CN106909848A - A kind of computer security strengthening system and its method based on BIOS extensions - Google Patents
A kind of computer security strengthening system and its method based on BIOS extensions Download PDFInfo
- Publication number
- CN106909848A CN106909848A CN201510969189.XA CN201510969189A CN106909848A CN 106909848 A CN106909848 A CN 106909848A CN 201510969189 A CN201510969189 A CN 201510969189A CN 106909848 A CN106909848 A CN 106909848A
- Authority
- CN
- China
- Prior art keywords
- bios
- module
- computer
- int19h
- authentication module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/572—Secure firmware programming, e.g. of basic input output system [BIOS]
Abstract
The invention discloses a kind of computer security strengthening system and its method based on BIOS extensions, the system is used in the case where BIOS source codes are not changed, performed in the BIOS stages and realize that the transmission of trust chain and control operation system start, belong to computer safety field.The system is interconnected with computer, and for carrying out safe enhancing to BIOS before the os starting of computer, the system is specially:Interconnected by extender load-on module and BIOS, set up chain-of-trust, and prior to operating system safety strengthening system.BIOS interactive modules are interconnected with BIOS, and call BIOS infrastructure services under control;Algorithm support module provides algorithm and supports;Authentication module is verified to user type;Hardware identification module is measured to the key hardware appliance integrality that computer is connected;Software authentication module is measured to operating system nucleus critical file;Guiding control module is used for the starting device according to used by user type controls user.
Description
Technical field
The invention belongs to computer security technique field, and in particular to a kind of computer based on BIOS extensions
Safety enhancing system and its method of work.
Background technology
The realization of BIOS layers of general safety enhancing technology is by increasing some moulds in BIOS source codes
Block is completed, and this mode has significant limitation.First, very widely used today business computer is big
Intel X86 platforms are all based on, the BIOS of these platforms is produced by external Ji Jia BIOS manufacturers
, between the limitation of intellectual property, the source code that we cannot obtain BIOS carries out security enhancing to system;
In addition, the business computer largely used to upgrade by the modification of source code is relatively costly, it is feasible
Property is low.
The content of the invention
In view of this, the invention provides a kind of computer security strengthening system and its work based on BIOS extensions
Make method, chain-of-trust is realized by loading a safety enhancing system block for stand-alone development operation by BIOS
Transmission and the control of os starting, realize in the case where BIOS source codes are not changed, in BIOS
Stage performs and realizes the inexpensive method that the transmission of trust chain and control operation system start.
In order to achieve the above object, the technical scheme is that:
A kind of computer security strengthening system based on BIOS extensions, the system and computer are interconnected, for
Safe enhancing is carried out to basic input-output system BIOS before the os starting of computer, its feature exists
In the system includes extender load-on module, BIOS interactive modules, authentication module, hardware identification
Module, software authentication module, algorithm support module and guiding control module;
Extender load-on module and basic input-output system BIOS are interconnected, obtained from BIOS interrupt to
First instruction of amount INT19H or modification INT19H, and strengthen system prior to operating system safety
System, sets up chain-of-trust;Before extender load-on module saves former INT19H interrupt vectors and modification
First of INT19H instruction, after the completion of the safety enhancing system is performed, in utilizing preserved INT19H
First instruction reduction INT19H of the INT19H before disconnected vector and modification, so that normal start-up operation system
System;
BIOS interactive modules are interconnected with BIOS, and are recognized in authentication module, hardware identification module, software
BIOS infrastructure services are called under the control of card module and guiding control module;
Algorithm support module is authentication module, hardware identification module and software authentication module provide algorithm
Support;
Authentication module is interconnected with extender load-on module, and authentication module is opened in BIOS extenders
User type is verified when dynamic:If user does not carry out any operation, the user type is common use
Family;If user input administrator password and by checking, the user type be administrator;
Hardware identification module is measured to the key hardware appliance integrality that computer system is connected, and is measured
Journey is as follows:The characteristic value of the key equipment that hardware identification module record and storage system are connected, and in system
Characteristic value contrast is carried out during start, if there is difference, i.e., key equipment is replaced or unloads, then according to login
User type acted accordingly;
Software authentication module is used to measure operating system nucleus critical file, and the metrics process is as follows:
Software authentication module reads the file listed in listed files, and sends data in file to algorithm support mould
Hash operation is carried out in block and obtains Standard Hash value, file storage corresponding with Standard Hash value is opened in system
During machine, software authentication module calculates the cryptographic Hash of respective file and is contrasted with Standard Hash value, if having not
Together, then corresponding actions are carried out according to user type;
Guiding control module is used for the starting device according to used by user type controls user:Control domestic consumer
By hard disk startup operating system, and the boot sequence that administrator is then set according to BIOS is set by key
Start-up operation system by standby.
