CN105160255A - Trustworthy measurement apparatus and method - Google Patents
Trustworthy measurement apparatus and method Download PDFInfo
- Publication number
- CN105160255A CN105160255A CN201510479038.6A CN201510479038A CN105160255A CN 105160255 A CN105160255 A CN 105160255A CN 201510479038 A CN201510479038 A CN 201510479038A CN 105160255 A CN105160255 A CN 105160255A
- Authority
- CN
- China
- Prior art keywords
- control unit
- management control
- code
- biosbootblock
- safety management
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/572—Secure firmware programming, e.g. of basic input output system [BIOS]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/034—Test or assess a computer or a system
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a trustworthy measurement apparatus and method. The apparatus comprises a security management control unit and a trusted chip, wherein the security management control unit is connected with the trusted chip as well as a complex programmable logic device (CPLD) and a basic input output system flash read only memory (BIOS Flash ROM) on an external mainboard, and is used for sending a first power-on time sequence control instruction to the CPLD for preventing a CPU from being powered on after a trustworthy server is powered on, reading a BIOS Boot Block code in the BIOS Flash ROM, measuring the BIOS Boot Block code, sending a measurement result to the trusted chip, receiving a judgment result of the trusted chip and sending a corresponding second power-on time sequence control instruction to the CPLD; and the trusted chip is used for receiving the measurement result sent by the security management control unit, judging whether the BIOS Boot Block code is tampered, and sending the judgment result to the security management control unit. According to the scheme, the security of the trustworthy server can be improved.
Description
Technical field
The present invention relates to computer safety field, particularly the credible tolerance device and method of one.
Background technology
Trusted servers is a kind of in order to provide safe and reliable calculation services to user, by building from hardware to software, trust chain from bottom to top layer and the server set up, trusting relationship can be expanded to whole computer platform by trust chain, the basis that it is based upon trusted root is, only guaranteed trusted root is credible, other aspects of guarantee credible.Trust chain can obtain various data affecting platform credible by credible tolerance mechanism, and by these data and anticipatory data are compared, judge the credibility of platform, thus ensure that the safety of credible platform is with reliable, guarantee that the business of user is run in the environment of safety, avoid the execution of customer service to be destroyed or significant data is stolen.
At present, the construction method of chain-of-trust, mainly by the trust chain constructing mechanism of passive tolerance, builds the chain-of-trust of trusted service applicator platform.
The trust chain constructing mechanism of passive tolerance, by passive measure, be characterized in that credible chip is passive calling, the code be performed by first paragraph in BIOS is as credible tolerance root core (CRTM), credible chip is passive to be called, by credible tolerance root core, trusting relationship is expanded to other aspects, wherein credible tolerance root core leaves in BIOSFlashROM, and BIOSFlashROM is flash memory device, there is erasable property, thus credible tolerance root is endorsed and can be tampered, if credible tolerance root core is tampered, that whole server is all in incredible state, therefore, by this confidence level metering method, the security of trusted servers is lower.
Summary of the invention
The invention provides a kind of credible tolerance device and method, the security of trusted servers can be improved.
Embodiments provide a kind of credible measurement apparatus, comprising: safety management control unit and credible chip;
Described safety management control unit, be connected with Basic Input or Output System (BIOS) flash memory BIOSFlashROM with the complex programmable logic device (CPLD) in described credible chip and outside mainboard respectively, for after trusted servers powers on, sending the first electrifying timing sequence steering order to described CPLD stops for CPU powers on, read the mainboard bootstrap block BIOSBootBlock code in described BIOSFlashROM, described BIOSBootBlock code is measured, and measurement results is sent to described credible chip, after receiving the judged result of described credible chip, the second corresponding electrifying timing sequence steering order is sent to described CPLD according to described judged result,
Described credible chip, after receiving measurement results that described safety management control unit sends, judges whether described BIOSBootBlock code is tampered, and this judged result is sent to described safety management control unit.
Preferably, described safety management control unit is arranged in the baseboard management controller BMC on described trusted servers mainboard.
Preferably, described safety management control unit is connected by spi bus with described BIOSFlashROM.
Preferably, described safety management control unit is connected by I2C bus or lpc bus with described credible chip.
Preferably, described safety management control unit is connected by I2C bus with described CPLD.
Preferably, described credible chip comprises: programmed control temporary storage location, NV storage unit, comparing unit, wherein,
Described programmed control temporary storage location, for temporary described measurement results;
Described NV storage unit, preserves the reference value of BIOSBootBlock code in its space;
Described comparing unit, for the reference value of measurement results temporary in described programmed control temporary storage location with the BIOSBootBlock code be stored in described NV storage unit is compared, if identical, then determine that BIOSBootBlock code is not tampered, if different, then determine that BIOSBootBlock code is tampered.
Preferably, described safety management control unit, for the judged result according to described credible chip, if BIOSBootBlock code is not tampered, the instruction allowing for described CPU and power on is sent to described CPLD, if BIOSBootBlock code is tampered, send the instruction not allowing for described CPU and power on to described CPLD.
