CN102207910A - Read-only memory, data safety protection system, data safety protection method and computer - Google Patents

Read-only memory, data safety protection system, data safety protection method and computer Download PDF

Info

Publication number
CN102207910A
CN102207910A CN 201010136598 CN201010136598A CN102207910A CN 102207910 A CN102207910 A CN 102207910A CN 201010136598 CN201010136598 CN 201010136598 CN 201010136598 A CN201010136598 A CN 201010136598A CN 102207910 A CN102207910 A CN 102207910A
Authority
CN
Grant status
Application
Patent type
Prior art keywords
read
memory
code
operation
access
Prior art date
Application number
CN 201010136598
Other languages
Chinese (zh)
Inventor
李鑫
高晔
Original Assignee
联想(北京)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date

Links

Abstract

The embodiment of the invention discloses a read-only memory, a data safety protection system, a data safety protection method and a computer. The read-only memory comprises a code generation module, a first transmitting module and a first receiving module, wherein the code generation module is used for generating safety operation codes which execute operation on the read-only memory after starting; the first transmitting module is used for transmitting the safety operation codes to an access unit; and the first receiving module is used for receiving an access request which is based on the safety operation codes and transmitted by the access unit and executing the corresponding operation according to the safety operation codes. In the technical scheme of the invention, the read-only memory receives the access request which is based on the safety operation codes and transmitted by the access unit, and refuses to receive the other access requests, so the safety of the read-only memory is protected.

Description

一种只读存储器、数据安全保护系统、方法及计算机 One kind of read-only memory, a data security system, method and computer

技术领域 FIELD

[0001] 本发明主要涉及计算机安全技术领域,特别是指一种只读存储器、数据安全保护系统、方法及计算机。 [0001] The present invention generally relates to the field of computer security technology, particularly to a read-only memory, a data security system, method, and computer.

背景技术 Background technique

[0002] 随着科学技术的发展,数据安全问题越来越受到广大用户的关注,数据安全保护已经成为计算机领域一项重要的研究领域,存储单元中的数据安全尤为重要,以SPKSerial Peripheral hterface,串行外围设备接口)ROM (Read-onIymemory,只读存储器)为例,SPI ROM是很多病毒的攻击目标,因此,必须对SPI ROM进行有效的保护。 [0002] With the development of science and technology, data security issues more and more users are concerned about data security has become an important area of ​​research field of computer, data security storage unit is particularly important to SPKSerial Peripheral hterface, serial peripheral Interface) ROM (Read-onIymemory, read-only memory), for example, SPI ROM many viruses target, therefore, the need for effective protection of the SPI ROM. 但是, 目前保护SPI ROM安全的方式非常少,SPI的读写命令是由SPI设备固定的,不能更改,所以目前SPI ROM的读写没有秘密可言。 However, there are ways to protect the safety SPI ROM is very small, the SPI SPI devices read and write commands is fixed and can not be changed, so read and write SPI ROM currently no secret at all.

[0003] 在现有技术中,一种保护存储单元数据安全的方法是设计一种额外电路,通过所述额外电路控制所述存储单元的读写操作,如通过设计额外电路控制SPI-WP#,从而达到保护SPI ROM安全的目的,但这种方法需要对代码(如BIOS (Basic Input Output System基本输入输出系统)层的代码)进行复杂设计,并且在硬件上需要设计额外的电路,因此实现比较复杂,并且提高了成本。 [0003] In the prior art, a method of protecting memory cell data is to design a secure method of additional circuitry, read and write operations by the memory control unit of the additional circuitry, control SPI-WP # by designing additional circuitry so as to protect the safety of the SPI ROM, but this method requires the code (e.g., BIOS (basic input output system basic input output system) layer codes) complex design, and the additional circuitry required in the design of hardware, thus achieving more complicated and increases the cost.

发明内容 SUMMARY

[0004] 本发明实施例提出一种只读存储器、数据安全保护系统、方法及计算机。 [0004] Example provides a read-only memory, a data security system, method and computer of the present invention. 只读存储器ROM接受访问单元基于安全操作代码的访问请求,而拒绝接受其它的访问请求,从而保护了只读存储器ROM的安全。 A read only memory ROM means accepting access based on the access request code for safe operation, while the other rejected access request, thereby protecting the secure read only memory ROM.

[0005] 本发明实施例的技术方案是这样实现的: [0005] The technical solution of the embodiment of the present invention is implemented as follows:

[0006] 一种只读存储器,包括: [0006] A read-only memory, comprising:

[0007] 代码生成模块,用于在启动后生成对所述只读存储器执行操作的安全操作代码; [0007] The code generation module for generating perform a security operation on the operation code in the boot ROM;

[0008] 第一发送模块,用于将所述安全操作代码发送至访问单元; [0008] The first sending module, configured to send the code to the safe operation of the access unit;

[0009] 第一接收模块,用于接收所述访问单元发送的基于所述安全操作代码的访问请求,并根据所述安全操作代码执行相应的操作。 [0009] a first receiving module, configured to receive the operation based on the access code, the security unit sends the request, and performs a corresponding operation according to the operation code security.

[0010] 优选的,还包括: [0010] Preferably, further comprising:

[0011] 第二接收模块,用于接收所述访问单元发送的启动命令,所述启动命令用于启动所述代码生成模块。 [0011] a second receiving module, configured to receive a start command sent by the access unit, the start command for starting the code generation module.

[0012] 优选的,所述只读存储器为存储基本输入输出系统代码的串行外围设备接口只读存取器。 [0012] Preferably, the read only memory to store a basic input output system code serial peripheral interface read-only accessor.