Further, key equipment includes video card, network interface card, hard disk, CD-ROM drive and BIOS.
Further, safety enhancing system is empty in the non-volatile memory of PCI-E boards as software program programming
It is interior, the PCI-E boards are linked into operating system by pci bus.
Further, in FLASH chip of the safety enhancing system as software program programming to BIOS.
Further, algorithm support module includes the algorithm chip and its driver that are connected in pci bus.
Further, using the computer for being connected to above-mentioned safety enhancing system, following steps are performed:
Step one:Start computer, before os starting, start BIOS, BIOS it is upper electricity from
Inspection POST stages, extender load-on module hooks the interrupt vector INT19H of start-up operation system, and protects
Original first jump instruction of INT19H interrupt vectors and INT19H is deposited, extender load-on module is exited,
BIOS continues to complete the initialization of operating system;
Step 2:When BIOS performs INT19H, each module in loading safety enhancing system;
Step 3:Entered using authentication module and user type is verified;
Step 4:The key hardware appliance integrality degree of carrying out connected to operating system using hardware identification module
Amount, and viewing hardware measurement results on the computer screen;
Step 5:It is used to measure operating system nucleus critical file using software authentication module, and
Documents Metric result is shown on computer screen;
Step 6:Perform and start control module, according to active user's type, selection is directly from hard disk startup behaviour
Make system or the authority of start-up operation system is given back the INT19H of BIOS.
Further, safety enhancing system is empty in the non-volatile memory of PCI-E boards as software program programming
It is interior, the PCI-E boards are linked into computer system;Algorithm support module includes being connected to PCI
Algorithm chip and its driver in bus;
Then in step 2, when BIOS is performed, operating system is operated in real pattern, and INT19H is performed in BIOS
When, extender load-on module has been hooked after INT19H, and safety enhancing system obtains the control to system,
System is switched into protected mode, BIOS interaction built-in functions are set up, safety enhancing system and BIOS's is realized
Interaction;The algorithm chip in pci bus is scanned simultaneously, and sets up the mapping of algorithm chip and driver;
In step 5, in software authentication module read operation system kernel critical file, BIOS interactive modules
The reading disk interrupt vector INT13H for calling BIOS to provide, while CPU is switched under real address mode,
Perform after INT13H reads kernel critical file, then CPU has been switched under protected mode again, after
It is continuous to perform software authentication module.
Beneficial effect:
(1) this programme low cost, versatility is preferable, on the machine of most X86 architectures all
Can normally run, being deposited in PCI/PCI-E boards in the case of a non-volatile memory can will be most common
X86 upgrading computers are credible safety computer without changing original any hardware/software.
(2) deposited in the case of a non-volatile memory in PCI/PCI-E boards, as long as in theory
Memory space on PCI/PCI-E boards is sufficiently large, it is possible to break through the limitation of Option ROM 64KB,
More complicated control of authority function can be done, the project and measurement that can be for example measured according to policy selection fail
Action, record metrics logs use for operating system upper layer security software, load more file system,
Realize backup/restoration function after measurement failure etc..
Brief description of the drawings
Fig. 1 is computer security strengthening system physical structure figure;
Fig. 2 is BIOS extender Organization Charts;
Fig. 3 is BIOS extender execution flow charts.
Specific embodiment
Develop simultaneously embodiment below in conjunction with the accompanying drawings, and the present invention will be described in detail.
The present invention also aims to provide a kind of computer security strengthening system, the system passes through PCI/PCIE
EBI is connected with computer processor/chipset;The system also provides algorithm chip and (can also use soft
Algorithm), realize hash algorithm service, there is provided (storage chip can be independent to nonvolatile memory chip
Rom chip, or storage BIOS FLASH chip a part) for depositing BIOS
Extender.The physical structure of computer security strengthening system is as shown in Figure 1.
A kind of computer security Enhancement Method based on BOS extensions of the invention, i.e. BIOS extenders,
Including extender load-on module, BIOS interactive modules, authentication module, hardware identification module, software
Authentication module, algorithm support module and guiding control module.The framework of BIOS extenders is as shown in Figure 2.
