CN106228091A - A kind of safe firmware validation update method - Google Patents

A kind of safe firmware validation update method Download PDF

Info

Publication number
CN106228091A
CN106228091A CN201610554448.7A CN201610554448A CN106228091A CN 106228091 A CN106228091 A CN 106228091A CN 201610554448 A CN201610554448 A CN 201610554448A CN 106228091 A CN106228091 A CN 106228091A
Authority
CN
China
Prior art keywords
firmware
file
firmware file
update method
storage medium
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610554448.7A
Other languages
Chinese (zh)
Inventor
杨合林
高瞻
梁辉
樊明峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Kunshan One Hundred Ao Electronic Technology Co Ltd
Original Assignee
Kunshan One Hundred Ao Electronic Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Kunshan One Hundred Ao Electronic Technology Co Ltd filed Critical Kunshan One Hundred Ao Electronic Technology Co Ltd
Priority to CN201610554448.7A priority Critical patent/CN106228091A/en
Publication of CN106228091A publication Critical patent/CN106228091A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/572Secure firmware programming, e.g. of basic input output system [BIOS]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/034Test or assess a computer or a system

Abstract

The invention discloses a kind of safe firmware validation update method, it comprises the following steps: S1, in firmware compilation process, adds ID and identifies and encrypted authentication algorithm, makes the firmware file ultimately generated can verify that identification;Before controller is finally given operating system by the startup of S2, firmware, storage medium is set as write-protected lock-out state;S3, refresh firmware program in add the parsing to firmware file, by the legitimacy of decryption verification firmware file, and identified that by ID verifying mating between firmware file with mainboard, the firmware file of the most legal coupling could allow by brush enters.The method that the present invention provides, can stop Malware for the destruction of storage medium or attack, can retain again the approach of user's legal renewal firmware, and its safety is high, cracks difficulty big, low cost.