[0013] 优选的,所述访问单元为被中央处理器执行的基本输入输出系统。 [0013] Preferably, the access unit is a basic input output system central processor is executed.

[0014] 一种数据安全保护系统,包括访问单元和只读存储器,其特征在于,所述只读存储器包括: [0014] A data security system comprising access and read only memory unit, wherein said read only memory comprising:

[0015] 代码生成模块,用于在启动后生成对所述只读存储器执行操作的安全操作代码; [0015] The code generation module for generating perform a security operation on the operation code in the boot ROM;

4[0016] 第一发送模块,用于将所述安全操作代码发送至所述访问单元; 4 [0016] The first sending module, configured to send the code to the safe operation of the access unit;

[0017] 第一接收模块,用于接收所述访问单元发送的基于所述安全操作代码的访问请求,并根据所述安全操作代码执行相应的操作。 [0017] a first receiving module, configured to receive the operation based on the access code, the security unit sends the request, and performs a corresponding operation according to the operation code security.

[0018] 优选的,所述只读存储器还包括: [0018] Preferably, the read only memory further comprises:

[0019] 第二接收模块,用于接收所述访问单元发送的启动命令,所述启动命令用于启动所述代码生成模块。 [0019] a second receiving module, configured to receive a start command sent by the access unit, the start command for starting the code generation module.

[0020] 优选的,所述访问单元包括: [0020] Preferably, the access unit comprises:

[0021] 第二发送模块,用于发送所述启动命令至所述只读存储器; [0021] The second sending module, configured to send a start command to the read only memory;

[0022] 第三接收模块,用于接收所述只读存储器发送的所述安全操作代码; [0022] The third receiving module, configured to receive the security operation of transmitting said read only code memory;

[0023] 第三发送模块,用于发送基于所述安全操作代码的访问请求至所述只读存储器。 [0023] a third sending module, configured to send the security operation based on the access request code to the read only memory.

[0024] 优选的,所述只读存储器为存储基本输入输出系统代码的串行外围设备接口只读存取器。 [0024] Preferably, the read only memory to store a basic input output system code serial peripheral interface read-only accessor.

[0025] 优选的,所述访问单元为被中央处理器执行的基本输入输出系统。 [0025] Preferably, the access unit is a basic input output system central processor is executed.

[0026] 一种数据安全保护方法,应用于由访问单元和只读存储器组成的数据安全保护系统中,包括: [0026] A method of data security, data security system is used by the access unit and consisting of a read only memory, comprising:

[0027] 根据启动命令生成对所述只读存储器执行操作的安全操作代码; [0027] safe operation code for performing an operation start command to the read-only memory is generated according to;

[0028] 将所述安全操作代码发送至访问单元; [0028] The operation of the security code is sent to the access unit;

[0029] 接收所述访问单元发送的基于所述安全操作代码的访问请求,并根据所述安全操作代码执行相应的操作。 [0029] The receiving operation based on the access code, the security unit sends the request, and performs a corresponding operation according to the operation code security.

[0030] 优选的,所述只读存储器为存储基本输入输出系统代码的串行外围设备接口只读存取器。 [0030] Preferably, the read only memory to store a basic input output system code serial peripheral interface read-only accessor.

[0031] 优选的,所述访问单元为被中央处理器执行的基本输入输出系统。 [0031] Preferably, the access unit is a basic input output system central processor is executed.

[0032] 一种计算机,包括: [0032] A computer, comprising:

[0033] 中央处理器; [0033] The central processing unit;

[0034] 北桥芯片,所述北桥芯片与所述中央处理器连接; [0034] The north bridge chip, a north bridge chip is connected to the central processor;

[0035] 系统存储器,所述系统存储器与所述北桥芯片连接; [0035] a system memory, the system memory is connected to the north bridge chip;

[0036] 南桥芯片,所述南桥芯片与所述北桥芯片连接; [0036] The south bridge chip, a south bridge chip and the north bridge chip connection;

[0037] 只读存储器,所述只读存储器与所述南桥芯片连接; [0037] The read-only memory, said read-only memory is connected with the south bridge chip;

[0038] 所述只读存储器包括: [0038] The read only memory comprising:

[0039] 代码生成模块,用于在启动后生成对所述只读存储器执行操作的安全操作代码; [0039] The code generation module for generating perform a security operation on the operation code in the boot ROM;

[0040] 第一发送模块,用于将所述安全操作代码发送至访问单元,所述访问单元为被所述中央处理器执行的基本输入输出系统; [0040] The first sending module, configured to send the code to the safe operation of the access unit, the access unit is a basic input output system is executed by the central processor;

[0041] 第一接收模块,用于接收所述访问单元发送的基于所述安全操作代码的访问请求,并根据所述安全操作代码执行相应的操作。 [0041] a first receiving module, configured to receive the operation based on the access code, the security unit sends the request, and performs a corresponding operation according to the operation code security.

[0042] 优选的,所述只读存储器为存储基本输入输出系统代码的串行外围设备接口只读存取器。 [0042] Preferably, the read only memory to store a basic input output system code serial peripheral interface read-only accessor.

[0043] 本发明所述技术方案通过代码生成模块生成安全操作代码,访问单元基于所述安全操作代码发送访问请求至只读存储器,而只读存储器拒绝接受其它访问请求,从而有效的保护了只读存储器的安全,并且不需要设计额外电路,实现简单,减少了成本。 [0043] The aspect of the present invention is generated by the code generation module safe operation code, access unit transmits an access request to the secure read only memory based on an operation code, read-only memory and to reject other access requests, so the only effective protection read the secure memory, and does not require additional circuitry design, simple, reducing costs.

