CN105893833A - Hardware interface used for firmware safety management - Google Patents

Hardware interface used for firmware safety management Download PDF

Info

Publication number
CN105893833A
CN105893833A CN201610196395.6A CN201610196395A CN105893833A CN 105893833 A CN105893833 A CN 105893833A CN 201610196395 A CN201610196395 A CN 201610196395A CN 105893833 A CN105893833 A CN 105893833A
Authority
CN
China
Prior art keywords
interface
safety detection
detection module
firmware
hardware
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610196395.6A
Other languages
Chinese (zh)
Other versions
CN105893833B (en
Inventor
赵瑞东
邹旭松
李善荣
尹双
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong Chaoyue Numerical Control Electronics Co Ltd
Original Assignee
Shandong Chaoyue Numerical Control Electronics Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong Chaoyue Numerical Control Electronics Co Ltd filed Critical Shandong Chaoyue Numerical Control Electronics Co Ltd
Priority to CN201610196395.6A priority Critical patent/CN105893833B/en
Publication of CN105893833A publication Critical patent/CN105893833A/en
Application granted granted Critical
Publication of CN105893833B publication Critical patent/CN105893833B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a hardware interface used for firmware safety management and belongs to the technical field of firmware management. The hardware interface is used for having access to a safety detection module during the start stage of a computer, a safety verification function is called, and integrity of key hardware devices and operation system core documents are measured and verified; a hardware layer interface is provided for a credible module according to firmware safety, a firmware path is set when the device is initially powered on, the device can be normally started through safe verification, and that is, the aim of providing beneficial guarantee for safety of computer firmware is achieved through the hardware interface.

