CN101526981A - System and method for processing basic input/output system - Google Patents

System and method for processing basic input/output system Download PDF

Info

Publication number
CN101526981A
CN101526981A CN200810082693A CN200810082693A CN101526981A CN 101526981 A CN101526981 A CN 101526981A CN 200810082693 A CN200810082693 A CN 200810082693A CN 200810082693 A CN200810082693 A CN 200810082693A CN 101526981 A CN101526981 A CN 101526981A
Authority
CN
China
Prior art keywords
security module
computing system
basic input
output
bios
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN200810082693A
Other languages
Chinese (zh)
Inventor
丹·摩瑞
尼尔·泰沙尔
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Winbond Electronics Corp
Original Assignee
Winbond Electronics Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Winbond Electronics Corp filed Critical Winbond Electronics Corp
Priority to CN201510987780.8A priority Critical patent/CN105608371A/en
Priority to CN200810082693A priority patent/CN101526981A/en
Publication of CN101526981A publication Critical patent/CN101526981A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)
  • Stored Programmes (AREA)

Abstract

The invention discloses a method and a system for processing a basic input/output system (BIOS) such as a Hash, and the like. In a computing system of an embodiment, a direct interface is arranged between a security module and a non-volatile memory storing the BIOS so that the security module can access the BIOS directly without using a central processing unit (CPU) as an intermediate. In the embodiment, the security module is supplied with electricity by a standby power, thus the BIOS processing can be started even when a computing system is not switched on.

Description

Be used for system and method that basic input/output is handled
Technical field
The invention relates to computing system safety, particularly about being used for system and the method that basic input/output is handled.
Background technology
Usually, there are three kinds of possible power states in computing system.First power state is power supply state not, when this situation occurs in computing system and is not connected to any power source.Second power state is the stand-by electric state, be also referred to as Soft Off (G2/S5) or dormancy (the non-volatile sleep of S4) pattern, this situation occurs in computing system and (for example is connected to power supply, be inserted in the supply socket or master battery pack is in the electric battery groove) but during computing system access failure (also promptly, not being powered).The 3rd power state is a "on" position, when this situation occurs in computing system and is powered (also promptly, connect).
Reseting of computing system can, (it for example for example to reset (cold boot host platformreset) with the cold start-up host platform, be included in the start selftest of connecting after the computing system), the hardware host platform resets and (also is, reseting of computing system assembly) or heat (being also referred to as soft) start host platform and reset (what also promptly, software caused resets).After reseting computing system, next be usually (but may not) short reseting the cycle.During reseting, host Central Processing Unit (CPU) CPU in the computing system and not enabled.(Basic Input/Output System BIOS) is used in software program code and/or the data of reseting end back initial calculation system (also promptly, starting computing system) for the host CPU in the computing system basic input/output.
For the integrity checking of executive system, after during reseting, finishing, can measure the part or all of of (for example, Hash) BIOS.The execution that BIOS measures postpones the execution of BIOS and with the loading of back operation system.
After having finished during reseting, host CPU possibility Hash BIOS's is part or all of.Perhaps, after having finished during reseting, host CPU can use another module, this module is preferable can be at this moment between point carry out the Hash of BIOS more quickly than CPU.
The security module of a type that can be used for checking the integrality of BIOS is that (Trusted Platform Module, TPM), it meets one or more believable computation organization (TrustedComputing Group, TCG) standard to reliable platform module.
In the TCG standard, (core root of trust formeasurement CRTM) is the constant part of computing equipment initialization program code to the static credible core root of tolerance, and this constant part is to be reset the back at computing system to carry out.The confidence level of host platform (host platform comprises that mainboard, host CPU, main frame measure trusted root RTM, TPM, and the All hosts peripheral device that is attached to mainboard) is based on static CRTM and decides.In one implemented, BIOS bootstrap block piece was called as static CRTM.After having finished during reseting, the static CRTM that is carried out by CPU is with the initialization of TPM driver, and host CPU uses this TPM driver to come TPM is read, writes and controls.CPU reads the fragment (non-static CRTM) of BIOS and this fragment of BIOS is delivered to TPM to be used for Hash.This fragment of TPM Hash BIOS.CPU reads the fragment through the BIOS of Hash, and in the BIOS of Hash fragment or its function are stored in one or more platform configuration registers PCR among the TPM.Perhaps, TPM will be stored among one or more PCR through the BIOS of Hash fragment or its function.
Summary of the invention
According to the present invention, a kind of method that basic input/output BIOS handles of carrying out in computing system is provided, comprise: the security module in computing system read via interface BIOS in the nonvolatile memory that is stored in the computing system to small part, this interface directly connects security module and nonvolatile memory; And security module treatments B IOS should be to small part.
According to the present invention, a kind of method that basic input/output BIOS handles of carrying out in computing system also is provided, comprising: the security module in computing system induces stand-by electric and become available after unavailable; Security module then via interface read BIOS in the nonvolatile memory that is stored in the computing system to small part, this interface directly connects security module and nonvolatile memory; And security module treatments B IOS should be to small part.
According to the present invention, a kind of system that basic input/output BIOS handles that is used for further is provided, comprising: nonvolatile memory, its through configuration to store BIOS; Security module, its through configuration with read BIOS to small part and through configuration with treatments B IOS should be to small part; And interface, it is directly connected between security module and the nonvolatile memory.
According to the present invention, a kind of security module that basic input/output BIOS handles that is used for further is provided again, comprising: sensor, its through configuration to respond to a triggering that is used to read to small part BIOS; Extraction module, to read being somebody's turn to do to small part of BIOS via interface from the nonvolatile memory that stores BIOS sensed triggering at sensor after, this interface is directly connected between nonvolatile memory and the security module through configuration for it; And processing module, its through configuration with this of treatments B IOS be read to small part.
Description of drawings
Fig. 1 is the calcspar that has the computing system of BIOS processing according to an embodiment of the invention.
Fig. 2 is the calcspar that has another computing system of BIOS processing according to an embodiment of the invention.
Fig. 3 is for being used for the method flow diagram that BIOS handles according to an embodiment of the invention.
Fig. 4 is for being used for the method flow diagram that BIOS handles according to an embodiment of the invention.
Fig. 5 is the calcspar of security module according to an embodiment of the invention.
Drawing reference numeral:
100: computing system framework/computing system
102: host Central Processing Unit (CPU) CPU
104: nonvolatile memory
106: security module
108: the remainder/block of computing system
122: interface/bus
132: interface/directly connect
200: computing system framework/computing system
222: interface/bus
232: interface/directly connect
300: method/process
302: the stage
304: the stage
306: the stage
308: the stage
400: method/process
402: the stage
404: the stage
406: the stage
408: the stage
502: induction module/sensor
504: extraction module
506: processing module
508: storer
Embodiment
Describe herein and be used for the embodiment of the invention that BIOS handles.
Term as used herein " computing system " comprises any system that comprises basic input/output (BIOS).
Some embodiments of the present invention mainly are disclosed as a kind of method, and generally have the knack of this skill person should be understood that such as incorporating into database is arranged, the device of the available data processor of software and other suitable assemblies can through sequencing or in addition through design to help the enforcement of certain methods embodiment of the present invention.
Some embodiments of the present invention can use (with odd number or plural forms) such as term such as processor, device, computing system, computing machine, equipment, system, subsystem, module, unit, engines to be used to carry out the operation of this paper.These terms (in due course) expression is through any combination of configuration with software, hardware and/or the firmware of the execution operation that this paper defined and explained.Module (or above the corresponding term of appointment) can be through specific construction syllabus to be used for, or it can comprise general-purpose computing system, and this general-purpose computing system is optionally started or reconfiguration by the computer program that is stored in this computing system.This computer program can be stored in the computer readable storage medium.
Method/processing/the module that is presented among some embodiment herein (or above the corresponding term of appointment) and show not to be inherently about any specific calculation system or other devices, unless special provision in addition.Various general-purpose systems can be according to the teachings of this paper and are used with program, or this system provable its for the more professional device of construction carry out the method for wanting for easily.