5附图说明 BRIEF DESCRIPTION OF 5

[0044] 为了更清楚地说明本发明实施例的技术方案,下面将对实施例描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。 [0044] In order to more clearly illustrate the technical solutions in the embodiments of the present invention, briefly describes the accompanying drawings required for describing the embodiments used in the following embodiments will be apparent in the following description of the accompanying drawings are merely some embodiments of the present invention. embodiment, those of ordinary skill in the art is concerned, without any creative effort, and may also obtain other drawings based on these drawings.

[0045] 图1为本发明一种只读存储器优选实施例的组成结构图; [0045] Figure 1 is a configuration diagram composition INVENTION A read-only memory of the preferred embodiment of embodiment;

[0046] 图2为本发明一种数据安全保护系统优选实施例的组成结构图; [0046] FIG 2 A data security system configuration diagram of a preferred embodiment of the composition of the present invention;

[0047] 图3为本发明一种计算机优选实施例的组成结构图; [0047] FIG. 3 is preferably composed of a computer configuration diagram of an embodiment of the present invention;

[0048] 图4为本发明一种数据安全保护方法优选实施例的流程示意图。 [0048] FIG. 4 is a schematic flow INVENTION An embodiment of a preferred method of data security.

具体实施方式 Detailed ways

[0049] 下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。 [0049] below in conjunction with the present invention in the accompanying drawings, technical solutions of embodiments of the present invention are clearly and completely described, obviously, the described embodiments are merely part of embodiments of the present invention, but not all embodiments example. 基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。 Based on the embodiments of the present invention, those of ordinary skill in the art to make all other embodiments without creative work obtained by, it falls within the scope of the present invention.

[0050] 参照图1,示出了本发明一种只读存储器优选实施例的组成结构图。 [0050] Referring to Figure 1, there is shown a present invention provides a composition structure diagram of a read-only memory preferred embodiment. [0051 ] 所述只读存储器R0M100,包括: [0051] The read only memory R0M100, comprising:

[0052] 代码生成模块110,用于在启动后生成对所述只读存储器R0M100执行操作的安全操作代码。 [0052] The code generation module 110 for generating a secure operation performed on the operation code ROM R0M100 after startup.

[0053] 所述安全操作代码为能对所述只读存储器R0M100执行读、写或其它操作的命令。 [0053] The executable code for the safe operation of a read only memory R0M100, write command, or other operations.

[0054] 第一发迭模块120,用于将所述安全操作代码发送至访问单元。 [0054] The first hair Diego module 120 for transmitting the code to the safe operation of the access unit.

[0055] 第一接收模块130,用于接收所述访问单元发送的基于所述安全操作代码的访问请求,并根据所述安全操作代码执行相应的操作。 [0055] a first receiving module 130, configured to receive the operation based on the access code, the security unit sends the request, and performs a corresponding operation according to the operation code security.

[0056] 根据所述安全操作代码执行相应的操作包括读操作、写操作以及其它的操作。 [0056] performing the corresponding operation code to the security operation comprises a read operation, a write operation, and other operations.

[0057] 在本发明的另一实施例中,所述只读存储器R0M100还包括: [0057] In another embodiment of the present invention, the read-only memory R0M100 further comprising:

[0058] 第二接收模块140,用于接收所述访问单元发送的启动命令,所述启动命令用于启动所述代码生成模块110。 [0058] The second receiving module 140, configured to receive a start command sent by the access unit, the start command for starting the code generation module 110.

[0059] 其中,所述只读存储器R0M100可以为存储BIOS代码的串行外围设备接口只读存取器SPI ROM, LPC (Low Pin Count,少针脚型接口)ROM、PCI (Peripheral Component Interconnect,周边元件扩展接口)ROM或其它类型的只读存储器ROM,本发明实施例优选为SPI ROM。 [0059] wherein the read only memory may be a read-only accessor R0M100 SPI ROM serial peripheral interface storing BIOS code, LPC (Low Pin Count, low pin Interface) ROM, PCI (Peripheral Component Interconnect, peripheral component Interconnect) a ROM, or other type of read only memory ROM, as examples of preferred embodiments of the present invention SPI ROM.

[0060] 所述访问单元为被中央处理器CPU执行的基本输入输出系统BIOS。 [0060] The access unit is a basic input output system BIOS executed by the central processing unit CPU.

[0061] 存储于R0M100中的BIOS代码在开机上电时通过硬件映射到系统存储器中,并被CPU执行相应的BIOS命令,执行于CPU中的BIOS通过相应命令访问只读存储器R0M100,因此本发明中的所述访问单元为被中央处理器CPU执行的基本输入输出系统BIOS。 [0061] R0M100 stored in the BIOS boot code when the power is mapped by the hardware into system memory, and the CPU executes the appropriate BIOS commands executed in the CPU access BIOS ROM R0M100 by commands, the present invention is therefore the access unit is a basic input output system BIOS is executed by the central processing unit CPU.

[0062] 所述代码生成模块110是以FW(firmware,固件)的形式存在于所ROM中。 [0062] The form of the code generation module 110 is a FW (firmware, firmware) is present in the ROM. 在计算机中,所述代码生成模块110在每次开机时只能生成唯一的安全操作代码。 In the computer, the code generation module 110 can generate at each boot unique security code for operation.