Description

A kind of hardware interface for firmware security management
Technical field
The present invention discloses a kind of hardware interface for firmware security management, belongs to firmware management technical field.
Background technology
Along with the development of electronic information technology, computer application field has penetrated into all trades and professions of society, is changing traditional work, studying and living mode, promotes the development of society.Due to fast operation, computational accuracy high, many frameworks, multi-platform computer equipment routine work, live and produce in play key player.Therefore the security of computer equipment causes the attention of people further.The introducing of the fail-safe software of multiple types has ensured the software security of equipment, but most fail-safe software plays a role based on operating system, is difficult to provide help to the security of computer firmware.
The present invention is directed to this situation, a kind of hardware interface for firmware security management is provided, trusted module for firmware security provides hardware layer interface, when equipment initial power-on, firmware path is configured, pass through safety verification, equipment just can normally start, i.e. by the hardware interface of the present invention, it is achieved the purpose providing a favorable security the security of computer firmware.
Summary of the invention
The present invention is directed to deficiency and problem that prior art exists, a kind of hardware interface for firmware security management is provided, when equipment initial power-on, firmware path is configured, pass through safety verification, equipment just can normally start, i.e. by the hardware interface of the present invention, it is achieved the purpose that the security of computer firmware is provided a favorable security.
A kind of hardware interface for firmware security management of the present invention, the concrete scheme of proposition is:
A kind of hardware interface for firmware security management, described hardware interface for computer startup stage access safety detection module, call safety verification function, the integrality of key hardware the device and operating system core document measured and verified;
The flow process that computer calls safety detection module by described hardware interface is: calls and opens equipment interface, it is achieved the access to safety detection module;The interface routine that be will be stored in safety detection module by safety detection program loading interface after accessing successfully is loaded in internal memory;Call trust authentication interface to realize the setting of desired value, update, delete and checking to data to be verified;Exit access finally by closing equipment interface, and discharge related resource.
Calling when opening equipment interface, be configured firmware path when equipment initial power-on, when by safety verification, equipment normally starts, otherwise equipment alarm, it is impossible to start.
Described hardware interface is applicable to calling of UEFI BIOS.
A kind of method utilizing firmware security management hardware interface, computer startup stage access safety detection module by the hardware interface described in any one of claim 1-3, call safety verification function, the integrality of key hardware the device and operating system core document is measured and verified;
The flow process that computer calls safety detection module by described hardware interface is: calls and opens equipment interface, it is achieved the access to safety detection module;The interface routine that be will be stored in safety detection module by safety detection program loading interface after accessing successfully is loaded in internal memory;Call trust authentication interface to realize the setting of desired value, update, delete and checking to data to be verified;Exit access finally by closing equipment interface, and discharge related resource.
Usefulness of the present invention is:
The hardware interface of the present invention for computer startup stage access safety detection module, call safety verification function, the integrality of key hardware the device and operating system core document measured and verified;Trusted module for firmware security provides hardware layer interface, being configured firmware path when equipment initial power-on, by safety verification, equipment just can normally start, i.e. by the hardware interface of the present invention, it is achieved the purpose that the security of computer firmware is provided a favorable security.
Accompanying drawing explanation
The hardware circuit schematic diagram of lpc bus in Fig. 1 firmware of the present invention;
Safety detection module hardware interface circuit schematic diagram in Fig. 2 present invention.
Detailed description of the invention
A kind of hardware interface for firmware security management, described hardware interface for computer startup stage access safety detection module, call safety verification function, the integrality of key hardware the device and operating system core document measured and verified;
The flow process that computer calls safety detection module by described hardware interface is: calls and opens equipment interface, it is achieved the access to safety detection module;The interface routine that be will be stored in safety detection module by safety detection program loading interface after accessing successfully is loaded in internal memory;Call trust authentication interface to realize the setting of desired value, update, delete and checking to data to be verified;Exit access finally by closing equipment interface, and discharge related resource.
According to above-mentioned hardware interface and summary of the invention, in conjunction with accompanying drawing, the present invention will be further described.
Described hardware interface, it is applicable to calling of UEFI BIOS, described hardware interface can be used for computer and accesses safety detection module BIOS startup stage, calls safety verification function, the integrality of key hardware the device and operating system core document is measured and verified;
The flow process that computer calls safety detection module by described hardware interface is: calls and opens equipment interface, it is achieved the access to safety detection module;The interface routine that be will be stored in safety detection module by safety detection program loading interface after accessing successfully is loaded in internal memory;Call trust authentication interface to realize the setting of desired value, update, delete and checking to data to be verified;Exit access finally by closing equipment interface, and discharge related resource;
Wherein calling when opening equipment interface, be configured firmware path when equipment initial power-on, when by safety verification, equipment normally starts, otherwise equipment alarm, it is impossible to start.With reference to firmware hardware path selecting circuit in accompanying drawing 1:
When equipment initial power-on, TPM_EN=0, U84 disconnect, and now the lpc bus of firmware cannot access process device, therefore equipment alarm, it is impossible to start;
After firmware is detected by security, safety detection module controls TPM_EN=1, and variable connector turns on, and firmware passes through lpc bus normal access process device and internal memory, and equipment alarm releases, and can normal boot start.
And safety detection module hardware interface circuit is as in figure 2 it is shown, enable or close firmware safety detection function by STM_EN signal:
As STM_EN=0, firmware safety detection function is forbidden, now TPM_EN pull-up is high level, and equipment firmware starts without safety detection;
As STM_EN=1, enabling firmware safety detection function, the lpc bus preferential input value safety detection module of firmware, when firmware does not passes through or carries out safety detection, TPM_EN signal is set low by safety detection module, equipment alarm, it is impossible to enter Booting sequence.When by safety detection, safety detection module being set high by TPM_EN signal, equipment normally starts.Wherein safety detection module may utilize PCI-E 4X signal, can be adjusted as required.
I.e. computer startup stage access safety detection module by described hardware interface, call safety verification function, the integrality of key hardware the device and operating system core document measured and verified.