Extender load-on module, i.e., the loader of whole BIOS extenders.The module is mainly responsible for hook
First instruction of INT19H or modification INT19H, it is ensured that chain-of-trust is passed into this program, makes this program
Can be run prior to operating system.Extender load-on module also saving original INT19H and interrupt simultaneously
First instruction of vector and INT19H, to be reduced when whole BIOS extenders are measured successfully
INT19H, so that normal start-up operation system.
BIOS interactive modules, are the modules for calling BIOS infrastructure services.For PCI board card apparatus use it is non-
Volatile memory is limited, it is not required that all of hardware is driven, such as RAID card.Therefore
The infrastructure service for calling BIOS to provide using this BIOS interactive module.For example, BIOS expands
Software authentication module in exhibition program reads file, it is necessary to the reading disk interrupt INT 13H for calling BIOS to provide.
Because the interruption that BIOS is provided all is the interruption under real pattern, software authentication module is run in protected mode,
Cannot directly invoke, be switched to CPU under real address mode when INT13H is called by BIOS interactive modules,
Perform INT13H CPU is switched under protected mode again then, continue executing with other BIOS extension journeys
Sequence.
Authentication module, refers to the module verified to user identity when BIOS extenders start.
If user does not carry out any operation, acquiescence logs in domestic consumer;If user input administrator password and
By checking, then administrator is logged in.Domestic consumer can only be by hard disk after guiding control module is performed
Start-up operation system, and administrator can be set after guiding control module is performed according to BIOS
BBS sequence starting operating systems.Authentication module is that the hardware identification of BIOS extenders, software are recognized
The basis that card, guiding control are performed.
Hardware identification module, refers to the module measured to the machine key hardware appliance integrality.The module
The characteristic value of key equipment (video card, network interface card, hard disk, CD-ROM drive, BIOS etc.) can be recorded and stored, is being opened
Measured during machine.If equipment is replaced/unloads, BIOS extenders can find and according to login in time
User type (keeper/domestic consumer) acted accordingly (continue/restart).
Software authentication module, refers to the module measured to operating system nucleus critical file.The module is read
Taking the file listed in listed files, and transfer data to algorithm chip carries out Hash operation, then will be pre-
Time value is stored in the nonvolatile memory.During start, the module calculate respective file cryptographic Hash and with deposit
Storage data in the nonvolatile memory are contrasted, if file is tampered or deletes, its cryptographic Hash meeting
Change, BIOS extenders provide alarm and done according to the user type (keeper/domestic consumer) for logging in
Go out corresponding actions (continue/restart).
Algorithm support module, is directed to the driver module of algorithm chip.The module is whole trusted module
Basic algorithm service is provided.In the case of no algorithm chip, this module is related using software code realization
Algorithmic function.
Guiding control module, refers to the module that starting device is controlled according to user identity.For domestic consumer,
Its other equipment from beyond local hard disk is not allowed to start, guiding control module can directly guide operating system
Loader start-up operation system;For administrator, then control is handed back to BIOS, system then passes through
The boot sequence set in BIOS, is started from equipment such as hard disk, network interface card, CD-ROM drive, USB flash disks.
Safe Enhancement Method based on BIOS extensions of the invention, i.e. the execution flow of BIOS extenders are such as
Shown in Fig. 3, it is described as follows:
Step one:According to BIOS and PCI specification, in the BIOS POST stages, BIOS can load PCI
The extender of equipment is performed in internal memory.Now BIOS extenders of the invention obtain the control of CPU
Power, finishes because BIOS has not carried out, and many resources are not also ready, under CPU is also in real pattern,
The security function program of complexity should not now be performed.Therefore extender load-on module hooks start-up operation system
Interrupt INT 19H, so as to ensure that control turns again to BIOS extenders in start-up operation system.Together
When extender load-on module also saving original INT19H interrupt vectors and INT19H first redirects finger
Order, so that control are returned into BIOS after measurement terminates.After completing this action, extender adds
Carry module execution RETF to exit, CPU controls are returned into BIOS, BIOS is continued to complete system initial
The operation of change.
Step 2:When BIOS performs INT19H, BIOS extenders obtain control again, now
Control is remained in safety function module program.CPU is switched to protected mode by BIOS extenders,
BIOS interaction built-in functions are set up, internal memory, the driving of loading non-volatile memory, loading non-volatile is initialized
Property memory file system, set up mapping of INT13H that disk drive and BIOS are provided etc..