[0063] 本发明所述技术方案通过代码生成模块生成安全操作代码,访问单元基于所述安全操作代码发送访问请求至只读存储器ROM,而只读存储器ROM拒绝接受其它访问请求, 从而有效的保护了只读存储器ROM的安全,并且不需要设计额外电路,实现简单,减少了成本。 [0063] The aspect of the present invention is generated by the code generation module safe operation code, access unit transmits an access request to a read only memory ROM based on the security operation code, read only memory ROM and other rejected access request, so that effective protection a read only memory ROM safety, design and does not require additional circuitry, simple, reducing costs.

[0064] 参照图2,示出了本发明一种数据安全保护系统优选实施例的组成结构图。 [0064] Referring to Figure 2, shows a data security system of the present invention is preferably composed of an embodiment of the structure of FIG. 所述数据安全保护系统,包括访问单元200和只读存储器R0M100。 The data security system comprising access unit 200 and read only memory R0M100.

[0065] 所述只读存储器R0M100,包括: [0065] The read only memory R0M100, comprising:

[0066] 代码生成模块110,用于在启动后生成对所述只读存储器R0M100执行操作的安全操作代码。 [0066] The code generation module 110 for generating a secure operation performed on the operation code ROM R0M100 after startup.

[0067] 所述安全操作代码为能对所述只读存储器R0M100执行读、写或其它操作的命令。 [0067] The executable code for the safe operation of a read only memory R0M100, write command, or other operations.

[0068] 第一发送模块120,用于将所述安全操作代码发送至访问单元200。 [0068] a first transmitting module 120, the security operation for transmitting the code to the access unit 200.

[0069] 第一接收模块130,用于接收所述访问单元200发送的基于所述安全操作代码的访问请求,并根据所述安全操作代码执行相应的操作。 [0069] a first receiving module 130, configured to receive the access unit based on the access request for the secure operation code transmitted 200, and performs a corresponding operation according to the operation code security.

[0070] 根据所述安全操作代码执行相应的操作包括读操作、写操作以及其它的操作。 [0070] performing the corresponding operation code to the security operation comprises a read operation, a write operation, and other operations.

[0071] 在本发明的另一实施例中,所述只读存储器R0M100还包括: [0071] In another embodiment of the present invention, the read-only memory R0M100 further comprising:

[0072] 第二接收模块140,用于接收所述访问单元200发送的启动命令,所述启动命令用于启动所述代码生成模块110。 [0072] The second receiving module 140, configured to receive a start command 200 sent by the access unit, the start command for starting the code generation module 110.

[0073] 所述访问单元200包括: [0073] The access unit 200 comprises:

[0074] 第二发送模块210,用于发送所述启动命令至所述只读存储器R0M100。 [0074] The second sending module 210, configured to send a start command to the read-only memory R0M100.

[0075] 第三接收模块220,用于接收所述只读存储器R0M100发送的所述安全操作代码。 [0075] The third receiving module 220, configured to receive said read-only memory of said secure operation code R0M100 transmitted.

[0076] 第三发送模块230,用于发送基于所述安全操作代码的访问请求至所述只读存储器R0M100。 Access [0076] The third sending module 230, configured to send the security operation based on the request code to the read only memory R0M100.

[0077] 其中,所述只读存储器R0M100可以为存储BIOS代码的串行外围设备接口只读存取器SPI ROM, LPC (Low Pin Count,少针脚型接口)ROM、PCI (Peripheral Component Interconnect,周边元件扩展接口)ROM或其它类型的只读存储器ROM,本发明实施例优选为SPI ROM。 [0077] wherein the read only memory may be a read-only accessor R0M100 SPI ROM serial peripheral interface storing BIOS code, LPC (Low Pin Count, low pin Interface) ROM, PCI (Peripheral Component Interconnect, peripheral component Interconnect) a ROM, or other type of read only memory ROM, as examples of preferred embodiments of the present invention SPI ROM.

[0078] 所述访问单元200为被中央处理器CPU执行的基本输入输出系统BIOS。 [0078] The access unit 200 is a basic input output system is executed a central processing unit CPU BIOS.

[0079] 存储于R0M100中的BIOS代码在开机上电时通过硬件映射到系统存储器中,并被CPU执行相应的BIOS命令,执行于CPU中的BIOS通过相应命令访问只读存储器R0M100,因此本发明中的所述访问单元200为被中央处理器CPU执行的基本输入输出系统BIOS。 [0079] R0M100 stored in the BIOS boot code when the power is mapped by the hardware into system memory, and the CPU executes the appropriate BIOS commands executed in the CPU access BIOS ROM R0M100 by commands, the present invention is therefore in the access unit 200 is a basic input output system to be executed by the central processing unit CPU BIOS.

[0080] 本发明所述技术方案通过代码生成模块生成安全操作代码,访问单元基于所述安全操作代码发送访问请求至只读存储器R0M,而只读存储器ROM拒绝接受其它访问请求, 从而有效的保护了只读存储器ROM的安全,并且不需要设计额外电路,实现简单,减少了成本。 [0080] The aspect of the present invention is generated by the code generation module safe operation code, access unit transmits an access request to a read only memory based on the security R0M operation code, read only memory ROM and other rejected access request, so that effective protection a read only memory ROM safety, design and does not require additional circuitry, simple, reducing costs.

