TWI478003B - Computer system data protection device and method - Google Patents
Computer system data protection device and method Download PDFInfo
- Publication number
- TWI478003B TWI478003B TW099140261A TW99140261A TWI478003B TW I478003 B TWI478003 B TW I478003B TW 099140261 A TW099140261 A TW 099140261A TW 99140261 A TW99140261 A TW 99140261A TW I478003 B TWI478003 B TW I478003B
- Authority
- TW
- Taiwan
- Prior art keywords
- chip
- basic input
- output system
- output
- pin
- Prior art date
Links
Landscapes
- Storage Device Security (AREA)
Description
本發明涉及一種電腦系統資料保護裝置及方法,尤其涉及一種用於電腦系統中基本輸入輸出系統(basic input output system, BIOS)之資料保護裝置及方法。The invention relates to a computer system data protection device and method, in particular to a data protection device and method for a basic input output system (BIOS) in a computer system.
現今的電腦系統中,主機板上之BIOS晶片為電腦提供最基本、最直接之硬體控制。它主要用於存放自診斷測試程式、系統自舉裝入程式、系統設置程式及中斷服務程式等必不可少之基本程式。一旦BIOS晶片出現問題,電腦便無法執行大多數基本功能。 習知之用於保護BIOS晶片之方法主要有軟體保護與硬體保護兩種。軟體保護主要是利用軟體於BIOS晶片內之BP0、BP1、BP2及SRWD(status register write disable)暫存器設置保護程式,以對BIOS晶片內之部分或全部區塊(block)進行保護。然而,由於BIOS晶片規格之公開,以使得習知之軟體保護形同虛設,隨時可能遭受病毒之攻擊而導致資料破壞,其安全性較低。In today's computer systems, the BIOS chip on the motherboard provides the most basic and direct hardware control for the computer. It is mainly used to store essential programs such as self-diagnostic test programs, system bootloaders, system setup programs, and interrupt service programs. Once there is a problem with the BIOS chip, the computer will not be able to perform most of the basic functions. The methods used to protect BIOS chips are mainly software protection and hardware protection. The software protection mainly uses the BP0, BP1, BP2 and SRWD (status register write disable) register protection programs in the BIOS chip to protect some or all blocks in the BIOS chip. However, due to the disclosure of the BIOS chip specifications, the conventional software protection is ineffective, and it is likely to be attacked by viruses at any time, resulting in data corruption, and its security is low.
硬體保護係於軟體保護之基礎上利用跳帽來控制BIOS晶片中寫入保護引腳WP#(write protection)之電平,以保護BIOS晶片。然而,採用該種保護方法時,用戶必須經常調節跳帽,才能確保BIOS晶片處於硬體保護模式,其操作較為繁瑣。另外,若BIOS晶片一直處於硬體保護模式,則BIOS程式無法向BIOS晶片更新資料,使得電腦無法執行很多基本功能。The hardware protection is based on the software protection. The jump cap is used to control the level of the write protection pin WP# (write protection) in the BIOS chip to protect the BIOS chip. However, when adopting this protection method, the user must frequently adjust the jump cap to ensure that the BIOS chip is in the hardware protection mode, and the operation is cumbersome. In addition, if the BIOS chip is always in the hardware protection mode, the BIOS program cannot update the data to the BIOS chip, so that the computer cannot perform many basic functions.
有鑒於此,有必要提供一種操作簡單且安全性較高之電腦系統資料保護裝置。In view of this, it is necessary to provide a computer system data protection device that is simple in operation and high in security.
另外,有必要提供一種電腦系統資料保護方法。In addition, it is necessary to provide a data protection method for computer systems.
一種電腦系統資料保護裝置,設置於電腦系統內,包括基本輸入輸出系統晶片及主控晶片,該基本輸入輸出系統晶片內存儲有基本輸入輸出系統程式,基本輸入輸出系統晶片包括寫入保護引腳,所述主控晶片包括通用輸入/輸出引腳;該基本輸入輸出系統晶片內設置有暫存器,該通用輸入/輸出引腳連接至寫入保護引腳,藉由編寫基本輸入輸出系統程式,以設置通用輸入/輸出引腳之電壓,並相應設置該暫存器之狀態,進而對基本輸入輸出系統晶片進行保護或解除保護。A computer system data protection device is disposed in a computer system, comprising a basic input/output system chip and a main control chip. The basic input/output system chip stores a basic input/output system program, and the basic input/output system chip includes a write protection pin. The main control chip includes a general-purpose input/output pin; the basic input/output system chip is provided with a register, and the general-purpose input/output pin is connected to the write protection pin by writing a basic input/output system program. To set the voltage of the general-purpose input/output pin and set the state of the register accordingly, thereby protecting or unprotecting the basic input/output system chip.
一種電腦系統資料保護方法,該方法包括以下步驟:編寫基本輸入輸出系統程式,並調用該基本輸入輸出系統程式,以執行相應功能;藉由基本輸入輸出系統程式將該通用輸入/輸出引腳之電壓設置為高電平,同時將暫存器設置為可讀寫狀態,以使得該基本輸入輸出系統進行寫入動作;對基本輸入輸出系統晶片內之資料進行更新;當資料更新完畢後,將通用輸入/輸出引腳之電壓設置為低電平,同時將暫存器設置為晶片保護狀態,以對基本輸入輸出系統晶片之內容進行保護,防止病毒之攻擊及其內部資料之破壞。A computer system data protection method, the method comprising the steps of: writing a basic input/output system program, and calling the basic input/output system program to perform a corresponding function; and the universal input/output pin by a basic input/output system program The voltage is set to a high level, and the register is set to a readable and writable state, so that the basic input/output system performs a write operation; the data in the basic input/output system chip is updated; when the data is updated, The general-purpose I/O pin voltage is set low and the scratchpad is set to the chip protection state to protect the contents of the basic I/O system chip from viruses and internal data corruption.
上述電腦系統資料保護裝置藉由將主控晶片中之通用輸入/輸出引腳連接至寫入保護引腳。如此可藉由編寫基本輸入輸出系統程式,以自動改變寫入保護引腳之狀態,以對該基本輸入輸出系統晶片進行有效之保護,進而防止病毒之攻擊及其內部資料之破壞。該電腦系統資料保護裝置不需要利用跳帽來固定寫入保護引腳之電壓,其安全性更高,且操作更為靈活及方便。The computer system data protection device described above is connected to the write protection pin by a general purpose input/output pin in the master wafer. In this way, by writing a basic input/output system program, the state of the write protection pin is automatically changed to effectively protect the basic input/output system chip, thereby preventing virus attack and destruction of internal data. The computer system data protection device does not need to use a jump cap to fix the voltage of the write protection pin, and the security is higher, and the operation is more flexible and convenient.
請參閱圖1,本發明較佳實施方式提供一種電腦系統資料保護裝置100,可設置於習知電腦系統200內。該電腦系統資料保護裝置100包括基本輸入輸出系統(basic input output system,BIOS)晶片11及主控晶片12。Referring to FIG. 1 , a preferred embodiment of the present invention provides a computer system data protection device 100 that can be disposed in a conventional computer system 200 . The computer system data protection device 100 includes a basic input output system (BIOS) chip 11 and a master wafer 12.