Step 3:PCI Scan are performed, the algorithm chip in pci bus is scanned, if finding algorithm chip,
The mapping that algorithmic function drives with algorithm chipset on PCI/PCI-E boards is then set up, algorithm letter is otherwise set up
Count the mapping with soft hash algorithm.
Step 4:If the space for depositing BIOS extenders is not big enough, then need partial function mould
Block (BIOS interacts a part of code module in storehouse, even Partial security functional module), such as character library mould
Block, disk file system module, console module etc. are put into single nonvolatile storage space (for example
FLASH chip, hard disk sector etc.), in the BIOS extender loading non-volatile storage spaces of main body
Program module, and perform corresponding module Symbolic Links and module initialization operation.If storage BIOS expands
The space of exhibition program is sufficiently large, then need not perform this step, directly performs step 5.
Step 5:Popup text prompting user logged in, and it be then administrator, overtime nothing to login successfully
Action or login failure are then domestic consumer.
Step 6:System core hardware is authenticated, whether checking hardware is changed/replaced/unloaded.In screen
The result of measurement is printed on curtain, and makes corresponding dynamic according to the user type (keeper/domestic consumer) for logging in
Make (continue/restart).
Step 7:Operating system software is authenticated, whether checking file is changed/deleted.On screen
Print measurement result, and according to log in user type (keeper/domestic consumer) make corresponding actions (after
Continue/restart).
Step 8:Perform and start control module, according to the user type for logging in, selection directly starts from disk
Operating system is given back the INT19H of BIOS by the authority of start-up operation system.
To sum up, presently preferred embodiments of the present invention is these are only, protection model of the invention is not intended to limit
Enclose.All any modification, equivalent substitution and improvements within the spirit and principles in the present invention, made etc.,
Should be included within protection scope of the present invention.
Claims (7)
1. a kind of computer security strengthening system based on BIOS extensions, the system and computer are interconnected, used
In safe enhancing was carried out to basic input-output system BIOS before the os starting of computer, it is special
Levy and be, the system includes extender load-on module, BIOS interactive modules, authentication module, hardware
Authentication module, software authentication module, algorithm support module and guiding control module;
The extender load-on module is interconnected with basic input-output system BIOS, in being obtained from BIOS
First instruction of disconnected vector INT19H or modification INT19H, and increase prior to operating system safety
Strong system, sets up trust chain;The extender load-on module, save former INT19H interrupt vectors and
First instruction of the INT19H before modification, after the completion of the safety enhancing system is performed, utilizes what is preserved
First instruction reduction INT19H of the INT19H before INT19H interrupt vectors and modification, so that normally
Start-up operation system;
The BIOS interactive modules and BIOS are interconnected, and in authentication module, hardware identification module, soft
BIOS infrastructure services are called under the control of part authentication module and guiding control module;
The algorithm support module is authentication module, hardware identification module and software authentication module are provided
Algorithm is supported;
The authentication module is interconnected with the extender load-on module, and authentication module expands in BIOS
Exhibition program is verified when starting to user type:If user does not carry out any operation, the user type
It is domestic consumer;If user input administrator password and by checking, the user type be keeper use
Family;
The hardware identification module is measured to the key hardware appliance integrality that computer is connected, and is measured
Journey is as follows:Hardware identification module is recorded and stores the characteristic value of key hardware equipment, and carries out spy in start
Value indicative is contrasted, if there is difference, i.e., key equipment is replaced or unloads, then entered according to the user type for logging in
The corresponding action of row;
The software authentication module is used to measure operating system nucleus critical file, and the metrics process is such as
Under:Software authentication module reads the file listed in listed files, and sends data in file to algorithm branch
Hold and carry out in module Hash operation and obtain Standard Hash value, store file is corresponding with Standard Hash value, opening
During machine, software authentication module calculates the cryptographic Hash of respective file and is contrasted with Standard Hash value, if having not
Together, then corresponding actions are carried out according to user type;
So-called guiding control module is used for the starting device according to used by user type controls user:Control is general
General family is by hard disk startup operating system, and the boot sequence that administrator is then set according to BIOS passes through
Key equipment can start-up operation system.
2. a kind of computer security strengthening system based on BIOS extensions as claimed in claim 1, it is special
Levy and be, the key equipment includes video card, network interface card, hard disk, CD-ROM drive, USB flash disk and BIOS.