The embodiment of the present invention additionally provides a kind of confidence level metering method, comprising:
Safety management control unit sends the first electrifying timing sequence steering order to CPLD, stops for CPU powers on;
Described safety management control unit reads the BIOSBootBlock code in BIOSFlashROM;
Described safety management control unit is measured described BIOSBootBlock code, obtains measurement results;
According to described measurement results, credible chip judges whether described BIOSBootBlock code is tampered;
Described safety management control unit, according to judged result, sends the second corresponding electrifying timing sequence steering order to described CPLD.
Preferably, described safety management control unit sends the first electrifying timing sequence steering order to CPLD and comprises: described safety management control unit sends to described CPLD by described first with electrifying timing sequence steering order by I2C bus.
Preferably, the BIOSBootBlock code that described safety management control unit reads in BIOSFlashROM comprises: described safety management control power supply, by spi bus, reads BIOSBootBlock code from BIOSFlashROM.
Preferably, described measurement results is sent to described credible chip by I2C bus or lpc bus by described safety management control unit.
Preferably, described judged result is sent to described credible chip by I2C bus or lpc bus by described credible chip.
Preferably, according to described measurement results, described credible chip judges whether described BIOSBootBlock code is tampered and comprises:
Inner in described credible chip, described measurement results is temporary in programmed control temporary storage location, the reference value of measurement results temporary in described programmed control temporary storage location with the BIOSBootBlock code be stored in NV storage unit compares by comparing unit, if identical, then judge that BIOSBootBlock code is not tampered, if different, then judge that BIOSBootBlock code is tampered.
Preferably, the described second electrifying timing sequence steering order corresponding to described CPLD transmission comprises:
Be not tampered if described judged result is BIOSBootBlock code, then send the instruction allowing for described CPU and power on to described CPLD;
Be tampered if described judged result is BIOSBootBlock code, then send the instruction not allowing for described CPU and power on to described CPLD.
The embodiment of the present invention is supplied to a kind of credible tolerance device and method, this device comprises safety management control unit and credible chip, the CPLD of safety management control unit externally on mainboard sends instruction, stop for CPU powers on, then the BIOSBootBlock code in BIOSFlashROM is read, and this code is measured, measurement results is sent to credible chip, after credible chip judges whether this code is tampered, judged result is sent to safety management control unit, safety management control unit sends corresponding electrifying timing sequence steering order according to judged result to CPLD, control CPU powers on, this device with safety management control unit for trusted root, trusted root core is stored in safety management control unit, safety management control unit has the attribute of safety chip, the trusted root core to being stored therein is not allowed to modify, ensure that the safety of trusted root core, and then trusted relationships is expanded to whole trusted servers, thus the security of trusted servers can be improved.
Accompanying drawing explanation
Fig. 1 is the credible measurement apparatus schematic diagram of one that the embodiment of the present invention provides;
Fig. 2 is a kind of confidence level metering method process flow diagram that the embodiment of the present invention provides;
Fig. 3 is the credible measurement apparatus schematic diagram of one that another embodiment of the present invention provides;
Fig. 4 is a kind of confidence level metering method process flow diagram that another embodiment of the present invention provides.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described.Obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
As shown in Figure 1, one embodiment of the invention provides a kind of credible measurement apparatus, comprising: safety management control unit 101 and credible chip 102;
Described safety management control unit 101, be connected with Basic Input or Output System (BIOS) flash memory BIOSFlashROM103 with the complex programmable logic device (CPLD) 104 on described credible chip 102 and outside mainboard respectively, for after trusted servers powers on, sending the first electrifying timing sequence steering order to described CPLD104 stops for CPU powers on, read the mainboard bootstrap block BIOSBootBlock code in described BIOSFlashROM103, described BIOSBootBlock code is measured, and measurement results is sent to described credible chip 102, after receiving the judged result of described credible chip 102, the second corresponding electrifying timing sequence steering order is sent to described CPLD104 according to described judged result,
Described credible chip 102, after receiving measurement results that described safety management control unit 101 sends, judges whether described BIOSBootBlock code is tampered, and this judged result is sent to described safety management control unit 101.
By credible measurement apparatus provided by the invention, comprise safety management control unit and credible chip, the CPLD of safety management control unit externally on mainboard sends instruction, stop for CPU powers on, then the BIOSBootBlock code in BIOSFlashROM is read, and this code is measured, measurement results is sent to credible chip, after credible chip judges whether this code is tampered, judged result is sent to safety management control unit, safety management control unit sends corresponding electrifying timing sequence steering order according to judged result to CPLD, control CPU powers on, this device with safety management control unit for trusted root, trusted root core is stored in safety management control unit, safety management control unit has the attribute of safety chip, the trusted root core to being stored therein is not allowed to modify, ensure that the safety of trusted root core, and then trusted relationships is expanded to whole trusted servers, thus the security of trusted servers can be improved.
In an embodiment of the invention, safety management control unit is arranged in the baseboard management controller BMC on trusted servers mainboard, by transforming the BMC on mainboard, add corresponding credible chip wherein and drive code, credible chip starts, self-inspection, metric extension, read the power functions such as NV storage unit, and it is connected with CPLD and BIOSFlashROM, namely can be used as confidence level amount root and carry out credible tolerance, by this method, current BMC is the standard configuration element of trusted servers mainboard, only need to carry out little transformation to mainboard, this credible measurement apparatus can be obtained, therefore, be easier to promote the use of.