Claims (4)

1. the hardware interface for firmware security management, it is characterized in that described hardware interface for computer startup stage access safety detection module, call safety verification function, the integrality of key hardware the device and operating system core document is measured and verified;
The flow process that computer calls safety detection module by described hardware interface is: calls and opens equipment interface, it is achieved the access to safety detection module;The interface routine that be will be stored in safety detection module by safety detection program loading interface after accessing successfully is loaded in internal memory;Call trust authentication interface to realize the setting of desired value, update, delete and checking to data to be verified;Exit access finally by closing equipment interface, and discharge related resource.
Hardware interface the most according to claim 1, is characterized in that calling when opening equipment interface, is configured firmware path when equipment initial power-on, and when by safety verification, equipment normally starts, otherwise equipment alarm, it is impossible to start.
Hardware interface the most according to claim 1 and 2, is characterized in that described hardware interface is applicable to calling of UEFI BIOS.
4. the method utilizing firmware security management hardware interface, it is characterized in that computer startup stage access safety detection module by the hardware interface described in any one of claim 1-3, call safety verification function, the integrality of key hardware the device and operating system core document is measured and verified;
The flow process that computer calls safety detection module by described hardware interface is: calls and opens equipment interface, it is achieved the access to safety detection module;The interface routine that be will be stored in safety detection module by safety detection program loading interface after accessing successfully is loaded in internal memory;Call trust authentication interface to realize the setting of desired value, update, delete and checking to data to be verified;Exit access finally by closing equipment interface, and discharge related resource.
CN201610196395.6A 2016-03-31 2016-03-31 A kind of hardware interface for firmware security management Active CN105893833B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610196395.6A CN105893833B (en) 2016-03-31 2016-03-31 A kind of hardware interface for firmware security management

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610196395.6A CN105893833B (en) 2016-03-31 2016-03-31 A kind of hardware interface for firmware security management

Publications (2)

Publication Number Publication Date
CN105893833A true CN105893833A (en) 2016-08-24
CN105893833B CN105893833B (en) 2019-07-05

Family

ID=57011721

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610196395.6A Active CN105893833B (en) 2016-03-31 2016-03-31 A kind of hardware interface for firmware security management

Country Status (1)

Country Link
CN (1) CN105893833B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110472421A (en) * 2019-07-22 2019-11-19 深圳中电长城信息安全系统有限公司 Mainboard, firmware safety detection method and terminal device

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005057845A1 (en) * 2003-12-10 2005-06-23 Huawei Technologies Co., Ltd. The safe verify method between the manager and the proxy in network transmission
CN1952885A (en) * 2005-10-19 2007-04-25 联想(北京)有限公司 A computer system and method to check completely
CN101079003A (en) * 2006-05-23 2007-11-28 北京金元龙脉信息科技有限公司 System and method for carrying out safety risk check to computer BIOS firmware
CN101488177A (en) * 2009-03-02 2009-07-22 中国航天科工集团第二研究院七○六所 BIOS based computer security control system and method thereof
CN102279914A (en) * 2011-07-13 2011-12-14 中国人民解放军海军计算技术研究所 Unified extensible firmware interface (UEFI) trusted supporting system and method for controlling same
CN103034510A (en) * 2012-10-26 2013-04-10 中国航天科工集团第二研究院七〇六所 UEFI and BIOS (unified extensible firmware interface and basic input output system) rapidly and safely starting method capable of being dynamically adjusted as requirements
CN103729219A (en) * 2013-12-25 2014-04-16 合肥联宝信息技术有限公司 Method and system for framing UEFI BIOS (unified extensible firmware interface basic input/output system)
CN104008342A (en) * 2014-06-06 2014-08-27 山东超越数控电子有限公司 Method for achieving safe and trusted authentication through BIOS and kernel
CN105335264A (en) * 2015-11-12 2016-02-17 浪潮电子信息产业股份有限公司 Computer PCIE adapter card function test method based on UEFI