該BIOS晶片11可為可抹除可編程唯讀記憶體(erasable programmable read only memory,EPROM)、可編程唯讀記憶體(programmable read only memory,PROM)或快閃記憶體(flash memory)。該BIOS晶片11內設置有BP0、BP1、BP2及SWRD(status register write disable)等多個暫存器,且該BIOS晶片11內存儲有BIOS程式。藉由調用該BIOS程式,可使得該電腦系統200正常開機,並使得電腦系統200內之部件例如記憶體、硬碟機、中央處理器等初始化,並進行正常之運作。該BIOS晶片11包括寫入保護(write protect)引腳WP#。The BIOS chip 11 can be an erasable programmable read only memory (EPROM), a programmable read only memory (PROM) or a flash memory. A plurality of registers such as BP0, BP1, BP2, and SWRD (status register write disable) are provided in the BIOS chip 11, and a BIOS program is stored in the BIOS chip 11. By calling the BIOS program, the computer system 200 can be normally turned on, and components in the computer system 200 such as a memory, a hard disk drive, a central processing unit, and the like are initialized and normally operated. The BIOS chip 11 includes a write protect pin WP#.
該主控晶片12為南橋晶片,其包括複數通用輸入/輸出(general purpose input output,GPIO)引腳,其中GPIO引腳GPIO72連接至所述寫入保護引腳WP#。當通過編寫BIOS程式,以將該GPIO引腳GPIO72之電壓設置為低電平,並將BP0、BP1、BP2及SWRD暫存器設置為晶片保護狀態時,則與GPIO引腳GPIO72相連之寫入保護引腳WP#之電壓為低電平。此時,可鎖定該BIOS晶片11,以對該BIOS晶片11內之全部區塊(block)進行保護,進而防止病毒之攻擊及其內資料之破壞。反之,藉由將GPIO引腳GPIO72之電壓設置為高電平,並將BP0、BP1、BP2及SWRD暫存器設置為可寫入狀態時,可解除對該BIOS晶片11的保護,以對該BIOS晶片11內之資料進行更新,並使得電腦系統200執行相應功能。The master wafer 12 is a south bridge wafer including a plurality of general purpose input output (GPIO) pins, wherein the GPIO pin GPIO72 is connected to the write protection pin WP#. When the BIOS program is programmed to set the GPIO pin GPIO72 to a low level and the BP0, BP1, BP2, and SWRD registers are set to the chip protection state, the GPIO pin GPIO72 is connected to the write. The voltage of the protection pin WP# is low. At this time, the BIOS chip 11 can be locked to protect all the blocks in the BIOS chip 11, thereby preventing virus attack and destruction of data therein. Conversely, by setting the voltage of the GPIO pin GPIO72 to a high level and setting the BP0, BP1, BP2, and SWRD registers to a writable state, the protection of the BIOS chip 11 can be released to The data in the BIOS chip 11 is updated and causes the computer system 200 to perform the corresponding functions.
請一併參閱圖2,本發明較佳實施方式之電腦系統資料保護方法具體包括以下步驟:Referring to FIG. 2 together, the computer system data protection method according to the preferred embodiment of the present invention specifically includes the following steps:
首先,編寫BIOS程式,並藉由電腦系統200調用該BIOS程式,以執行相應功能,如執行POST(power on self test)測試。其次,藉由BIOS程式將該GPIO引腳GPIO72之電壓設置為高電平,並將BP0、BP1、BP2及SWRD暫存器設置為可讀寫狀態,以使得該BIOS晶片11可進行寫入動作。再次,對該BIOS晶片11內之資料進行更新;當資料更新完畢後,再將GPIO引腳GPIO72之電壓設置為低電平,同時將BP0、BP1、BP2、SWRD暫存器設置晶片保護狀態,以鎖定對BIOS晶片11,並對BIOS晶片11之內容進行保護,進而防止病毒之攻擊及其內資料之破壞。First, a BIOS program is written and the BIOS program is invoked by the computer system 200 to perform a corresponding function, such as performing a POST (power on self test) test. Secondly, the voltage of the GPIO pin GPIO72 is set to a high level by the BIOS program, and the BP0, BP1, BP2, and SWRD registers are set to a read/write state, so that the BIOS chip 11 can perform a write operation. . Again, the data in the BIOS chip 11 is updated; after the data is updated, the voltage of the GPIO pin GPIO72 is set to a low level, and the BP0, BP1, BP2, and SWRD registers are set to the chip protection state. The BIOS chip 11 is locked and the contents of the BIOS chip 11 are protected, thereby preventing the attack of the virus and the destruction of the data therein.
可理解,後續需要再對該BIOS晶片11進行資料更新時,僅需再次調用該BIOS程式即可。It can be understood that when the data update of the BIOS chip 11 is needed later, the BIOS program only needs to be called again.
顯然,本發明項所述之電腦系統資料保護裝置100藉由將主控晶片12中之GPIO引腳GPIO72連接至寫入保護引腳WP#。如此可藉由編寫BIOS程式,以自動改變寫入保護引腳WP#之狀態,以對該BIOS晶片11進行有效之保護,進而防止病毒之攻擊及其內部資料之破壞。該電腦系統資料保護裝置100不需要利用跳帽來固定寫入保護引腳WP#之電壓,其安全性更高,操作更為靈活及方便。It is apparent that the computer system data protection device 100 of the present invention connects the GPIO pin GPIO72 in the master wafer 12 to the write protection pin WP#. Thus, by writing a BIOS program, the state of the write protection pin WP# is automatically changed to effectively protect the BIOS chip 11, thereby preventing virus attack and destruction of internal data. The computer system data protection device 100 does not need to use a jump cap to fix the voltage of the write protection pin WP#, which is more secure and more flexible and convenient to operate.
100...電腦系統資料保護裝置100. . . Computer system data protection device
200...電腦系統200. . . computer system
11...BIOS晶片11. . . BIOS chip
12...主控晶片12. . . Master chip
WP#...寫入保護引腳WP#. . . Write protection pin
GPIO72...GPIO引腳GPIO72. . . GPIO pin
圖1為本發明較佳實施方式之電腦系統資料保護裝置之功能框圖。1 is a functional block diagram of a data protection device for a computer system according to a preferred embodiment of the present invention.
圖2為本發明較佳實施方式之電腦系統保護方法之流程圖。2 is a flow chart of a method for protecting a computer system according to a preferred embodiment of the present invention.
100...電腦系統資料保護裝置100. . . Computer system data protection device
200...電腦系統200. . . computer system
11...BIOS晶片11. . . BIOS chip
12...主控晶片12. . . Master chip
WP#...寫入保護引腳WP#. . . Write protection pin
GPIO72...GPIO引腳GPIO72. . . GPIO pin
Claims (6)
編寫基本輸入輸出系統程式,並調用該基本輸入輸出系統程式,以執行相應功能;
藉由基本輸入輸出系統程式將通用輸入/輸出引腳之電壓設置為高電平,同時將暫存器設置為可讀寫狀態,以使得該基本輸入輸出系統進行寫入動作;
對基本輸入輸出系統晶片內之資料進行更新;
當資料更新完畢後,將通用輸入/輸出引腳之電壓設置為低電平,同時將暫存器設置為晶片保護狀態,以對基本輸入輸出系統晶片之內容進行保護,防止病毒之攻擊及內部資料之破壞。A method of using a computer system data protection device according to any one of claims 1-5, wherein the method comprises the following steps:
Writing a basic input/output system program and calling the basic input/output system program to perform the corresponding functions;
The basic input/output system program is used to set the voltage of the general-purpose input/output pin to a high level, and the register is set to a read/write state, so that the basic input/output system performs a write operation;
Update the data in the basic input and output system chip;
After the data is updated, the voltage of the general-purpose input/output pin is set to a low level, and the scratchpad is set to the chip protection state to protect the contents of the basic input/output system chip to prevent virus attack and internal The destruction of the data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW099140261A TWI478003B (en) | 2010-11-22 | 2010-11-22 | Computer system data protection device and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW099140261A TWI478003B (en) | 2010-11-22 | 2010-11-22 | Computer system data protection device and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| TW201222316A TW201222316A (en) | 2012-06-01 |
| TWI478003B true TWI478003B (en) | 2015-03-21 |
Family
ID=46725186
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| TW099140261A TWI478003B (en) | 2010-11-22 | 2010-11-22 | Computer system data protection device and method |
Country Status (1)
| Country | Link |
|---|---|
| TW (1) | TWI478003B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TWI682397B (en) * | 2018-12-12 | 2020-01-11 | 新唐科技股份有限公司 | Data processing system and data processing method |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070079094A1 (en) * | 2005-09-30 | 2007-04-05 | Hon Hai Precision Industry Co., Ltd. | System and method for enabling/disabling write-protection of a basic input output system |
| TW201015302A (en) * | 2008-10-09 | 2010-04-16 | Hon Hai Prec Ind Co Ltd | Computer motherboard and power-on self-test method thereof |
| US20100191905A1 (en) * | 2007-07-06 | 2010-07-29 | Toshiba Storage Device Corporation | Storage device, control method and controller |
-
2010
- 2010-11-22 TW TW099140261A patent/TWI478003B/en not_active IP Right Cessation
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070079094A1 (en) * | 2005-09-30 | 2007-04-05 | Hon Hai Precision Industry Co., Ltd. | System and method for enabling/disabling write-protection of a basic input output system |
| US20100191905A1 (en) * | 2007-07-06 | 2010-07-29 | Toshiba Storage Device Corporation | Storage device, control method and controller |
| TW201015302A (en) * | 2008-10-09 | 2010-04-16 | Hon Hai Prec Ind Co Ltd | Computer motherboard and power-on self-test method thereof |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TWI682397B (en) * | 2018-12-12 | 2020-01-11 | 新唐科技股份有限公司 | Data processing system and data processing method |
Also Published As
| Publication number | Publication date |
|---|---|
| TW201222316A (en) | 2012-06-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP6306578B2 (en) | Memory protection device and protection method | |
| US9767272B2 (en) | Attack Protection for valid gadget control transfers | |
| EP2880587B1 (en) | Methods, systems, and computer readable medium for active monitoring, memory protection and integrity verification of target devices | |
| Blass et al. | TRESOR-HUNT: attacking CPU-bound encryption | |
| TWI550436B (en) | Using a trusted platform module for boot policy and secure firmware | |
| Duflot et al. | Using CPU system management mode to circumvent operating system security functions | |
| US10445255B2 (en) | System and method for providing kernel intrusion prevention and notification | |
| EP3238070B1 (en) | Memory protection with non-readable pages | |
| Potlapally | Hardware security in practice: Challenges and opportunities | |
| JP5335634B2 (en) | Computer that protects the privilege level of system administration mode | |
| TW201535145A (en) | System and method to store data securely for firmware using read-protected storage | |
| US9697354B2 (en) | System and method for secure SMI memory services | |
| US10114948B2 (en) | Hypervisor-based buffer overflow detection and prevention | |
| JP2010218428A (en) | External storage device and method for controlling same | |
| TW201821998A (en) | Memory protection logic | |
| US8510501B2 (en) | Write-protection system and method thereof | |
| WO2017099922A1 (en) | System management mode disabling and verification techniques | |
| US10565141B1 (en) | Systems and methods for hiding operating system kernel data in system management mode memory to thwart user mode side-channel attacks | |
| Zhou et al. | Good motive but bad design: Why ARM MPU has become an outcast in embedded systems | |
| TWI478003B (en) | Computer system data protection device and method | |
| RU151429U1 (en) | COMPUTER WITH PROTECTED DATA STORAGE | |
| US20060136608A1 (en) | System and method for control registers accessed via private operations | |
| US10754967B1 (en) | Secure interrupt handling between security zones | |
| KR100856467B1 (en) | Computer virus protection system and method of the same | |
| RU2538287C2 (en) | Method of checking computer with antivirus in uefi at early stage of booting computer |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| MM4A | Annulment or lapse of patent due to non-payment of fees |