[0081] 参照图3,示出了本发明一种计算机优选实施例的组成结构图。 [0081] Referring to Figure 3, there is shown a computer according to the present invention a preferred embodiment of the composition structure embodiment of FIG. 所述计算机300 包括:中央处理器310,北桥芯片320,所述北桥芯片320与所述中央处理器310连接,系统存储器330,所述系统存储器330与所述北桥芯片320连接,南桥芯片340,所述南桥芯片340与所述北桥芯片320连接,只读存储器R0M100,所述只读存储器R0M100与所述南桥芯片340连接。 The computer 300 comprises: a central processor 310, a north bridge chip 320, the north bridge chip 320 is connected with the central processor 310, a system memory 330, the system memory 330 is connected to the north bridge chip 320, a south bridge chip 340 , the south bridge chip 340 is connected to the north bridge chip 320, read only memory R0M100, R0M100 only memory 340 connected to the south bridge chip.

[0082] 所述只读存储器R0M100,包括: [0082] The read only memory R0M100, comprising:

7[0083] 代码生成模块110,用于在启动后生成对所述只读存储器R0M100执行操作的安全操作代码。 7 [0083] The code generation module 110 for generating a security operation after starting the operation code is performed on said read-only memory R0M100.

[0084] 所述安全操作代码为能对所述只读存储器R0M100执行读、写或其它操作的命令。 [0084] The security code can perform a read operation of said read-only memory R0M100, write command, or other operations.

[0085] 第一发送模块120,用于将所述安全操作代码发送至访问单元200。 [0085] a first transmitting module 120, the security operation for transmitting the code to the access unit 200.

[0086] 第一接收模块130,用于接收所述访问单元200发送的基于所述安全操作代码的访问请求,并根据所述安全操作代码执行相应的操作。 [0086] a first receiving module 130, configured to receive the access unit based on the access request for the secure operation code transmitted 200, and performs a corresponding operation according to the operation code security.

[0087] 根据所述安全操作代码执行相应的操作包括读操作、写操作以及其它的操作。 [0087] performing the corresponding operation code to the security operation comprises a read operation, a write operation, and other operations.

[0088] 在本发明的另一实施例中,所述只读存储器R0M100还包括: [0088] In another embodiment of the present invention, the read-only memory R0M100 further comprising:

[0089] 第二接收模块140,用于接收所述访问单元200发送的启动命令,所述启动命令用于启动所述代码生成模块110。 [0089] The second receiving module 140, configured to receive a start command 200 sent by the access unit, the start command for starting the code generation module 110.

[0090] 所述访问单元200包括: [0090] The access unit 200 comprises:

[0091] 第二发送模块210,用于发送所述启动命令至所述只读存储器R0M100。 [0091] The second sending module 210, configured to send a start command to the read-only memory R0M100.

[0092] 第三接收模块220,用于接收所述只读存储器R0M100发送的所述安全操作代码。 [0092] The third receiving module 220, configured to receive said read-only memory of said secure operation code R0M100 transmitted.

[0093] 第三发送模块230,用于发送基于所述安全操作代码的访问请求至所述只读存储器R0M100。 Access [0093] The third sending module 230, configured to send the security operation based on the request code to the read only memory R0M100.

[0094] 其中,所述只读存储器R0M100可以为存储BIOS代码的串行外围设备接口只读存取器SPI ROM, LPC (Low Pin Count,少针脚型接口)ROM、PCI (Peripheral Component Interconnect,周边元件扩展接口)ROM或其它类型的只读存储器ROM,本发明实施例优选为SPI ROM。 [0094] wherein the read only memory may be a read-only accessor R0M100 SPI ROM serial peripheral interface storing BIOS code, LPC (Low Pin Count, low pin Interface) ROM, PCI (Peripheral Component Interconnect, peripheral component Interconnect) a ROM, or other type of read only memory ROM, as examples of preferred embodiments of the present invention SPI ROM.

[0095] 所述访问单元200为被中央处理器CPU执行的基本输入输出系统BIOS,因此所述访问单元200并不是一个物理存在的组成部分,而是被中央处理器CPU执行的BIOS命令。 [0095] The access unit 200 is a basic input output system BIOS executed by the central processing unit CPU, and therefore a part of the access unit 200 is not physically present, but is a central command processor BIOS executed by the CPU.

[0096] 存储于R0M100中的BIOS代码在开机上电时通过硬件映射到系统存储器330 中,并被CPU执行相应的BIOS命令,执行于CPU中的BIOS通过相应命令访问只读存储器R0M100,因此本发明中的所述访问单元200为被中央处理器CPU执行的基本输入输出系统BIOS。 [0096] R0M100 stored in the BIOS boot code by mapping the electrical hardware in the system memory 330, and the CPU executes the appropriate BIOS commands executed in the CPU access BIOS ROM R0M100 by commands, so this the access unit of the present invention is a basic input output system 200 is executed by the central processing unit CPU BIOS.

[0097] 所述代码生成模块110是以FW(firmware,固件)的形式存在于所述R0M100中。 [0097] The code generation module 110 in the form of FW (firmware, firmware) are present in the R0M100. 在计算机300中,所述代码生成模块110在每次开机时只能生成唯一的安全操作代码。 In the computer 300, the code generation module 110 can generate at each boot unique security code for operation.

[0098] 本发明所述技术方案通过代码生成模块生成安全操作代码,访问单元基于所述安全操作代码发送访问请求至只读存储器R0M,而只读存储器ROM拒绝接受其它访问请求, 从而有效的保护了只读存储器ROM的安全,并且不需要设计额外电路,实现简单,减少了成本。 [0098] The technical solutions of the present invention is generated by the code generation module safe operation code, access unit transmits an access request to a read only memory based on the security R0M operation code, read only memory ROM and other rejected access request, so that effective protection a read only memory ROM safety, design and does not require additional circuitry, simple, reducing costs.