In an embodiment of the invention, safety management control unit is connected with BIOSFlashROM by spi bus, for reading the BIOSBootBlock code in BIOSFlashROM, due to spi bus, to take chip pin quantity few, conserve space, can the realization of convenient and safe management control unit.
In an embodiment of the invention, safety management control unit is connected with credible chip by I2C bus or lpc bus, for the judged result of transmission metric result and correspondence, because transmission speed is fast, device package form is little, be convenient to the layout to safety management control unit and credible chip, reduce the index word to mainboard.
In an embodiment of the invention, safety management control unit is connected with CPLD by I2C bus, for sending electrifying timing sequence steering order, I2C interface line is few, control simple, communication efficiency is high, contributes to the realization of business, the less transformation amount to trusted servers mainboard, is convenient to the popularization of this device.
In an embodiment of the invention, credible chip comprises programmed control temporary storage location, NV storage unit and comparing unit further, the reference value of BIOSBootBlock code is store in NV storage unit, after measurement results is sent to credible chip by safety management control unit, this measurement results is stored in programmed control temporary storage location, the reference value stored in measurement results in programmed control temporary storage location and NV storage unit compares by comparing unit, thus judge whether BIOSBootBlock code is tampered, ensure the accuracy judged.
In an embodiment of the invention, safety management control unit is according to the judged result of credible chip, if BIOSBootBlock code is not tampered, safety management control unit sends the steering order allowing for CPU and power on to CPLD, subsequent metric process is continued after CPU powers on, until the foundation of credible calculating platform completes, if BIOSBootBlock code is tampered, safety management control unit sends the steering order not allowing for CPU and power on to CPLD, stop for CPU powers on, thus avoid trusted servers to be subject to further destruction.
As shown in Figure 2, one embodiment of the invention provides a kind of confidence level metering method, comprising:
Step 201: safety management control unit sends the first electrifying timing sequence steering order to CPLD, stops for CPU powers on;
Step 202: described safety management control unit reads the BIOSBootBlock code in BIOSFlashROM;
Step 203: described safety management control unit is measured described BIOSBootBlock code, obtains measurement results;
Step 204: according to described measurement results, credible chip judges whether described BIOSBootBlock code is tampered;
Step 205: described safety management control unit, according to judged result, sends the second corresponding electrifying timing sequence steering order to described CPLD.
In an embodiment of the invention, after powering on for trusted servers, first for safety management control unit powers on, by I2C bus after safety management control unit powers on, the first electrifying timing sequence steering order is sent to CPLD, stop for CPU powers on, thus realize measuring BIOSBootBlock code before PCU starts, ensure its security.
In an embodiment of the invention, after stoping CPU to power on, safety management control unit reads BIOSBootBlock code by spi bus from BIOSFlashROM, measures further to this code, guarantees the security of this code.
In an embodiment of the invention, after safety management control unit is measured BIOSBootBlock code, measurement results is sent to credible chip by I2C bus or lpc bus, credible chip judges measurement results, and judged result is sent to safety management control unit by I2C bus or lpc bus.
In an embodiment of the invention, after measurement results is sent to credible chip by safety management control unit, inner in credible chip, this measurement results is stored in programmed control temporary storage location, comparing unit, by the reference value of this measurement results with the BIOSBootBlock code be stored in NV storage unit being compared, if measurement results is identical with reference value, then determines that BIOSBootBlock code is not tampered, if different, then determine that BIOSBootBlock code is tampered.
In an embodiment of the invention, safety management control unit is according to the judged result of credible chip, be not tampered if judged result is BIOSBootBlock code, the instruction allowing for CPU and power on then is sent to CPLD, the CPU laggard row that powers on further is measured, and is tampered if judged result is BIOSBootBlock code, then send the instruction not allowing for CPU and power on to CPLD, stop the startup of CPU, avoid trusted servers to be damaged further.
For making the object, technical solutions and advantages of the present invention clearly, below in conjunction with drawings and the specific embodiments, the present invention is described in further detail.
As shown in Figure 3, one embodiment of the invention provides a kind of credible measurement apparatus 300, comprising: safety management control unit 3001 and credible chip 3002;
Credible measurement apparatus 300 is arranged on mainboard 30, safety management control unit 3001 is connected respectively at CPLD301 with BIOSFlashROM303 on mainboard 30, and be connected with credible chip 3002, CPLD301 and PSU power supply 31 is connected, and PSU power supply 31 is connected with the CPU302 on mainboard 30.
After trusted servers powers on, first power for safety management control unit 3001, safety management control unit 3001 sends electrifying timing sequence steering order to CPLD301, CPLD301 is according to the electrifying timing sequence steering order received, control PSU power supply 31 is not for CPU302 powers on, safety management control unit 3001 reads BIOSBootBlock code from BIOSFlashROM303 afterwards, and code is measured, measurement results is sent to credible chip 3002, after credible chip 3002 receives measurement results, judge whether BIOSBootBlock code is tampered, and judgement structure is sent to safety management control unit 3001, safety management control unit 3001 is according to the judged result of credible chip 3002, corresponding electrifying timing sequence steering order is sent to CPLD301, CPLD301 is according to the electrifying timing sequence steering order received, whether control PSU power supply 31 is that CPU302 powers on.
Below in conjunction with the credible measurement apparatus shown in Fig. 3, be described in detail confidence level metering method, as shown in Figure 4, its concrete steps comprise:
Step 401: trusted servers powers on, safety management control unit starting, and carry out initialization.
In an embodiment of the invention, after trusted servers energising, first for safety management control unit powers on, safety management control unit completes self initialization.
Step 402: safety management control unit sends self-inspection startup command to credible chip, and credible chip carries out initialization.
In an embodiment of the invention, after the initialization of safety management control unit, send self-inspection startup command, after credible chip receives this order by I2C bus or lpc bus to credible chip, self-inspection and startup are carried out to self, and completes the initialization of self.Such as, as shown in Figure 3, safety management control unit 3001 longitudinally sends self-inspection startup command to credible chip 3002 by I2C, carries out self-inspection and startup, and complete initialization process after credible chip 3002 receives orders.
Step 403: safety management control unit sends electrifying timing sequence steering order to CPLD, CPLD stops for CPU powers on according to this steering order.
Safety management control unit sends to CPLD by I2C bus by stoping the electrifying timing sequence steering order of powering for CPU, and CPLD, according to instruction, stops for CPU powers on.Such as, as shown in Figure 3, safety management control unit 3001 sends electrifying timing sequence steering order by I2C bus to CPLD301, and after CPLD301 receives this electrifying timing sequence steering order, control PSU power supply 31 is not for CPU302 powers.
Step 404: safety management control unit reads the BIOSBootBlock code in BIOSFlashROM.
In an embodiment of the invention, stop for after CPU powers on, safety management control unit reads the BIOSBootBlock code being arranged in BIOSFlashROM by spi bus.Such as, as shown in Figure 3, safety management control unit 3001 is connected with BIOSFlashROM303 by spi bus, reads the BIOSBootBlock code being arranged in BIOSFlashROM303.
Step 405: safety management control unit is measured the BIOSBootBlock code read, and measurement results is sent to credible chip.
In an embodiment of the invention, after safety management control unit reads BIOSBootBlock code, by hash algorithm, Hash calculation is carried out to BIOSBootBlock code, obtain result of calculation and be measurement results, and this measurement results is sent to credible chip by I2C bus or lpc bus.Such as, as shown in Figure 3, after safety management control unit 3001 reads the BIOSBootBlock code being arranged in BIOSFlashROM303, safety management control unit 3001 carries out Hash calculation by hash algorithm to BIOSBootBlock code, obtain corresponding calculating to dismiss, this result of calculation is measurement results, by I2C bus or lpc bus, this measurement results is sent to credible chip 3002.
Step 406: according to measurement results, credible chip judges whether BIOSBootBlock code is tampered, if not, performs step 407, otherwise performs step 409.
In an embodiment of the invention, credible chip comprises programmed control temporary storage location further, NV storage unit and comparing unit, after credible chip receives measurement results, this measurement results is temporary in programmed control temporary storage location, the reference value that BIOSBootBlock code is corresponding is stored in NV storage unit, comparing unit is arranged in the tolerance of programmed control temporary storage location by contrast and is arranged in NV storage unit space reference value, judge whether BIOSBootBlock code is tampered, if measurement results is identical with reference value, then be judged as NO, further execution step 407, if measurement results and reference value are not identical, then be judged as YES, perform step 409.
Step 407: judged result is sent to safety management control unit, safety management control unit sends the electrifying timing sequence steering order of powering to CPU to CPLD.
In an embodiment of the invention, when judging that BIOSBootBlock code is not tampered, safety management control unit sends an electrifying timing sequence steering order powered on for CPU to CPLD.Such as, as shown in Figure 3, after credible chip 3002 judges that BIOSBootBlock code is not tampered, judged result is sent to safety management control unit 3001 by I2C bus, and safety management control unit 3001 sends an electrifying timing sequence steering order of carrying out powering for CPU302 to CPLD301.
Step 408:CPLD powers to CPU according to electrifying timing sequence steering order control PSU power supply, and terminates current process.
In an embodiment of the invention, when after the electrifying timing sequence steering order powered on for CPU that CPLD receives that safety management control elements method send, CPLD control PSU power supply, powers on to CPU.Such as, as shown in Figure 3, CPLD301 receive that safety management control unit 3001 sends for after CPU302 carries out the electrifying timing sequence steering order of powering, CPLD301 control PSU power supply 31 is powered for CPU, thus further measures and other operate.
Step 409: judged result is sent to safety management control unit, safety management control unit sends the electrifying timing sequence steering order of forbidding powering to CPU to CPLD.
In an embodiment of the invention, after credible chip judges that BIOSBootBlock code is tampered, safety management control unit sends the electrifying timing sequence steering order of forbidding powering to CPU to CPLD according to judged result.
Step 410:CPLD does not power to CPU according to electrifying timing sequence steering order control PSU power supply.
In an embodiment of the invention, CPLD receive that safety management control unit sends forbidden the electrifying timing sequence steering order powered on for CPU after, CPLD control PSU power supply, not for CPU powers, needs to keep in repair trusted servers further.
According to such scheme, a kind of confidence level metering method that embodiments of the invention provide and device, at least have following beneficial effect:
1, in the embodiment of the present invention, credible measurement apparatus comprises safety management control unit and credible chip, the CPLD of safety management control unit externally on mainboard sends instruction, stop for CPU powers on, then the BIOSBootBlock code in BIOSFlashROM is read, and this code is measured, measurement results is sent to credible chip, after credible chip judges whether this code is tampered, judged result is sent to safety management control unit, safety management control unit sends corresponding electrifying timing sequence steering order according to judged result to CPLD, control CPU powers on, this device with safety management control unit for trusted root, trusted root core is stored in safety management control unit, safety management control unit has the attribute of safety chip, the trusted root core to being stored therein is not allowed to modify, ensure that the safety of trusted root core, and then trusted relationships is expanded to whole trusted servers, thus the security of trusted servers can be improved.
2, in the embodiment of the present invention, safety management control unit is arranged in baseboard management controller BMC, transformed by BMC and form, increase and support that credible chip drives code, credible chip startup, self-inspection, metric extension, reads the power functions such as NV space, and be connected with CPLD with BIOSFlashROM on mainboard, due to the standard configuration that BMC is mainboard, by being transformed into the method for safety management control unit by BMC, the change to mainboard can be reduced, the stability of mainboard can be improved on the one hand, also more easily promote on the other hand.
3, in the embodiment of the present invention, the electrifying timing sequence for CPU is controlled by CPLD, before CPU powers on, BIOSBootBlock code is measured, guarantee that it is safe, control to power for CPU by CPLD again when not distorting, trusted servers normally starts, avoid in prior art and there is server when trusted root core is tampered and still start, the situation causing server to be destroyed further occurs.
4, in embodiments of the present invention, safety management control unit is connected with BIOSFlashROM respectively by PSI bus, be connected with credible chip by I2C bus or lpc bus, be connected with CPLD by I2C bus, based on the characteristic of these buses, because packing forms is little, data transmission is fast, the change to mainboard can be reduced further, improve its Generalization Ability.
It should be noted that, in this article, the relational terms of such as first and second and so on is only used for an entity or operation to separate with another entity or operational zone, and not necessarily requires or imply the relation that there is any this reality between these entities or operation or sequentially.And, term " comprises ", " comprising " or its any other variant are intended to contain comprising of nonexcludability, thus make to comprise the process of a series of key element, method, article or equipment and not only comprise those key elements, but also comprise other key elements clearly do not listed, or also comprise by the intrinsic key element of this process, method, article or equipment.When not more restrictions, the key element " being comprised a 〃 〃 〃 〃 〃 〃 " limited by statement, and be not precluded within process, method, article or the equipment comprising described key element and also there is other same factor.
One of ordinary skill in the art will appreciate that: all or part of step realizing said method embodiment can have been come by the hardware that programmed instruction is relevant, aforesaid program can be stored in the storage medium of embodied on computer readable, this program, when performing, performs the step comprising said method embodiment; And aforesaid storage medium comprises: ROM, RAM, magnetic disc or CD etc. various can be program code stored medium in.
Finally it should be noted that: the foregoing is only preferred embodiment of the present invention, only for illustration of technical scheme of the present invention, be not intended to limit protection scope of the present invention.All any amendments done within the spirit and principles in the present invention, equivalent replacement, improvement etc., be all included in protection scope of the present invention.
Claims (10)
1. a credible measurement apparatus, is characterized in that, comprising: safety management control unit and credible chip;
Described safety management control unit, be connected with Basic Input or Output System (BIOS) flash memory BIOSFlashROM with the complex programmable logic device (CPLD) in described credible chip and outside mainboard respectively, for after trusted servers powers on, sending the first electrifying timing sequence steering order to described CPLD stops for CPU powers on, read the mainboard bootstrap block BIOSBootBlock code in described BIOSFlashROM, described BIOSBootBlock code is measured, and measurement results is sent to described credible chip, after receiving the judged result of described credible chip, the second corresponding electrifying timing sequence steering order is sent to described CPLD according to described judged result,
Described credible chip, after receiving measurement results that described safety management control unit sends, judges whether described BIOSBootBlock code is tampered, and this judged result is sent to described safety management control unit.
2. device according to claim 1, is characterized in that,
Described safety management control unit is arranged in the baseboard management controller BMC on described trusted servers mainboard.
3. device according to claim 1, is characterized in that,
Described safety management control unit is connected by spi bus with described BIOSFlashROM;
And/or,
Described safety management control unit is connected by I2C bus or lpc bus with described credible chip;
And/or,
Described safety management control unit is connected by I2C bus with described CPLD.
4. device according to claim 1, is characterized in that, described credible chip comprises: programmed control temporary storage location, NV storage unit, comparing unit, wherein,
Described programmed control temporary storage location, for temporary described measurement results;
Described NV storage unit, preserves the reference value of BIOSBootBlock code in its space;
Described comparing unit, for the reference value of measurement results temporary in described programmed control temporary storage location with the BIOSBootBlock code be stored in described NV storage unit is compared, if identical, then determine that BIOSBootBlock code is not tampered, if different, then determine that BIOSBootBlock code is tampered.
5., according to described device arbitrary in Claims 1-4, it is characterized in that,
Described safety management control unit, for the judged result according to described credible chip, if BIOSBootBlock code is not tampered, the instruction allowing for described CPU and power on is sent to described CPLD, if BIOSBootBlock code is tampered, send the instruction not allowing for described CPU and power on to described CPLD.
6. a confidence level metering method, is characterized in that, comprising:
Safety management control unit sends the first electrifying timing sequence steering order to CPLD, stops for CPU powers on;
Described safety management control unit reads the BIOSBootBlock code in BIOSFlashROM;
Described safety management control unit is measured described BIOSBootBlock code, obtains measurement results;
According to described measurement results, credible chip judges whether described BIOSBootBlock code is tampered;
Described safety management control unit, according to judged result, sends the second corresponding electrifying timing sequence steering order to described CPLD.
7. method according to claim 6, is characterized in that,
Described safety management control unit sends the first electrifying timing sequence steering order to CPLD and comprises: described safety management control unit sends to described CPLD by described first with electrifying timing sequence steering order by I2C bus;
And/or,
The BIOSBootBlock code that described safety management control unit reads in BIOSFlashROM comprises: described safety management control power supply, by spi bus, reads BIOSBootBlock code from BIOSFlashROM.
8. method according to claim 6, is characterized in that, comprises further:
Described measurement results is sent to described credible chip by I2C bus or lpc bus by described safety management control unit;
And/or,
Described judged result is sent to described credible chip by I2C bus or lpc bus by described credible chip.
9. method according to claim 6, is characterized in that, according to described measurement results, described credible chip judges whether described BIOSBootBlock code is tampered and comprises:
Inner in described credible chip, described measurement results is temporary in programmed control temporary storage location, the reference value of measurement results temporary in described programmed control temporary storage location with the BIOSBootBlock code be stored in NV storage unit compares by comparing unit, if identical, then judge that BIOSBootBlock code is not tampered, if different, then judge that BIOSBootBlock code is tampered.
10. according to described method arbitrary in claim 6 to 9, it is characterized in that, the described second electrifying timing sequence steering order corresponding to described CPLD transmission comprises:
Be not tampered if described judged result is BIOSBootBlock code, then send the instruction allowing for described CPU and power on to described CPLD;
Be tampered if described judged result is BIOSBootBlock code, then send the instruction not allowing for described CPU and power on to described CPLD.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510479038.6A CN105160255A (en) | 2015-08-06 | 2015-08-06 | Trustworthy measurement apparatus and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510479038.6A CN105160255A (en) | 2015-08-06 | 2015-08-06 | Trustworthy measurement apparatus and method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105160255A true CN105160255A (en) | 2015-12-16 |
Family
ID=54801107
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510479038.6A Pending CN105160255A (en) | 2015-08-06 | 2015-08-06 | Trustworthy measurement apparatus and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105160255A (en) |
Cited By (25)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105718806A (en) * | 2016-01-26 | 2016-06-29 | 浪潮电子信息产业股份有限公司 | Method for achieving trusted active measurement based on domestic BMC and TPM2.0 |
| CN105740710A (en) * | 2016-02-01 | 2016-07-06 | 浪潮电子信息产业股份有限公司 | Method for implementing BIOS dynamic measurement based on BMC |
| CN105892611A (en) * | 2016-04-01 | 2016-08-24 | 浪潮电子信息产业股份有限公司 | CPU power-on time sequence control method, device and system |
| CN106022137A (en) * | 2016-05-10 | 2016-10-12 | 北京新云东方系统科技有限责任公司 | Implementation method and system for controlling POWER platform to be trusted by TPCM (Trusted Platform Control Module) |
| CN106384052A (en) * | 2016-08-26 | 2017-02-08 | 浪潮电子信息产业股份有限公司 | BMC U-boot trusted starting control method |
| CN106407816A (en) * | 2016-11-15 | 2017-02-15 | 华胜信泰信息产业发展有限公司 | Trusted measurement system, method and device based on BMC platform |
| CN106484578A (en) * | 2016-10-14 | 2017-03-08 | 苏州国芯科技有限公司 | A kind of check system based on trusted computer hardware |
| CN106557700A (en) * | 2016-11-24 | 2017-04-05 | 苏州国芯科技有限公司 | A kind of gauging system and method for trusted computer |
| CN106874771A (en) * | 2017-02-16 | 2017-06-20 | 浪潮(北京)电子信息产业有限公司 | A kind of method and device for building reliable hardware trust chain |
| CN107025406A (en) * | 2016-02-01 | 2017-08-08 | 广达电脑股份有限公司 | Motherboard, computer readable storage means and firmware validation method |
| CN107437039A (en) * | 2016-05-27 | 2017-12-05 | 华大半导体有限公司 | Credible platform control module and its operation method based on ATX power supplys |
| CN107885998A (en) * | 2017-11-03 | 2018-04-06 | 山东超越数控电子股份有限公司 | A kind of server master board encryption system |
| CN109446813A (en) * | 2018-08-20 | 2019-03-08 | 天津七所精密机电技术有限公司 | A kind of mainboard BIOS is anti-tamper and automatic recovery method |
| CN109508263A (en) * | 2017-09-14 | 2019-03-22 | 佛山市顺德区顺达电脑厂有限公司 | Server system and its detection method |
| CN109670349A (en) * | 2018-12-13 | 2019-04-23 | 英业达科技有限公司 | The hardware structure of trusted computer and the credible starting method of computer |
| CN109743319A (en) * | 2019-01-03 | 2019-05-10 | 北京工业大学 | A kind of credible starting of network type private server and method for safe operation |
| CN110163012A (en) * | 2019-05-30 | 2019-08-23 | 苏州浪潮智能科技有限公司 | Mainboard powering method, apparatus and system based on programming device |
| CN110472421A (en) * | 2019-07-22 | 2019-11-19 | 深圳中电长城信息安全系统有限公司 | Mainboard, firmware safety detection method and terminal device |
| CN110659498A (en) * | 2018-06-29 | 2020-01-07 | 国民技术股份有限公司 | Trusted computing measurement method, system thereof and computer readable storage medium |
| CN111796780A (en) * | 2020-06-23 | 2020-10-20 | 天津光电通信技术有限公司 | Credible judgment method and system for passive measurement of printer |
| WO2021052191A1 (en) * | 2019-09-19 | 2021-03-25 | 华为技术有限公司 | Computer starting method, controller, storage medium and system |
| CN112702182A (en) * | 2019-10-22 | 2021-04-23 | 中国移动通信有限公司研究院 | Trusted management method, device, system, equipment and storage medium |
| CN113051000A (en) * | 2021-03-30 | 2021-06-29 | 北京计算机技术及应用研究所 | Firmware starting and recovering method based on domestic Feiteng CPU |
| CN113625854A (en) * | 2021-06-28 | 2021-11-09 | 苏州浪潮智能科技有限公司 | Mainboard power-on control system, method and device and readable storage medium |
| WO2022143429A1 (en) * | 2020-12-29 | 2022-07-07 | 华为技术有限公司 | Computer system, trusted functional assembly, and operation method |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1723425A (en) * | 2002-10-09 | 2006-01-18 | 英特尔公司 | Encapsulation of a TCPA trusted platform module functionality within a server management coprocessor subsystem |
| CN101281577A (en) * | 2008-05-16 | 2008-10-08 | 北京工业大学 | Dependable computing system capable of protecting BIOS and method of use thereof |
| US20090172639A1 (en) * | 2007-12-27 | 2009-07-02 | Mahesh Natu | Firmware integrity verification |
| CN103366113A (en) * | 2012-03-29 | 2013-10-23 | 思科技术公司 | System and method for trusted platform attestation |
-
2015
- 2015-08-06 CN CN201510479038.6A patent/CN105160255A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1723425A (en) * | 2002-10-09 | 2006-01-18 | 英特尔公司 | Encapsulation of a TCPA trusted platform module functionality within a server management coprocessor subsystem |
| US20090172639A1 (en) * | 2007-12-27 | 2009-07-02 | Mahesh Natu | Firmware integrity verification |
| CN101281577A (en) * | 2008-05-16 | 2008-10-08 | 北京工业大学 | Dependable computing system capable of protecting BIOS and method of use thereof |
| CN103366113A (en) * | 2012-03-29 | 2013-10-23 | 思科技术公司 | System and method for trusted platform attestation |
Cited By (33)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105718806A (en) * | 2016-01-26 | 2016-06-29 | 浪潮电子信息产业股份有限公司 | Method for achieving trusted active measurement based on domestic BMC and TPM2.0 |
| CN107025406A (en) * | 2016-02-01 | 2017-08-08 | 广达电脑股份有限公司 | Motherboard, computer readable storage means and firmware validation method |
| CN105740710A (en) * | 2016-02-01 | 2016-07-06 | 浪潮电子信息产业股份有限公司 | Method for implementing BIOS dynamic measurement based on BMC |
| US9805200B2 (en) | 2016-02-01 | 2017-10-31 | Quanta Computer, Inc. | System and method for firmware verification |
| CN105892611A (en) * | 2016-04-01 | 2016-08-24 | 浪潮电子信息产业股份有限公司 | CPU power-on time sequence control method, device and system |
| CN106022137A (en) * | 2016-05-10 | 2016-10-12 | 北京新云东方系统科技有限责任公司 | Implementation method and system for controlling POWER platform to be trusted by TPCM (Trusted Platform Control Module) |
| CN106022137B (en) * | 2016-05-10 | 2018-11-13 | 北京新云东方系统科技有限责任公司 | The realization method and system of POWER platform credibles is controlled by TPCM |
| CN107437039B (en) * | 2016-05-27 | 2023-09-15 | 华大半导体有限公司 | Trusted platform control module based on ATX power supply and operation method thereof |
| CN107437039A (en) * | 2016-05-27 | 2017-12-05 | 华大半导体有限公司 | Credible platform control module and its operation method based on ATX power supplys |
| CN106384052A (en) * | 2016-08-26 | 2017-02-08 | 浪潮电子信息产业股份有限公司 | BMC U-boot trusted starting control method |
| CN106484578A (en) * | 2016-10-14 | 2017-03-08 | 苏州国芯科技有限公司 | A kind of check system based on trusted computer hardware |
| CN106407816A (en) * | 2016-11-15 | 2017-02-15 | 华胜信泰信息产业发展有限公司 | Trusted measurement system, method and device based on BMC platform |
| CN106557700A (en) * | 2016-11-24 | 2017-04-05 | 苏州国芯科技有限公司 | A kind of gauging system and method for trusted computer |
| CN106874771A (en) * | 2017-02-16 | 2017-06-20 | 浪潮(北京)电子信息产业有限公司 | A kind of method and device for building reliable hardware trust chain |