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005057845A1 (en) * 2003-12-10 2005-06-23 Huawei Technologies Co., Ltd. The safe verify method between the manager and the proxy in network transmission
CN1952885A (en) * 2005-10-19 2007-04-25 联想(北京)有限公司 A computer system and method to check completely
CN101079003A (en) * 2006-05-23 2007-11-28 北京金元龙脉信息科技有限公司 System and method for carrying out safety risk check to computer BIOS firmware
CN101488177A (en) * 2009-03-02 2009-07-22 中国航天科工集团第二研究院七○六所 BIOS based computer security control system and method thereof
CN102279914A (en) * 2011-07-13 2011-12-14 中国人民解放军海军计算技术研究所 Unified extensible firmware interface (UEFI) trusted supporting system and method for controlling same
CN103034510A (en) * 2012-10-26 2013-04-10 中国航天科工集团第二研究院七〇六所 UEFI and BIOS (unified extensible firmware interface and basic input output system) rapidly and safely starting method capable of being dynamically adjusted as requirements
CN103729219A (en) * 2013-12-25 2014-04-16 合肥联宝信息技术有限公司 Method and system for framing UEFI BIOS (unified extensible firmware interface basic input/output system)
CN104008342A (en) * 2014-06-06 2014-08-27 山东超越数控电子有限公司 Method for achieving safe and trusted authentication through BIOS and kernel
CN105335264A (en) * 2015-11-12 2016-02-17 浪潮电子信息产业股份有限公司 Computer PCIE adapter card function test method based on UEFI

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110472421A (en) * 2019-07-22 2019-11-19 深圳中电长城信息安全系统有限公司 Mainboard, firmware safety detection method and terminal device
CN110472421B (en) * 2019-07-22 2021-08-20 深圳中电长城信息安全系统有限公司 Mainboard and firmware safety detection method and terminal equipment

Also Published As

Publication number Publication date
CN105893833B (en) 2019-07-05

Similar Documents

Publication Publication Date Title
US11194586B2 (en) Secure boot override in a computing device equipped with unified-extensible firmware interface (UEFI)-compliant firmware
TWI559167B (en) A unified extensible firmware interface(uefi)-compliant computing device and a method for administering a secure boot in the uefi-compliant computing device
US20090288161A1 (en) Method for establishing a trusted running environment in the computer
CN103718165B (en) BIOS flash memory attack protection and notice
US9292302B2 (en) Allowing bypassing of boot validation in a computer system having secure boot enabled by default only under certain circumstances
JP5014726B2 (en) Enhanced execution environment by preventing unauthorized boot loader execution
US9710652B1 (en) Verifying boot process of electronic device
US10489612B2 (en) Memory controller to verify authenticity of data
TW201519100A (en) System and method for auto-enrolling option ROMs in a UEFI secure boot database
US20170364683A1 (en) Computing device secure boot
CN104537302B (en) A kind of safe starting method of terminal, device and terminal
CN107609403B (en) Safe starting method, device, equipment and medium of embedded equipment
CN111488589A (en) Safe and trusted boot and firmware upgrade system and method based on hardware write protection
US10824710B2 (en) Method and device for authenticating application that requests access to memory
CN113868080A (en) Expiration alarm method, device and medium for security certificate
JP6174247B2 (en) Program integrity verification method using hash
CN107657170A (en) The Trusted Loading for supporting intelligently to repair starts control system and method
CN105893833A (en) Hardware interface used for firmware safety management
CN111143826A (en) BIOS user account password setting method and device and related equipment
CN110362983B (en) Method and device for ensuring consistency of dual-domain system and electronic equipment
CN112020703A (en) BIOS personality
EP3923168B1 (en) Secure boot at shutdown
US8473730B2 (en) Computer with network detecting module and method for controlling computer when detecting network connection
CN103927492B (en) A kind of data processing equipment and data guard method
CN114417301A (en) Information processing method, information processing device, electronic equipment and storage medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant