-07 | 2016-03-10 | Amazon Technologies, Inc. | Trusted computing host |
CN105447391A (en) * | 2015-12-09 | 2016-03-30 | 浪潮电子信息产业股份有限公司 | Operating system secure startup method, startup manager and operating system secure startup system |
CN105550579A (en) * | 2016-02-02 | 2016-05-04 | 浪潮电子信息产业股份有限公司 | Method for measuring BMC integrity on basis of TPCM |
CN106127056A (en) * | 2016-06-20 | 2016-11-16 | 浪潮电子信息产业股份有限公司 | A kind of method for designing of domestic BMC chip trusted firmware |
-
2017
- 2017-05-19 CN CN201710355754.2A patent/CN107193717A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20160070929A1 (en) * | 2013-06-07 | 2016-03-10 | Amazon Technologies, Inc. | Trusted computing host |
CN104615521A (en) * | 2015-01-05 | 2015-05-13 | 浪潮电子信息产业股份有限公司 | Method for testing blue screen capturing function of BMC |
CN105447391A (en) * | 2015-12-09 | 2016-03-30 | 浪潮电子信息产业股份有限公司 | Operating system secure startup method, startup manager and operating system secure startup system |
CN105550579A (en) * | 2016-02-02 | 2016-05-04 | 浪潮电子信息产业股份有限公司 | Method for measuring BMC integrity on basis of TPCM |
CN106127056A (en) * | 2016-06-20 | 2016-11-16 | 浪潮电子信息产业股份有限公司 | A kind of method for designing of domestic BMC chip trusted firmware |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109446815A (en) * | 2018-09-30 | 2019-03-08 | 华为技术有限公司 | Management method, device and the server of basic input output system firmware |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109710315B (en) | BIOS (basic input output System) flash writing method and BIOS mirror image file processing method | |
Liu et al. | An In-VM measuring framework for increasing virtual machine security in clouds | |
US10826904B2 (en) | Local verification of code authentication | |
US9292302B2 (en) | Allowing bypassing of boot validation in a computer system having secure boot enabled by default only under certain circumstances | |
CN109714303B (en) | BIOS starting method and data processing method | |
CN110110526B (en) | Safety starting device and method based on safety chip | |
US9465943B2 (en) | Extension of a platform configuration register with a known value | |
CN106384052A (en) | BMC U-boot trusted starting control method | |
CN105550579A (en) | Method for measuring BMC integrity on basis of TPCM | |
CN101488173B (en) | Method for measuring completeness of credible virtual field start-up files supporting non-delaying machine | |
US9286096B2 (en) | Selecting a virtual basis input output system based on information about a software stack | |
US8677110B2 (en) | Termination-log acquiring program, termination-log acquiring device, and termination-log acquiring method | |
CN106874771A (en) | A kind of method and device for building reliable hardware trust chain | |
CN108804927A (en) | Trusted computer platform based on domestic autonomous dual system framework | |
TW201205322A (en) | Computer component power-consumption database | |
CN101377803B (en) | Method and system for implementing start-up protection | |
CN105447391A (en) | Operating system secure startup method, startup manager and operating system secure startup system | |
CN111523112A (en) | Server secure starting method, device, equipment and medium | |
CN109740353A (en) | A kind of credible starting method of the BMC firmware of server | |
CN105046138A (en) | FT-processor based trust management system and method | |
CN107480535A (en) | The reliable hardware layer design method and device of a kind of two-way server | |
EP3185166A1 (en) | Trusted metric method and device | |
CN103488937A (en) | Measuring method, electronic equipment and measuring system | |
CN107193717A (en) | It is a kind of to realize that system and determination methods are presented in BMC firmwares trusted status based on web interface | |
WO2012148255A1 (en) | An apparatus and method for determining level of integrity in a virtual trusted platform module |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170922 |