| CN109508263A (en) * | 2017-09-14 | 2019-03-22 | 佛山市顺德区顺达电脑厂有限公司 | Server system and its detection method |
| CN107885998A (en) * | 2017-11-03 | 2018-04-06 | 山东超越数控电子股份有限公司 | A kind of server master board encryption system |
| CN110659498A (en) * | 2018-06-29 | 2020-01-07 | 国民技术股份有限公司 | Trusted computing measurement method, system thereof and computer readable storage medium |
| CN109446813A (en) * | 2018-08-20 | 2019-03-08 | 天津七所精密机电技术有限公司 | A kind of mainboard BIOS is anti-tamper and automatic recovery method |
| CN109670349A (en) * | 2018-12-13 | 2019-04-23 | 英业达科技有限公司 | The hardware structure of trusted computer and the credible starting method of computer |
| CN109670349B (en) * | 2018-12-13 | 2021-10-01 | 英业达科技有限公司 | Hardware architecture of trusted computer and trusted starting method of computer |
| CN109743319A (en) * | 2019-01-03 | 2019-05-10 | 北京工业大学 | A kind of credible starting of network type private server and method for safe operation |
| CN109743319B (en) * | 2019-01-03 | 2021-02-05 | 北京工业大学 | Trusted starting and safe operation method of networking type special server |
| CN110163012A (en) * | 2019-05-30 | 2019-08-23 | 苏州浪潮智能科技有限公司 | Mainboard powering method, apparatus and system based on programming device |
| CN110472421A (en) * | 2019-07-22 | 2019-11-19 | 深圳中电长城信息安全系统有限公司 | Mainboard, firmware safety detection method and terminal device |
| CN110472421B (en) * | 2019-07-22 | 2021-08-20 | 深圳中电长城信息安全系统有限公司 | Mainboard and firmware safety detection method and terminal equipment |
| WO2021052191A1 (en) * | 2019-09-19 | 2021-03-25 | 华为技术有限公司 | Computer starting method, controller, storage medium and system |
| US11886595B2 (en) | 2019-09-19 | 2024-01-30 | Xfusion Digital Technologies Co., Ltd. | Computer boot method, controller, storage medium, and system |
| CN112702182A (en) * | 2019-10-22 | 2021-04-23 | 中国移动通信有限公司研究院 | Trusted management method, device, system, equipment and storage medium |
| CN111796780A (en) * | 2020-06-23 | 2020-10-20 | 天津光电通信技术有限公司 | Credible judgment method and system for passive measurement of printer |
| WO2022143429A1 (en) * | 2020-12-29 | 2022-07-07 | 华为技术有限公司 | Computer system, trusted functional assembly, and operation method |
| CN113051000A (en) * | 2021-03-30 | 2021-06-29 | 北京计算机技术及应用研究所 | Firmware starting and recovering method based on domestic Feiteng CPU |
| CN113625854B (en) * | 2021-06-28 | 2023-08-15 | 苏州浪潮智能科技有限公司 | Mainboard power-on control system, method and device and readable storage medium |
| CN113625854A (en) * | 2021-06-28 | 2021-11-09 | 苏州浪潮智能科技有限公司 | Mainboard power-on control system, method and device and readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105160255A (en) | Trustworthy measurement apparatus and method | |
| US11520894B2 (en) | Verifying controller code | |
| US8863109B2 (en) | Updating secure pre-boot firmware in a computing system in real-time | |
| US9728277B2 (en) | Method of repairing non-volatile memory based storage device and method of operating electronic system including the storage device | |
| CN104995627B (en) | Cipher key revocation in system-on-chip apparatus | |
| EP2989583B1 (en) | Configuring a system | |
| CN101276389B (en) | Separation of logical trusted platform modules within a single physical trusted platform module | |
| CN102012979B (en) | Embedded credible computing terminal | |
| CN104850792A (en) | Establishment method and apparatus of trust chain of server | |
| CN105205401A (en) | Trusted computer system based on safe password chip and trusted guiding method thereof | |
| CN103914658A (en) | Safe starting method of terminal equipment, and terminal equipment | |
| KR20130133074A (en) | Storage device firmware and manufacturing software | |
| CN101221509A (en) | Bus arbitration starting method of reliable embedded platform | |
| KR20160032529A (en) | SYSTEM ON CHIP(SoC), AND DYNAMIC VOLTAGE FREQUENCY SCALING(DVFS) VERIFICATION METHOD THEREOF | |
| TW201416853A (en) | Method and system for cloud testing and remote monitoring of integrated circuit device in validation of computerized system | |
| CN105164635A (en) | On-the-fly performance adjustment for solid state storage devices | |
| US9274581B2 (en) | Date adjusted power budgeting for an information handling system | |
| CN105447391A (en) | Operating system secure startup method, startup manager and operating system secure startup system | |
| CN112558946A (en) | Method, device and equipment for generating code and computer readable storage medium | |
| US8806254B2 (en) | System and method for creating and dynamically maintaining system power inventories | |
| US10698696B2 (en) | Chipset fuse programming system | |
| EP2339499A1 (en) | Storage device, information processing device, and program | |
| US9250919B1 (en) | Multiple firmware image support in a single memory device | |
| US20150379269A1 (en) | Technologies for protected hardware function monitoring and forensics | |
| WO2021189905A1 (en) | Distributed data retrieval method and apparatus, and electronic device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20151216 |