[0099] 参照图4,示出了本发明一种数据安全保护方法优选实施例的流程示意图,所述数据安全保护方法应用于由访问单元200和只读存储器R0M100组成的数据安全保护系统中。 [0099] Referring to Figure 4, there is shown a method of protection of the present invention, data security is a schematic flowchart of the preferred embodiment, the method of data security protection applied by the access unit 200 and read only memory R0M100 composition data security system.

[0100] 所述数据安全保护方法包括: [0100] The data securing method comprising:

[0101] 步骤S410、根据启动命令生成对所述只读存储器ROM执行操作的安全操作代码。 [0101] step S410, the operation start command to generate a security code for performing operations in accordance with the read only memory ROM.

[0102] 步骤S420、将所述安全操作代码发送至访问单元。 [0102] step S420, the operation of the security code is sent to the access unit.

[0103] 步骤S430、接收所述访问单元发送的基于所述安全操作代码的访问请求,并根据所述安全操作代码执行相应的操作。 [0103] step S430, the access unit receiving the transmission of the security operation based on the access request code, and performs a corresponding operation according to the operation code security.

[0104] 在本发明的另一实施例中,所述步骤S410前还可以包括: [0104] In another embodiment of the present invention, before the step S410 may further comprise:

8[0105] 步骤S400、接收所述访问单元发送的启动命令。 8 [0105] step S400, the access unit receiving the start command is sent.

[0106] 其中,所述只读存储器ROM可以为存储BIOS代码的串行外围设备接口只读存取器SPI ROM、LPC (Low Pin Count,少针脚型接口)R0M、PCI (Peripheral Component Interconnect,周边元件扩展接口)ROM或其它类型的只读存储器ROM,本发明实施例优选为SPI ROM。 [0106] wherein said read-only access may be a read only memory ROM is the SPI serial peripheral interface ROM storing BIOS code, LPC (Low Pin Count, low pin Interface) R0M, PCI (Peripheral Component Interconnect, peripheral component Interconnect) a ROM, or other type of read only memory ROM, as examples of preferred embodiments of the present invention SPI ROM.

[0107] 所述访问单元为被中央处理器CPU执行的基本输入输出系统BIOS,因此所述访问单元并不是一个物理存在的组成部分,而是被中央处理器CPU执行的BIOS命令。 The [0107] access units is a basic input output system BIOS executed by the central processing unit CPU, and therefore part of the access unit is not a physical presence, but the BIOS is executed by central processing unit CPU command.

[0108] 存储于ROM中的BIOS代码在开机上电时通过硬件映射到系统存储器330中,并被CPU执行相应的BIOS命令,执行于CPU中的BIOS通过相应命令访问只读存储器R0M,因此本发明中的所述访问单元为被中央处理器CPU执行的基本输入输出系统BIOS。 [0108] stored in the ROM BIOS boot code by mapping the electrical hardware in the system memory 330, and the CPU executes the appropriate BIOS commands executed in the CPU ROM BIOS access R0M by commands, so this the access unit of the present invention is a basic input output system BIOS is executed by the central processing unit CPU.

[0109] 本发明所述技术方案通过代码生成模块生成安全操作代码,访问单元基于所述安全操作代码发送访问请求至只读存储器R0M,而只读存储器ROM拒绝接受其它访问请求, 从而有效的保护了只读存储器ROM的安全,并且不需要设计额外电路,实现简单,减少了成本。 [0109] The technical solutions of the present invention is generated by the code generation module safe operation code, access unit transmits an access request to a read only memory based on the security R0M operation code, read only memory ROM and other rejected access request, so that effective protection a read only memory ROM safety, design and does not require additional circuitry, simple, reducing costs.

[0110] 本领域普通技术人员可以理解,在本发明各方法实施例中,所述各步骤的序号并不能用于限定各步骤的先后顺序,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,对各步骤的先后变化也在本发明的保护范围之内。 [0110] Those of ordinary skill in the art will be appreciated, in the method of the present invention embodiment, the number of steps can not be used to define the order of steps, those of ordinary skill in the art is concerned, in without creative under the premise of labor, each step has a variation within the protection scope of the present invention.

[0111] 以上所述仅为本发明的较佳实施例而已,并不用以限制本发明,凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。 [0111] The foregoing is only preferred embodiments of the present invention but are not intended to limit the present invention, any modifications within the spirit and principle of the present invention, the, equivalent substitutions, improvements should be included in the within the scope of the present invention.

Claims (14)