Description

A kind of safe firmware validation update method
Technical field
The present invention relates to a kind of safe firmware validation update method.
Background technology
At present, the storage medium of the firmware in computer develops into SPI interface from the interface of LPC/FWH, Gu Part manufacturer is all to update firmware content in storage medium to provide the instrument under various operating system, for factory and follow-up use Family updates firmware and provides convenience, but storage medium so certainly will be made to be in an erasable state, and this erasable state will Firmware is placed in a breakneck condition, and it becomes the important channel of such as CIH, BMW virus attack firmware, pacifies to system Full reliability and information security bring great hidden danger.
To this end, chip manufacturer proposes the solution of locking, the last point i.e. run at firmware, in call operation system Before system, firmware storage media (such as SPI ROM) being set as Lockmode, this pattern is equal at this follow-up time end started shooting Can not again be modified, only after system restarts, Lock mode just can be unlocked, and user is just the most under an operating system Firmware cannot be updated by instrument, also it is prevented that CIH, BMW are similar to the approach of virus attack, but maximum the asking of do so Topic is that system just cannot update firmware after dispatching from the factory and (unless taken off from mainboard by storage medium, refresh with cd-rom recorder solid Part, but this way is difficulty with for domestic consumer), and after system shipment, occur that bug needs by updating firmware The demand solved is of common occurrence, so this solution well prevents the approach of destroyed attack, but blocks also The normal demand updating firmware, has the most inflexible suspicion unavoidably.
It is therefore necessary to a kind of method of design, Malware can be stoped for the destruction of storage medium or attack, again can Retain the approach of user's legal renewal firmware.
Summary of the invention
The technical problem to be solved in the present invention is the defect overcoming prior art, it is provided that a kind of safe firmware validation updates Method.
In order to solve above-mentioned technical problem, the invention provides following technical scheme:
A kind of safe firmware validation update method of the present invention, it comprises the following steps:
S1, in firmware compilation process, add ID identify and encrypted authentication algorithm, making the firmware file ultimately generated is can Checking identifies;Do so can ensure that the firmware file write with a brush dipped in Chinese ink in the future is not maliciously tampered, and does not also have in master The situation that the firmware file that plate does not corresponds is write with a brush dipped in Chinese ink;
Before controller is finally given operating system by the startup of S2, firmware, storage medium is set as write-protected locking State, so prevents the attack of other Malwares or virus;
S3, in the program refreshing firmware, add the parsing to firmware file, legal by decryption verification firmware file Property, and identified by ID and verify mating between firmware file with mainboard, the firmware file of the most legal coupling could be permitted Permitted to be entered by brush.
Further, in step s3, the program of described refreshing firmware is nested in inside original firmware, and user can be Firmware start-up course is called, or is refreshed the program code of firmware by this section of the instrument activation under operating system, be allowed to Can automatically be performed after restarting.
The present invention is reached to provide the benefit that:
The method that the present invention provides, can stop Malware for the destruction of storage medium or attack, can retain again use The approach of the legal renewal in family firmware, its safety is high, cracks difficulty big, low cost.
Accompanying drawing explanation
Accompanying drawing is for providing a further understanding of the present invention, and constitutes a part for description, with the reality of the present invention Execute example together for explaining the present invention, be not intended that limitation of the present invention.In the accompanying drawings:
Fig. 1 is refresh flow figure under BIOS Setup interface;
Fig. 2 is refresh flow figure under operating system.
Detailed description of the invention
Below in conjunction with accompanying drawing, the preferred embodiments of the present invention are illustrated, it will be appreciated that preferred reality described herein Execute example be merely to illustrate and explain the present invention, be not intended to limit the present invention.
As depicted in figs. 1 and 2, UEFIBIOS is added BIOS ID and AES, makes the UEFI of encryption BIOS file;Before being refreshed, before the refurbishing procedure calling existing UEFI BIOS, verify the legal of this UEFI BIOS file Property, confirm that this file was not tampered with, and carry out contrasting to confirm not have by the ID of BIOS existing on mainboard The wrong file of choosing.Existing firmware completes the action write with a brush dipped in Chinese ink in specific link, completes the renewal of firmware.
1, BIOS be maintained at startup operating system before SPI ROM is placed in write-protected lock state;
2, BIOS file adds ID encryption when compiling generates;
The BIOS file inputted is verified and checks ID before refreshing by 3, BIOS refurbishing procedures;
In 4, BIOS, the activation of refurbishing procedure now has been developed over two ways:
A) provide, under BIOS setup interface, the function write with a brush dipped in Chinese ink, BIOS first provide FAT, NTFS, EXT, EXT2, EXT3, etc. the support of file format, provide user to select the function of BIOS file under setup interface, then user selected File carry out encrypted authentication said before and ID verification, confirm errorless after, the function of writing with a brush dipped in Chinese ink calling SPIROM completes Update the action of BIOS;
B) updating software under operating system realizes the function of writing with a brush dipped in Chinese ink activating in BIOS, after updating software reads encryption BIOS file is also put in internal memory, carry out encrypted authentication said before and ID verification, confirm errorless after, by specific machine System record BIOS file position in internal memory, and arrange notice BIOS next time start in call refresh function, complete this After a little records, allow system roll-back once, after current BIOS sees special sign record, call BIOS refreshing code and complete The work that BIOS updates.
Finally it is noted that the foregoing is only the preferred embodiments of the present invention, it is not limited to the present invention, Although being described in detail the present invention with reference to previous embodiment, for a person skilled in the art, it still may be used So that the technical scheme described in foregoing embodiments to be modified, or wherein portion of techniques feature is carried out equivalent. All within the spirit and principles in the present invention, any modification, equivalent substitution and improvement etc. made, should be included in the present invention's Within protection domain.

Claims (2)

1. the firmware validation update method of a safety, it is characterised in that comprise the following steps:
S1, in firmware compilation process, add ID identify and encrypted authentication algorithm, making the firmware file ultimately generated is to can verify that Identify;
Before controller is finally given operating system by the startup of S2, firmware, storage medium is set as write-protected lock-out state;
S3, refresh firmware program in add the parsing to firmware file, by the legitimacy of decryption verification firmware file, and Identified by ID and verify that mating between firmware file with mainboard, the firmware file of the most legal coupling could allow to be brushed Enter.
A kind of safe firmware validation update method the most according to claim 1, it is characterised in that in step s3, institute The program stating refreshing firmware is nested in inside original firmware, and user can call in firmware start-up course, or passes through This section of instrument activation under operating system refreshes the program code of firmware, is allowed to after restarting automatically to be performed.
CN201610554448.7A 2016-07-14 2016-07-14 A kind of safe firmware validation update method Pending CN106228091A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610554448.7A CN106228091A (en) 2016-07-14 2016-07-14 A kind of safe firmware validation update method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610554448.7A CN106228091A (en) 2016-07-14 2016-07-14 A kind of safe firmware validation update method

Publications (1)

Publication Number Publication Date
CN106228091A true CN106228091A (en) 2016-12-14

Family

ID=57520425

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610554448.7A Pending CN106228091A (en) 2016-07-14 2016-07-14 A kind of safe firmware validation update method

Country Status (1)

Country Link
CN (1) CN106228091A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110502250A (en) * 2019-07-12 2019-11-26 苏州浪潮智能科技有限公司 A kind of upgrade method and baseboard management controller
CN111142912A (en) * 2019-12-29 2020-05-12 山东英信计算机技术有限公司 BIOS refreshing method, device and equipment
CN113360914A (en) * 2021-05-14 2021-09-07 山东英信计算机技术有限公司 BIOS updating method, system, equipment and medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101464933A (en) * 2007-12-18 2009-06-24 中国长城计算机深圳股份有限公司 BIOS write protection method and system
CN102467626A (en) * 2010-11-10 2012-05-23 鸿富锦精密工业(深圳)有限公司 Computer system data protection device and method
CN104572168A (en) * 2014-09-10 2015-04-29 中电科技(北京)有限公司 BIOS (Basic Input/Output System) self-updating protection system and BIOS self-updating protection method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101464933A (en) * 2007-12-18 2009-06-24 中国长城计算机深圳股份有限公司 BIOS write protection method and system
CN102467626A (en) * 2010-11-10 2012-05-23 鸿富锦精密工业(深圳)有限公司 Computer system data protection device and method
CN104572168A (en) * 2014-09-10 2015-04-29 中电科技(北京)有限公司 BIOS (Basic Input/Output System) self-updating protection system and BIOS self-updating protection method

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110502250A (en) * 2019-07-12 2019-11-26 苏州浪潮智能科技有限公司 A kind of upgrade method and baseboard management controller
CN111142912A (en) * 2019-12-29 2020-05-12 山东英信计算机技术有限公司 BIOS refreshing method, device and equipment
CN113360914A (en) * 2021-05-14 2021-09-07 山东英信计算机技术有限公司 BIOS updating method, system, equipment and medium

Similar Documents

Publication Publication Date Title
US8001596B2 (en) Software protection injection at load time
CN106020865B (en) System upgrading method and device
CN102630320B (en) Information processing device and method for preventing unauthorized application cooperation
US20050085222A1 (en) Software updating process for mobile devices
JP2010128824A (en) Client control system utilizing policy group identifier
CN104252377B (en) Virtualized host ID keys are shared
JP2015222474A (en) Method, computer program and computer for repairing variable set
CN102915415B (en) Safety control method and system of mobile terminal
US9448785B1 (en) System and method updating full disk encryption software
CN106228091A (en) A kind of safe firmware validation update method
WO2012031567A1 (en) Fault tolerance method and device for file system
CN101520830A (en) Method for startup identity authentication of computer capable of protecting hard disk data
KR20190080591A (en) Behavior based real- time access control system and control method
JP2023518127A (en) Methods for Safely Using Cryptographic Materials
CN100507850C (en) Method for embedding inner core drive program in Window operation system by USB apparatus start-up
CN112148314A (en) Mirror image verification method, device, equipment and storage medium of embedded system
CN112613011B (en) USB flash disk system authentication method and device, electronic equipment and storage medium
CN101477603A (en) Computer security information card based on expanded BIOS technique and operation method thereof
JP2008192126A (en) Information processor and program
CN104361298B (en) The method and apparatus of Information Security
CN101226494A (en) Method for backupping and recovering computer system
CN101236498B (en) Method for embedding inner core drive program in Window operation system by PCI card start-up
CN102855421A (en) Method for protecting BIOS (basic input and output system) program from being embezzled, basic input and output system and computing device
CN102426592A (en) Method for initializing database based on dynamic password
CN116775145A (en) Method, device, equipment and storage medium for starting and recovering server

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20161214

RJ01 Rejection of invention patent application after publication