Fig. 1 illustrates computing system framework 100 according to an embodiment of the invention.Computing system 100 comprises: host Central Processing Unit (CPU) CPU (being also referred to as processor or microprocessor) 102; Nonvolatile memory 104 wherein stores BIOS at least; Security module 106; And the remainder 108 of computing system.
In one embodiment, nonvolatile memory NVM 104 is for having any suitable storer of write capability, and it keeps its content with content when outage.Example can be wiped programmble read only memory PROM EEPROM, the random access memory ram, flash memory, semiconductor memory, magnetic storage, optical memory by battery-powered, above all any combination etc. particularly including: electricity.
NVM 104 comprises by the employed BIOS of host CPU and starts computing system 100.Decide on embodiment, NVM 104 can store bios program code and/or data.It should be noted that term used herein " BIOS " expression bios program code and/or data (in due course).NVM 104 can also store other according to circumstances.For example, in one embodiment, NVM 104 is storage safe module 106 employed program code and/or data also.
In one embodiment, as hereinafter will describing in more detail, security module 106 through configuration with among the treatments B IOS some or all.Handling type not limited by the present invention.The present invention handles any effect that may have the operation subsequently of computing system to BIOS and does not apply any restriction.
Decide on embodiment, security module 106 may have or may not have with BIOS handles irrelevant additional functionality.
In certain embodiments, security module 106 can be regarded as reliable platform module (TPM), this is that described standard is corrected every now and then because it meets one or more believable computation organization (TCG) standard, except the part (if the words that have) of conflicting with the description of this paper.For example, in these embodiment one in, security module 106 can be regarded as TPM, this is because it meets following standard, in its previous version or its future version any one, except the part (if the words that have) of conflicting: www.trustedcomputinggroup.org/specs/TPM/Main_Part1_Rev94 .zip with the description of this paper, www.trustedcomputinggroup.org/specs/TPM/Main_Part2 Rev94.zip, www.trustedcomputinggroup.org/specs/TPM/Main_Part3_Rev94 .zip, www.trustedcomputinggroup.org/groups/pc_client/TCG_PCCli entTPMSpecification_1-20_1-00_FINAL.pdf, www.trustedcomputinggroup.org/groups/TCG_1_0_Architectur e_Overview.pdf, and www.trustedcomputinggroup.org/specs/PCClient/TCG_PCClien tImplementationforBIOS_1-20_1-00.pdf.These standards are incorporated in mode as a reference hereby.In these embodiment one in, BIOS one meets the BIOS of TCG.
As known in the art, block 108 comprises every other module, and these modules comprise the entity platform of the computing system 100 that is used for any specific embodiment.
Illustrated as Fig. 1, host CPU 102 is communicated by letter with NVM 104, security module 106 and block 108 via one or more interface 122.In computing system 100, because security module 106 is connected to NVM 104 via interface 132 direct interfaces, so security module 106 does not rely on CPU 102 from primary access NVM 104.
In certain embodiments, interface 132 comprises one or more sideband, and wherein sideband represents not use the interface of host computer system resource.For example, interface 132 can comprise one or more separate connection, maybe can use one or more particular protocol that connects existing.In these embodiment one in, interface 132 comprises one or more computer bus that separates with bus 122.In these embodiment one in, interface 132 comprises the bus faster than bus 122.For example, in these embodiment one in, bus 122 can comprise low pin number lpc bus, and interface 132 can comprise serial circumference interface SPI.
In another embodiment, interface 132 comprises via one or more of bus 122 and directly connects (also promptly, bus 122 is connected 132 through adjusting to be included in direct between NVM 104 and the security module 106).
In one embodiment, security module 106 is in the same entity encapsulation with NVM 104.Security module 106 provides extra anti-protection of distorting in this embodiment with the integration of NVM 104 because the assailant can't under the situation of not changing security module 106, use invaded, do not obtain platform manufacturer and/or owner and authorize and/or agree that the bios version that uses substitutes the BIOS among the NVM 104.Therefore, this integration provides (for example) anti-protection of heavily sending attack (also promptly, attempt heavily to send BIOS than legacy version).According to circumstances, suppose that other also are stored among the NVM 104, also can more preferably protect in these other at least some to avoid distorting to the use of security module 106 and NVM 104 in the encapsulation of same entity.
Fig. 2 discloses another computing system framework 200 according to the embodiment of the invention.Be similar to computing system 100, computing system 200 comprises the remainder 108 of aforesaid host CPU 102, BIOS NVM 104, security module 106 and computing system, and in module 102,104,106 and 108 each can be constituted by any of software, hardware and/or firmware that can carry out the function that this paper defined and explained.Yet in computing system 200, CPU 102 is connected to security module 106 and block 108 via one or more interface 222.In computing system 200, CPU 102 is not connected to NVM 104 via interface 222, but alternatively, CPU 102 is connected to NVM 104 indirectly via security module 106.
In certain embodiments, interface 122,222 comprises one or more computer bus.Decide on embodiment, interface 122,222 can comprise (for example) lpc bus, isa bus, pci bus, above all any combination, and/or any other suitable bus.
In computing system 200, because security module 106 is connected to NVM104 via interface 232 direct interfaces, so security module 106 does not rely on CPU 102 from primary access NVM 104.
In certain embodiments, interface 232 comprises one or more sideband, and wherein sideband represents not use the interface of host computer system resource.For example, interface 232 can comprise one or more separate connection, maybe can use one or more particular protocol on existing the connection.In these embodiment one in, interface 232 comprises one or more computer bus that separates with bus 222.In these embodiment one in, interface 232 comprises the bus faster than bus 222.For example, in these embodiment one in, bus 222 can comprise low pin number lpc bus, and interface 232 can comprise serial circumference interface SPI.
In another embodiment, interface 232 comprises via one or more of bus 222 and directly connects (also promptly, bus 222 is connected 232 through adjusting to be included in direct between NVM 104 and the security module 106).
Oversimplify interface 122,132,222,232 the interfaces that are hereinafter referred to as singulative 122 for making to describe at this paper, 132,222,232, and should be understood to include and have single face 122,132,222,232 and the embodiment of a plurality of interface 122,132,222,232.
Now presenting can be by computing system 100 and/or the computing system 200 special method embodiment that carry out.
Fig. 3 explanation is used for the process flow diagram of the method 300 of BIOS processing according to an embodiment of the invention.In one embodiment, method 300 is carried out by security module 106.Decide on embodiment, the security module 106 of manner of execution 300 may only possess electric power after computing system 100 or 200 has been switched on, maybe may possess stand-by electric (means as long as computing system 100 or 200 is connected to power supply, for example, be inserted in the supply socket or master battery pack is in the electric battery groove, then security module 106 possesses electric power, and no matter whether on of computing system 100 or 200).
In the stage 302, security module 106 is sensed computing system 100 or 200 and has been reset (also promptly, having a main frame resets).For example, in one embodiment, when computing system 100 or 200 was reset, security module 106 received the LRESET input signal.For example, in one embodiment, security module 106 proceeds to the stage 304 after having reseted immediately and (also is sensing computing system, may in addition during reseting in carry out), yet, in another embodiment, may the life period retardation between stage 302 and stage 304.In the stage 304, security module 106 reads the BIOS fragment via interface 132 or 232 from NVM 104, and handles the BIOS fragment that this read in the stage 306.
In certain embodiments, the BIOS in the stage 306 handles and comprises the BIOS fragment that measurement is read.Among some embodiment in these embodiment, BIOS measures and comprises the BIOS fragment that Hash reads.Usually, Hash comprises the application uni-directional function, makes the assailant to judge for the specific input information of Hash result and can't have the ability that replacement will produce the different input informations of same measurement by this by computing method.For example, in having some embodiment of Hash, the hash function that is used for the BIOS fragment that Hash reads is according to by US government standard office's national standard and technological associations (National Institute of Standards and Technology) the disclosed SHA standard of NIST.Continue the example among one among these embodiment, use the SHA-1 cryptographic hash especially.In other embodiments, security module 106 can be carried out other the part or all of processing to BIOS additionally or alternati.
In the optional stage 308, (for example, the BIOS Hash) result or its function are stored in the storer, for example in the security module 106 in the BIOS processing.Can (for example) carry out the storage that result or its function are delivered to storer by security module 106.
In security module 106 is among the embodiment of TPM, and TPM is stored to the BIOS Hash result one or more platform configuration registers PCR in the TPM in the stage 308, for example among PCR (0) and/or the PCR (1).
In one embodiment, security module 106 in the stage 304 via interface 132 or 232 and read the fragment of BIOS from NVM104, in the stage 306, handle the fragment that this read, and (also promptly, before for another fragment duplication stages 304,306 and selectable 308) was stored in intermediate treatment result or its function in the storer in the stage 308 before security module 106 reads another fragment of BIOS according to circumstances.In another embodiment, only once and handling before any one of all BIOS fragments that appointment is used for handling working time 304, security module 106 reads these fragments via interface 132 or 232 from NVM104.In another embodiment, all BIOS fragments that are used for being handled by security module 106 through appointment can be carried out at the single of stage 304 and 306 and be read together and handle.In one embodiment, can in the stage 308, be stored in the storer from the intermediate treatment result of each BIOS fragment or its function and final process result or its function (processing by all fragments of facilitating net result is resultant), and in another embodiment, only final process result or its function were stored in the storer in the stage 308.In another embodiment, the stage 308 can be omitted, and result or its function may not be stored.
In one embodiment, only read and the fragment of treatments B IOS program code.In another embodiment, the fragment of treatments B IOS data only.In another embodiment, read and treatments B ios code section, and therefore obtain independently final process result in the mode of separating with the BIOS data slot.In another embodiment, final process result can be represented the processed fragment from bios program code and data.In another embodiment, may have the final process result of any number, each final process result is all represented the processing to the fragment of bios program code and/or data.
In security module 106 is among some embodiment of TPM, the fragment of BIOS is hashed into the result, and this result is stored among the PCR (or another memory location).In these embodiment one in, repeat Hash for each the BIOS fragment that is used to handle through appointment, and before be stored to (through renewal) result that the result of another memory location of PCR/ (in the end in the iteration) connects with the extra section of BIOS Hash result and is hashed into.Hash and storage are given repetition, till the BIOS that is used for through appointment being handled by TPM whole are hashed into net result and are stored in PCR (or another memory location).In these embodiment one in, BIOS whole are hashed into net results (also promptly, the whole of BIOS are to handle through specifying by TPM).
In one embodiment, any result or its function through storing is safe.For example, security can result from the essence of the memory location that is used to store in the stage 308, also, because storer is protected.In another example, security can result from the essence of employed operation additionally or alternati.Continue this example, above-described result's expansion may help the stored result or the security of its function in some cases.
In certain embodiments, after during computing system 100 has been reset and has reseted, passing by, CPU102 can check whether initial or positive initiating process 300 of security module 106, and if security module 106 is not initial, then CPU 102 can carry out static CRTM, thereby initialization driver, this driver are used for security module 106 is read, writes and controls by host CPU in these embodiment.CPU can via bus 122 read the BIOS that is used to handle through appointment to small part, and with the BIOS that this read provide to security module 106 in the stage 306, to handle.In these embodiment one in, security module 106 can read any BIOS that does not read that is used to handle through appointment via interface 132 subsequently.Among another person in these embodiment, in case CPU 102 read the BIOS that is used to handle through appointment to small part, CPU 102 promptly continues to read any BIOS that does not read that is used to handle through appointment.
In another embodiment, after having pass by during computing system 100 or 200 has been reset and has reseted, CPU 102 can check whether initial or positive initiating process 300 of security module 106, and if not, then CPU 102 can indicate security module 106 initiating processes 300 (for example, with stages 304 beginning).
In one embodiment, CPU 102 can use predetermined command or signal (it is specific that it can be the supplier in some cases) to check whether initial or positive initiating process 300 of security module 106.
In another embodiment, CPU 102 does not check whether initial or positive initiating process 300 of security module 106, and hypothesis security module 106 executeds or with manner of execution 300.
In one embodiment, carried out before any BIOS fragment that appointment is used for being handled by security module 106 at CPU 102, this fragment is as processed in the stage 304,306 and/or 308 of above-described method 300 any one.In another embodiment, carried out before any BIOS fragment that appointment is used for being handled by security module 106 at CPU 102, through all BIOS fragments that appointment is used for handling as processed in any one of stage 304,306 of above-described method 300 and/or 308.In one embodiment, only when the result of BIOS fragment meets predetermined criterion, CPU 102 just carries out this BIOS fragment, or only when the result of all BIOS fragments that are used to handle through appointment meets predetermined criterion, CPU 102 just carries out these BIOS fragments.In another embodiment, do not have predetermined criterion and/or do not have the assessment that whether result of BIOS fragment is met predetermined criterion, and no matter therefore CPU 102 can carry out treated BIOS fragment and result.
By the description to each embodiment of method 300, then the reader knows apparently, and interface 132 or 232 existence make security module 106 can control in certain embodiments that BIOS in the stage 304 reads and/or the subsequent stage of control method 300.In these embodiment, but security module 106 direct access NVM104 and the intermediate that do not need CPU 102 to serve as between security module 106 and the NVM 104 (also are, if between security module 106 and the NVM 104 only communicate by letter alternatively via CPU 102 is connected among security module 106 and the NVM 104 each bus and carry out, then CPU 102 must be intermediate).Therefore, undertaken among these embodiment of direct access by 106 couples of NVM of security module 104, BIOS reads usually (but may not) than fast under the situation of serving as intermediate at CPU 102.In these embodiment one in, the use of interface 132 or interface 232 allows than the faster communication of bus, and this bus originally will be connected to or definitely intermediate CPU 102 will be connected among security module 106 and the NVM 104 each, so comparatively speaking, BIOS reads may be usually (but may not) be accelerated a lot.Among the embodiment of initial period 304, the BIOS of method 300 handles may must wait for that than one the embodiment that has finished to read with initial BIOS for CPU 102 is fast in some cases during reseting during security module 106 is being reseted.
In other embodiment of method 300, only reset manner of execution 300 afterwards at the computing system of certain (a bit) type.In these other embodiment, in the stage 302, security module 106 through configuration responding to reseting of certain (a bit) type, and only after sensing the reseting of predefined type, the remainder of manner of execution 300.For example, among some embodiment in these other embodiment, security module 106 is reseted with induction cold start-up main frame through configuration, and if only if when in the stage 302, sensing the cold start-up main frame and reseting, the remainder of manner of execution 300.Continue this example, in these other embodiment one in, security module 106 monitoring electric power signals (VDD) and LRESET signal both, and if these both through determining, then security module is known and a cold start-up main frame takes place is reseted.Only after the computing system of certain (a bit) type is reseted among some embodiment among these other embodiment of manner of execution 300, the number of times that method 300 may be performed is to lack under the situation about reseting of any kind than the triggering in method 300.
Fig. 4 is the method flow diagram that BIOS handles that is used for according to the embodiment of the invention.In one embodiment, method 400 is carried out by security module 106.
In the stage 402, security module 106 is sensed stand-by electric (V SB) available (also promptly, after unavailable) become.For example, maybe when the electric battery of computing system 100 or 200 power supplies being put or put once more to the electric battery groove, it is available that stand-by electric may become when supply socket that computing system 100 or 200 is inserted into or is back in the work.
In case it is available that stand-by electric becomes, security module 106 can be operated.Therefore in the stage 404, security module 106 reads the BIOS fragment via interface 132 or 232 from NVM 104, and handles the BIOS fragment that this read in the stage 406.
In certain embodiments, stages 406 carry out as performed action of stage 306.In the optional stage 408, carry out as performed action of stage 308.
In certain embodiments, can obtain to connect computing system 100 or 200 before the final treated BIOS result.In these embodiment one in, allow security module 106 before CPU 102 carries out BIOS, to finish and obtain the final BIOS result who handles.Among another person in these embodiment, any BIOS fragment that CPU102 can initial execution have been read and handled by security module 106.In one embodiment, only when the result of BIOS segment meets predetermined criterion, CPU 102 just carries out this BIOS fragment, or only when the final process result of all BIOS fragments that are used to handle through appointment meets predetermined criterion, CPU 102 just carries out these BIOS fragments.In another embodiment, do not have predetermined criterion and/or do not have the assessment that whether result of BIOS fragment is met predetermined criterion, and no matter therefore CPU 102 can carry out the BIOS fragment and result.
Before security module 106 has been pass by in computing system 100 ons and during reseting as yet among some embodiment of not initial manner of execution 400, CPU 102 can carry out static CRTM, thereby initialization driver, this driver are used for security module 106 is read, writes and controls by host CPU in these embodiment.CPU can via bus 122 read the BIOS that is used to handle through appointment to small part, and with the BIOS that this read provide to security module 106 in the stage 406, to handle.In these embodiment one in, security module 106 can read any BIOS of not reading that is used to handle through appointment via interface 132 subsequently.Among another person in these embodiment, in case CPU 102 read the BIOS that is used to handle through appointment to small part, CPU 102 promptly continues to read any BIOS of not reading that is used to handle through appointment.In these embodiment one in, after having pass by in computing system 100 ons and during reseting, CPU 102 checks whether removed and recover stand-by electric, if and only if removed and when recovering stand-by electric (it should be the triggering that makes security module 106 manners of execution 400 in this embodiment), CPU 102 read the BIOS that is used to handle through appointment to small part.
In other embodiments, after having pass by in computing system 100 or 200 ons and during reseting, whether CPU 102 can check security module 106 initiating process 400, and if not, then CPU 102 can indicate security module 106 initiating processes 400 (for example, with stages 404 beginning).For example, in these other embodiment one in, CPU 102 can use predetermined command or signal (it is specific that it can be the supplier in some cases) to check whether initial or positive initiating process 400 of security module 106.In these other embodiment one in, CPU 102 at first checks to have removed whether and recover stand-by electric, if and only if removed and when recovering stand-by electric (it should be the triggering that makes security module 106 manners of execution 400 in these other embodiment), CPU 102 indication security modules 106 initiating processes 400 (for example, with stages 404 beginning).In another embodiment, CPU 102 does not check whether initial or positive initiating process 400 of security module 106, and hypothesis security module 106 executeds or with manner of execution 400.
Description by to each embodiment of method 400 is obviously known the reader, and interface 132 or 232 existence make security module 106 can control in certain embodiments that BIOS in the stage 404 reads and/or the subsequent stage of control method 400.In these embodiment, security module 106 direct access NVM 104 and the intermediate that do not need CPU 102 to serve as between security module 106 and the NVM 104 (also are, if between security module 106 and the NVM 104 only communicate by letter alternatively via CPU 102 is connected among security module 106 and the NVM 104 each bus and carry out, then CPU 102 must be intermediate).Therefore, undertaken among these embodiment of direct access by 106 couples of NVM of security module 104, BIOS reads usually (but may not) than fast under the situation of serving as intermediate at CPU 102.Use interface 132 or interface 232 to allow than among one among these embodiment of the faster communication of bus (its script will be connected to or definitely intermediate CPU 102 will be connected to each among security module 106 and the NVM 104), comparatively speaking, BIOS read may be usually (but may not) be accelerated a lot.
Be apparent that for the reader, by security module 106 stand-by electric become available (or available once more) and any time lag phase of computing system 100 or 200 between being switched between performed any BIOS handle and change less computing system 100 or 200 ons after (or not) in some cases into and need BIOS to handle, and therefore common (but may not) obtains start-up course faster.For example, the BIOS that is undertaken by security module handle can be in the stage 404 to 408 any one.In time-lag was enough to embodiment that the permission stage 402 to 408 finished before computing system 100 or 200 is connected, start-up course (but may not) was usually saved and is finished in the they's stage required time.
In certain embodiments, because reading by the available recently stand-by electric of induction of BIOS triggered, so the number of times ratio method 300 that method 400 can be performed is few, assumed calculation system 100 or 200 reset (or triggering reseting of type) become available recently than stand-by electric takes place often (also promptly, computing system 100 or 200 socket master battery pack is back to supply socket/electric battery groove proportion design calculation system 100 or 200 frequencies few).
As mentioned above, decide on embodiment, final BIOS result and/or middle BIOS result can be used or may not use.Whether the present invention is to using the BIOS result or how to use the BIOS result not apply restriction.
In one embodiment, in case CPU 102 enables (also promptly, finished back) during reseting, security module 106 can determine that interrupt line can use with indication BIOS result.In another embodiment, in case CPU 102 enables, CPU 102 can poll and is understood that by this BIOS result can use.
In certain embodiments, security module 106 can be used final BIOS result and/or intermediate treatment result and carry out additional functionality.In order further to inspire the reader, existing description can use the BIOS result some may use, but that described application should not be interpreted as is required and/or restrictive.