  1. 1. 一种只读存储器,其特征在于,包括:代码生成模块,用于在启动后生成对所述只读存储器执行操作的安全操作代码; 第一发送模块,用于将所述安全操作代码发送至访问单元;第一接收模块,用于接收所述访问单元发送的基于所述安全操作代码的访问请求,并根据所述安全操作代码执行相应的操作。 A read-only memory, characterized by comprising: code generation means for generating a secure operation code for performing an operation after the start of the read only memory; a first sending module, configured to secure the operation code transmitting to the access unit; a first receiving module, configured to receive access based on the access code, the security operation unit transmits a request, and performs a corresponding operation according to the operation code security.
  2. 2.根据权利要求1所述的只读存储器,其特征在于,还包括:第二接收模块,用于接收所述访问单元发送的启动命令,所述启动命令用于启动所述代码生成模块。 2. The read only memory according to claim 1, characterized in that, further comprising: a second receiving module, configured to receive a start command sent by the access unit, the start command for starting the code generation module.
  3. 3.根据权利要求1或2所述的只读存储器,其特征在于,所述只读存储器为存储基本输入输出系统代码的串行外围设备接口只读存取器。 Read-only memory according to claim 1 or claim 2, wherein said read only memory to store a basic input output system code serial peripheral interface read-only accessor.
  4. 4.根据权利要求3所述的只读存储器,其特征在于,所述访问单元为被中央处理器执行的基本输入输出系统。 4. The read only memory according to claim 3, characterized in that the access unit is a basic input output system central processor is executed.
  5. 5. 一种数据安全保护系统,其特征在于,包括访问单元和只读存储器,其特征在于,所述只读存储器包括:代码生成模块,用于在启动后生成对所述只读存储器执行操作的安全操作代码; 第一发送模块,用于将所述安全操作代码发送至所述访问单元; 第一接收模块,用于接收所述访问单元发送的基于所述安全操作代码的访问请求,并根据所述安全操作代码执行相应的操作。 A data security system comprising access and read only memory unit, wherein said read only memory comprising: code generation means for generating a read-only memory performing the operation after starting safe operation code; a first sending module, configured to send the code to the safe operation of the access unit; a first receiving module, the access request based on the security operation code receiving unit transmits the access, and performs a corresponding operation according to the operation code security.
  6. 6.根据权利要求5所述的数据安全保护系统,其特征在于,所述只读存储器还包括: 第二接收模块,用于接收所述访问单元发送的启动命令,所述启动命令用于启动所述代码生成模块。 6. The data protection system as claimed in claim 5, wherein said read only memory further comprises: a second receiving module, for receiving said access unit start command transmitted, the start command for starting the code generation module.
  7. 7.根据权利要求6所述的数据安全保护系统,其特征在于,所述访问单元包括: 第二发送模块,用于发送所述启动命令至所述只读存储器;第三接收模块,用于接收所述只读存储器发送的所述安全操作代码; 第三发送模块,用于发送基于所述安全操作代码的访问请求至所述只读存储器。 7. A data security system according to claim 6, wherein said access unit comprises: a second sending module, configured to send a start command to the read only memory; a third receiving module, configured to receiving said read-only memory of said secure operation code transmitted; a third sending module, for sending a request to the access to the secure read only memory based on the operation code.
  8. 8.根据权利要求5至7任一项所述的数据安全保护系统,其特征在于,所述只读存储器为存储基本输入输出系统代码的串行外围设备接口只读存取器。 8. The data protection system according to any one of claims 5-7, characterized in that said read only memory to store a basic input output system code serial peripheral interface read-only accessor.
  9. 9.根据权利要求8所述的数据安全保护系统,其特征在于,所述访问单元为被中央处理器执行的基本输入输出系统。 9. The data protection system of claim 8, wherein the access unit is a basic input output system central processor is executed.
  10. 10. 一种数据安全保护方法,应用于由访问单元和只读存储器组成的数据安全保护系统中,其特征在于,包括:根据启动命令生成对所述只读存储器执行操作的安全操作代码; 将所述安全操作代码发送至访问单元;接收所述访问单元发送的基于所述安全操作代码的访问请求,并根据所述安全操作代码执行相应的操作。 10. A method for data protection, data security system is applied to the access unit and read only memory consisting of, characterized by comprising: generating a security operation code for performing an operation start command according to the read-only memory; and the operation code is sent to the security access unit; based on the access code to the safe operation of the access request receiving unit transmits and performs a corresponding operation according to the operation code security.
  11. 11.根据权利要求10所述的数据安全保护方法,其特征在于,所述只读存储器为存储基本输入输出系统代码的串行外围设备接口只读存取器。 11. The data protection method of claim 10, wherein said read only memory to store a basic input output system code serial peripheral interface read-only accessor.
  12. 12.根据权利要求11所述的数据安全保护方法,其特征在于,所述访问单元为被中央处理器执行的基本输入输出系统。 A data security method as claimed in claim 11, wherein the access unit is a basic input output system central processor is executed.
  13. 13. 一种计算机,其特征在于,包括: 中央处理器;北桥芯片,所述北桥芯片与所述中央处理器连接; 系统存储器,所述系统存储器与所述北桥芯片连接; 南桥芯片,所述南桥芯片与所述北桥芯片连接; 只读存储器,所述只读存储器与所述南桥芯片连接; 所述只读存储器包括:代码生成模块,用于在启动后生成对所述只读存储器执行操作的安全操作代码; 第一发送模块,用于将所述安全操作代码发送至访问单元,所述访问单元为被所述中央处理器执行的基本输入输出系统;第一接收模块,用于接收所述访问单元发送的基于所述安全操作代码的访问请求,并根据所述安全操作代码执行相应的操作。 13. A computer, which is characterized in that, comprising: a central processor; Northbridge chip, a north bridge chip is connected to the central processor; a system memory, the system memory is connected to the Northbridge chip; Southbridge, the said South Bridge chip connected to the north bridge chip; read only memory, said read only memory is connected to the south bridge chip; only memory comprising: a code generation module for generating said read-only after the start of security code execution operation of the memory operation; a first sending module, configured to send the code to the safe operation of the access unit, the access unit is a basic input output system is executed by the central processing unit; a first receiving module, with receiving the access unit to transmit the security operation based access request code, and performs a corresponding operation according to the operation code security.
  14. 14.根据权利要求13所述的计算机,其特征在于,所述只读存储器为存储基本输入输出系统代码的串行外围设备接口只读存取器。 14. The computer according to claim 13, wherein said read only memory to store a basic input output system code serial peripheral interface read-only accessor.
CN 201010136598 2010-03-29 2010-03-29 Read-only memory, data safety protection system, data safety protection method and computer CN102207910A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 201010136598 CN102207910A (en) 2010-03-29 2010-03-29 Read-only memory, data safety protection system, data safety protection method and computer