In certain embodiments, security module 106 can provide protected store-service, and this is similar to the known of TPM may be functional.In these embodiment, security module 106 can be used the content (content that for example, can be used for one or many persons among the PCR among the TPM) of one or more memory location and sealing data (preserving the expression of measurement).For example, in these embodiment one in, the content that is used for sealing can comprise the final and/or middle BIOS result that (for example) PCR (0) is included.Security module 106 is passed the encryption blob of expression through the data of sealing back.Perhaps, security module 106 can possess the blob of encryption and be required the blob that breaks a seal.Only when during the content of one or more memory location of appointment and sealing when identical, security module 106 discharges data (before being sealed by one or more content through the designated memory position).
In certain embodiments, security module 106 can be carried out the computing of RSA private key, and this is similar to the known of TPM may be functional.For example, in these embodiment one in, security module 106 can be preserved private key, and if the caller is authorized to use this private key, then this caller can order security module 106 to use these keys to come the current content of one or more memory location of mark (it can, for example, comprise final and/or middle BIOS result) snapshot.
In one embodiment, security module 106 depends on Bitlocker TMDrive Encryption (Bitlocker TMDrive and encrypt), this is similar to the known of TPM may be functional. Windows Vista TMOperating system comprises Bitlocker TMDrive Encryption, Bitlocker TMDriveEncryption uses root secret order (root secret) to come the operating system of encipher hard disc machine in one implements, and depends on TPM and retrain access to these root secret orders.Decide on BIOS Hash result and other Hash result, TPM release root secret order allows operating system to load or not release root secret order by this.More information is provided at http://technet.microsoft.com/en-us/windowsvista/aa906017.aspx by (for example), and it is incorporated into hereby by reference.
In one embodiment, decide on final BIOS result and/or middle BIOS result, computing system 100 or 200 may be allowed to continue to start maybe may be prevented from continuing to start.
In one embodiment, decide on final BIOS result and/or middle BIOS result, computing system software can be dependent on and maybe can not rely on BIOS (wherein do not rely on and can comprise, for example, start with alternating pattern).
In one embodiment, final BIOS result and/or middle BIOS result can be used for the snapshot of extraction system safe condition or the encryption protected data in the release security module 106.
Fig. 5 is the calcspar of security module 106 according to an embodiment of the invention.In the illustrated embodiment, security module 106 comprises induction module 502, extraction module 504, processing module 506 and storer 508.In the module 502,504,506 and 508 each can be constituted by any of software, hardware and/or firmware that can carry out the function that this paper defined and explained.For explanation is oversimplified, storer 508 is disclosed as a unit, but security module 106 may comprise dissimilar volatibility and/or nonvolatile memory in certain embodiments, and/or a plurality of memory set.For example, in one embodiment, any one that storer 508 can be in following: buffer, temporary storage input and input buffer and/or protected storage position.
In the embodiment of illustrated security module 106, induction module 502 through configuration with induction for the triggering of method 300 and/or 400.For example, induction module 502 can be through the availability of configuration with the previous disabled stand-by electric of induction in the stage 402, and/or can reset (or particular type reset) with induction computing system in the stage 302 through configuration.After sensor 502 has been sensed triggering, extraction module 504 through configuration with via interface 132 or 232 direct access nonvolatile memories 104.As previously mentioned, in one embodiment, nonvolatile memory 104 may be in the same entity encapsulation with security module 106, but not so explanation in Fig. 5.BIOS fragment through extracting is handled by processing module 506.In one embodiment, processing module 506 comprises the Hash module, and this Hash module is carried out the SHA-1 cryptographic hash through configuration with (for example).BIOS handles the net result of (for example, Hash is handled) and/or one or more intermediate result of processing (for example, Hash is handled) can be stored in the storer 508 in one embodiment.In one embodiment, except that sensor 502 through configuration with triggering for stage 302 or 402 inductions, when sensor 502 also can be enabled with induction (for example) CPU 102 through configuration, makes security module 106 can determine that the cycle of reseting has finished and the interrupt line of final BIOS result when can be used for CPU 102.
In some embodiments of the invention, security module 106 can comprise than module shown in Figure 5 still less, more, and/or be different from the module of module shown in Figure 5.For example, in one embodiment, security module can be additionally or alternati particularly including: be used to produce and/or protect the module of cryptographic key, and/or the tandom number generator module.In other embodiments of the invention, the functional module that can differently be divided into Fig. 5 of security module 106 described herein.In other embodiments of the invention, security module 106 described herein functional be divided into than module shown in Figure 5 still less, more, and/or be different from the module of module shown in Figure 5, and/or security module 106 can comprise additional functionality or functional than still less function described herein.In other embodiments of the invention, one or more module shown in Figure 5 can have functional more, still less than described, and/or is different from described functional functional.For example, in one embodiment, processing module 506 can be carried out additional functionality, for example, sealing/Kaifeng, mark snapshot, constraint be in the access of secret order, the computing of RSA private key etc. any one, or one in these additional functionalities or many persons can be performed in other places in security module 106.
In some embodiments of the invention, because security module 106 is connected to NVM 104 via interface 132 or 232 direct interfaces, thus the BIOS that carries out by CPU 102 among the NVM 104 can get rid of with by security module 106 but not the functional any program code and/or the data that are associated of CPU 102 execution.For example, in these embodiment one in, BIOS among the NVM 104 can get rid of and call program code that fragment that CPU reads BIOS is associated and/or data (because alternatively read this (etc.) fragment) by security module 106, and/or can get rid of and call CPU the BIOS fragment is delivered to security module (program code that for example, TPM) is associated and/or data.In another embodiment, with call program code and/or the data that fragment (alternatively being read by security module 106) that CPU 102 reads BIOS is associated, and/or with call CPU 102 and the BIOS fragment is delivered to program code that security module 106 is associated and/or data be included among the BIOS among the NVM 104.For example, read and/or feed program code and/or data can be included among the BIOS among the NVM 104, to keep back compatible.As another example, read and/or feed program code and/or data can be included among the BIOS among the NVM104, because in certain embodiments, CPU 102 can have in some cases (for example, if security module 106 can't initial or Method Of Accomplishment 300 or 400) and read the fragment of BIOS and the performance of the BIOS fragment being delivered to security module 106.
Should be understood that also system according to the present invention can be the computing machine through proper procedureization.Equally, the present invention is contained and can be read to be used to carry out the computer program of method of the present invention by computing machine.Machine readable memory is more contained in the present invention, and this storer is positively specialized and can be carried out to be used to carry out the instruction repertorie of method of the present invention by machine.
Though showed about specific embodiment and described the present invention, therefore the present invention is not restricted.Be familiar with the one's own profession dealer and should expect numerous modifications, change and improvement in category of the present invention.

Claims (26)

1. one kind is carried out the method that basic input/output is handled in computing system, it is characterized in that this method comprises:
Security module in described computing system read via an interface basic input/output in the nonvolatile memory that is stored in the described computing system to small part, described interface directly connects described security module and described nonvolatile memory; And
Described security module is handled the described to small part of described basic input/output.
2. the method for claim 1 is characterized in that, to operate with stand-by electric, described method also comprises described security module through configuration:
Described security module induction stand-by electric becomes available after unavailable;
Wherein stand-by electric become available after initial described reading.
3. the method for claim 1 is characterized in that, described processing comprises measurement.
4. method as claimed in claim 3 is characterized in that described measurement comprises Hash.
5. the method for claim 1 is characterized in that, this method also comprises:
Described security module is sensed described computing system and is reset; Initial described reading after described computing system has been reset wherein.
6. method as claimed in claim 5 is characterized in that, only when described computing system has been reseted by cold start-up and has been reseted, and initial described reading.
7. method as claimed in claim 5 is characterized in that described security module possesses stand-by electric.
8. method as claimed in claim 5 is characterized in that, described security module possesses electric power after described computing system on.
9. method as claimed in claim 5 is characterized in that, initial described reading during the reseting of described computing system.
10. the method for claim 1 is characterized in that, this method also comprises:
Described security module is stored at least one result of described processing or its function in the storer in the described security module.
11. the method for claim 1 is characterized in that, this method also comprises:
After described computing system has been reset, CPU (central processing unit) in the described computing system is lighted the beginning in the time and is carried out the described to small part of described basic input/output, described time point such as fruit described CPU (central processing unit) described computing system has been reset after must read described basic input/output described to small part and with described time point morning that provides to small part under the situation that is used to handle to described security module of described basic input/output.
12. one kind is carried out the method that basic input/output is handled, it is characterized in that this method comprises in computing system:
Security module in described computing system is sensed stand-by electric and become available after unavailable;
Described security module then via an interface read basic input/output in the nonvolatile memory that is stored in the described computing system to small part, described interface directly connects described security module and described nonvolatile memory; And
Described security module is handled the described to small part of described basic input/output.
13. method as claimed in claim 12 is characterized in that, described processing comprises Hash.
14. one kind is used for the system that basic input/output is handled, it is characterized in that this system comprises:
One nonvolatile memory, its through configuration to store basic input/output;
One security module, its through configuration with read described basic input/output to small part and through configuration to handle the described of described basic input/output to small part; And
One interface, it is directly connected between described security module and the described nonvolatile memory.
15. system as claimed in claim 14 also comprises:
One CPU (central processing unit); And
One interface, it is connected between described CPU (central processing unit) and the described security module.
16. system as claimed in claim 15 also comprises:
One interface, it is connected between described CPU (central processing unit) and the described nonvolatile memory.
17. system as claimed in claim 16, wherein said be connected in interface between described security module and the described nonvolatile memory through configuration to allow than being connected in that described CPU (central processing unit) is communicated by letter faster with the interface between the described nonvolatile memory or communicating by letter faster with the interface between the described security module than being connected in described CPU (central processing unit).
18. system as claimed in claim 16, wherein said CPU (central processing unit) is lighted the beginning through configuration with the time after reseting and is carried out the described to small part of described basic input/output, and described time point described to small part and with described basic input/output described to small part provides the time point situation that to described security module be used to handle under morning through configuration with what read described basic input/output described reseting after in described CPU (central processing unit) such as fruit.
19. system as claimed in claim 14, wherein said security module and described nonvolatile memory are included in the same entity encapsulation.
20. system as claimed in claim 14, wherein said security module reads the described to small part of described basic input/output through configuration to become initial after available at disabled stand-by electric.
21. one kind is used for the security module that basic input/output is handled, comprises:
One sensor, its through configuration with the induction for the triggering to small part of reading basic input/output;
One extraction module, to read the described to small part of described basic input/output via an interface from a nonvolatile memory that stores described basic input/output after described sensor has been sensed described triggering, described interface is directly connected between described nonvolatile memory and the described security module through configuration for it; And
One processing module, its through configuration with handle described basic input/output described be read to small part.
22. security module as claimed in claim 21, wherein said triggering are the availability of stand-by electric after unavailable.
23. security module as claimed in claim 21, wherein said triggering are to comprise that one of the computing system of described security module resets.
24. security module as claimed in claim 21, wherein said triggering are to comprise in the reseting of at least one predefined type of the computing system of described security module at least one.
25. security module as claimed in claim 21, wherein said processing module through configuration with the described basic input/output of Hash described be read to small part.
26. security module as claimed in claim 21 also comprises:
Storer, it is through at least one result or its function of configuration to store described processing.
CN200810082693A 2008-03-06 2008-03-06 System and method for processing basic input/output system Pending CN101526981A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201510987780.8A CN105608371A (en) 2008-03-06 2008-03-06 System and method for basic input/output system processing
CN200810082693A CN101526981A (en) 2008-03-06 2008-03-06 System and method for processing basic input/output system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN200810082693A CN101526981A (en) 2008-03-06 2008-03-06 System and method for processing basic input/output system

Related Child Applications (1)

Application Number Title Priority Date Filing Date
CN201510987780.8A Division CN105608371A (en) 2008-03-06 2008-03-06 System and method for basic input/output system processing

Publications (1)

Publication Number Publication Date
CN101526981A true CN101526981A (en) 2009-09-09

Family

ID=41094847

Family Applications (2)

Application Number Title Priority Date Filing Date
CN201510987780.8A Pending CN105608371A (en) 2008-03-06 2008-03-06 System and method for basic input/output system processing
CN200810082693A Pending CN101526981A (en) 2008-03-06 2008-03-06 System and method for processing basic input/output system

Family Applications Before (1)

Application Number Title Priority Date Filing Date
CN201510987780.8A Pending CN105608371A (en) 2008-03-06 2008-03-06 System and method for basic input/output system processing

Country Status (1)

Country Link
CN (2) CN105608371A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109753473A (en) * 2019-01-09 2019-05-14 郑州云海信息技术有限公司 A kind of reliable platform module protocol recognition method and device

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7484105B2 (en) * 2001-08-16 2009-01-27 Lenovo (Singapore) Ptd. Ltd. Flash update using a trusted platform module
CN100351731C (en) * 2004-04-30 2007-11-28 联想(北京)有限公司 Safety computer and method for implementing same
US7716494B2 (en) * 2004-07-15 2010-05-11 Sony Corporation Establishing a trusted platform in a digital processing system
US7711942B2 (en) * 2004-09-23 2010-05-04 Hewlett-Packard Development Company, L.P. Computer security system and method
JP4769608B2 (en) * 2006-03-22 2011-09-07 富士通株式会社 Information processing apparatus having start verification function

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109753473A (en) * 2019-01-09 2019-05-14 郑州云海信息技术有限公司 A kind of reliable platform module protocol recognition method and device

Also Published As

Publication number Publication date
CN105608371A (en) 2016-05-25

Similar Documents

Publication Publication Date Title
TWI390425B (en) System for security verification and method for verifying security in a computer system
CN100511086C (en) Providing a secure execution mode in a pre-boot environment
US8375437B2 (en) Hardware supported virtualized cryptographic service
US8886955B2 (en) Systems and methods for BIOS processing
EP2989579B1 (en) Redundant system boot code in a secondary non-volatile memory
TWI266989B (en) Method, apparatus and token device for protection against memory attacks following reset
EP3676742A1 (en) Hardware-enforced firmware security
US8516232B2 (en) Method and memory device for performing an operation on data
US20040268135A1 (en) Methods and apparatus for secure collection and display of user interface information in a pre-boot environment
CN103164241A (en) Method of starting a computer using a biometric authentication device
EP2989547B1 (en) Repairing compromised system data in a non-volatile memory
CN111158767B (en) BMC-based server safe starting method and device
CN105122261A (en) Recovering from compromised system boot code
US9015454B2 (en) Binding data to computers using cryptographic co-processor and machine-specific and platform-specific keys
CN105144185A (en) Verifying controller code and system boot code
CN105122259A (en) Retrieving system boot code from a non-volatile memory
JP6391439B2 (en) Information processing apparatus, server apparatus, information processing system, control method, and computer program
US9928367B2 (en) Runtime verification
CN103186434A (en) Method and system for recovering basic input/output system
WO2010030157A1 (en) A method of authentication of computer id for portable data storage devices
CN111125707A (en) BMC (baseboard management controller) safe starting method, system and equipment based on trusted password module
TWI468973B (en) Clearing secure system resources in a computing device
Safford et al. Take control of TCPA
CN114077739A (en) Method and device for starting rapid Peripheral Component Interconnect (PCI) equipment and storage medium
CN101526981A (en) System and method for processing basic input/output system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C12 Rejection of a patent application after its publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20090909