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 201010136598 CN102207910A (en) 2010-03-29 2010-03-29 Read-only memory, data safety protection system, data safety protection method and computer

Publications (1)

Publication Number Publication Date
CN102207910A true true CN102207910A (en) 2011-10-05

Family

ID=44696752

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 201010136598 CN102207910A (en) 2010-03-29 2010-03-29 Read-only memory, data safety protection system, data safety protection method and computer

Country Status (1)

Country Link
CN (1) CN102207910A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106022021A (en) * 2016-05-20 2016-10-12 合肥联宝信息技术有限公司 Electronic device and method for locking hardware thereof

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020144113A1 (en) * 2001-03-27 2002-10-03 Micron Technology, Inc. Flash device security method utilizing a check register
US20020174342A1 (en) * 2001-05-15 2002-11-21 International Business Machines Corporation Method and system for setting a secure computer environment
CN1417688A (en) * 2001-11-05 2003-05-14 中国科学院计算技术研究所 Method of implanting safety function module to key space of computer memory
US20030162527A1 (en) * 2000-02-03 2003-08-28 Claus Dorenbeck System for securing data on a data carrier
CN1591362A (en) * 2003-08-25 2005-03-09 联想(北京)有限公司 Safety chip information processing apparatus and starting method based on chip
US20060288180A1 (en) * 2005-06-15 2006-12-21 Inventec Corporation Programmable memory write protection method and system
CN1896970A (en) * 2005-07-11 2007-01-17 国际商业机器公司 System and method for securing data within a storage system
CN1997974A (en) * 2004-04-30 2007-07-11 捷讯研究有限公司 Content protection ticket system and method
CN101622594A (en) * 2006-12-06 2010-01-06 弗森多系统公司(dba弗森-艾奥) Apparatus, system, and method for managing data in a storagedevice with an empty data token directive

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030162527A1 (en) * 2000-02-03 2003-08-28 Claus Dorenbeck System for securing data on a data carrier
US20020144113A1 (en) * 2001-03-27 2002-10-03 Micron Technology, Inc. Flash device security method utilizing a check register
US20020174342A1 (en) * 2001-05-15 2002-11-21 International Business Machines Corporation Method and system for setting a secure computer environment
CN1417688A (en) * 2001-11-05 2003-05-14 中国科学院计算技术研究所 Method of implanting safety function module to key space of computer memory
CN1591362A (en) * 2003-08-25 2005-03-09 联想(北京)有限公司 Safety chip information processing apparatus and starting method based on chip
CN1997974A (en) * 2004-04-30 2007-07-11 捷讯研究有限公司 Content protection ticket system and method
US20060288180A1 (en) * 2005-06-15 2006-12-21 Inventec Corporation Programmable memory write protection method and system
CN1896970A (en) * 2005-07-11 2007-01-17 国际商业机器公司 System and method for securing data within a storage system
CN101622594A (en) * 2006-12-06 2010-01-06 弗森多系统公司(dba弗森-艾奥) Apparatus, system, and method for managing data in a storagedevice with an empty data token directive

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106022021A (en) * 2016-05-20 2016-10-12 合肥联宝信息技术有限公司 Electronic device and method for locking hardware thereof

Similar Documents

Publication Publication Date Title
US6199167B1 (en) Computer architecture with password-checking bus bridge
US20060020781A1 (en) Method and apparatus for providing secure virtualization of a trusted platform module
US20120036347A1 (en) Providing fast non-volatile storage in a secure environment
US20090049510A1 (en) Securing stored content for trusted hosts and safe computing environments
US20030018892A1 (en) Computer with a modified north bridge, security engine and smart card having a secure boot capability and method for secure booting a computer
US20130031374A1 (en) Firmware-based trusted platform module for arm processor architectures and trustzone security extensions
US20060224878A1 (en) System and method for trusted early boot flow
US20110107423A1 (en) Providing authenticated anti-virus agents a direct access to scan memory
US20060212939A1 (en) Virtualization of software configuration registers of the TPM cryptographic processor
US20060112267A1 (en) Trusted platform storage controller
US7962738B2 (en) Hypervisor runtime integrity support
US7624283B2 (en) Protocol for trusted platform module recovery through context checkpointing
US20100202617A1 (en) System and Method for Recovery Key Management
US20130318577A1 (en) Trusted application migration across computer nodes
US20090172806A1 (en) Security management in multi-node, multi-processor platforms
US20110289306A1 (en) Method and apparatus for secure scan of data storage device from remote server
CN101183413A (en) Architecture of trusted platform module and method for providing service thereof
US20120117348A1 (en) Techniques for security management provisioning at a data storage device
US8522018B2 (en) Method and system for implementing a mobile trusted platform module
JP2006501581A (en) Encapsulation of high platform module functional reliability by server management coprocessor subsystem internal tcpa
CN1869999A (en) Protection method and device for opening computer
CN1591362A (en) Safety chip information processing apparatus and starting method based on chip
US8549288B2 (en) Dynamic creation and hierarchical organization of trusted platform modules
US20140047229A1 (en) Using a trusted platform module for boot policy and secure firmware
CN103514414A (en) Encryption method and encryption system based on ARM TrustZone

Legal Events

Date Code Title Description
C06 Publication
C10 Entry into substantive examination
C12 Rejection of a patent application after its publication