3. a kind of computer security strengthening system based on BIOS extensions as claimed in claim 1, it is special
Levy and be, the safety enhancing system as software program programming PCI-E boards non-volatile storage space
It is interior, the PCI-E boards are linked into the computer system by pci bus.
4. a kind of computer security strengthening system based on BIOS extensions as claimed in claim 1, it is special
Levy and be, in FLASH chip of the safety enhancing system as software program programming to BIOS.
5. a kind of computer security strengthening system based on BIOS extensions as claimed in claim 3, it is special
Levy and be, the algorithm support module includes the algorithm chip and its driver that are connected in pci bus.
6. a kind of computer security Enhancement Method based on BIOS extensions, it is characterised in that using being connected to
The computer of safety enhancing system as claimed in claim 1, performs following steps:
Step one:Start computer, before os starting, start BIOS, BIOS it is upper electricity from
Inspection POST stages, the extender load-on module hooks the interrupt vector INT19H of start-up operation system,
And preserve original first jump instruction of INT19H interrupt vectors and INT19H, the extender loading
Module is exited, and BIOS continues to complete the initialization of computer system;
Step 2:When BIOS performs INT19H, each module in the safety enhancing system is loaded;
Step 3:Entered using the authentication module and user type is verified;
Step 4:The key hardware appliance integrality connected to computer system using the hardware identification module
Measured, and viewing hardware measurement results on the computer screen;
Step 5:It is used to measure operating system nucleus critical file using the software authentication module,
And Documents Metric result is shown on the computer screen;
Step 6:Perform and start control module, according to active user's type, selection is directly from hard disk startup behaviour
Make system or the authority of start-up operation system is given back the INT19H of BIOS.
7. a kind of computer security Enhancement Method based on BIOS extensions as claimed in claim 6, it is special
Levy and be, the safety enhancing system as software program programming PCI-E boards non-volatile storage space
It is interior, the PCI-E boards are linked into the computer system;The algorithm support module includes being connected to
Algorithm chip and its driver in pci bus.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510969189.XA CN106909848A (en) | 2015-12-22 | 2015-12-22 | A kind of computer security strengthening system and its method based on BIOS extensions |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510969189.XA CN106909848A (en) | 2015-12-22 | 2015-12-22 | A kind of computer security strengthening system and its method based on BIOS extensions |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106909848A true CN106909848A (en) | 2017-06-30 |
Family
ID=59199887
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510969189.XA Pending CN106909848A (en) | 2015-12-22 | 2015-12-22 | A kind of computer security strengthening system and its method based on BIOS extensions |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106909848A (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107894905A (en) * | 2017-11-29 | 2018-04-10 | 郑州云海信息技术有限公司 | A kind of operating system file guard method based on BIOS |
| CN108197477A (en) * | 2017-12-29 | 2018-06-22 | 山东超越数控电子股份有限公司 | A kind of method prevented hard disk and replaced |
| CN108875358A (en) * | 2018-06-08 | 2018-11-23 | 山东超越数控电子股份有限公司 | A kind of android system safe starting method based on X86 platform |
| CN109033848A (en) * | 2018-06-25 | 2018-12-18 | 湖南国科微电子股份有限公司 | Storing data method for safe operation and system |
| CN109993001A (en) * | 2019-04-03 | 2019-07-09 | 中电科技(北京)有限公司 | Firmware layer user management method based on credible chip |
| CN110610091A (en) * | 2019-09-12 | 2019-12-24 | 江苏域固威芯科技有限公司 | Security PXE method based on domestic network platform |
| CN111008379A (en) * | 2019-11-22 | 2020-04-14 | 腾讯科技(深圳)有限公司 | Firmware safety detection method of electronic equipment and related equipment |
| CN113986362A (en) * | 2021-10-22 | 2022-01-28 | 山东云海国创云计算装备产业创新中心有限公司 | RAID card, control method thereof and server host |
| CN114666167A (en) * | 2022-05-23 | 2022-06-24 | 中电云数智科技有限公司 | Safety user authentication method of industrial equipment and industrial equipment |
| CN114912131A (en) * | 2022-04-19 | 2022-08-16 | 山东鲸鲨信息技术有限公司 | Data encryption method and system and electronic equipment |
Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5694582A (en) * | 1996-01-26 | 1997-12-02 | Dell Usa, Lp | Operation system independent polled interface for extension BIOS (XBIOS) operations |
| US20030074548A1 (en) * | 2001-10-16 | 2003-04-17 | International Business Machines Corporation | Method and system for tracking a secure boot in a trusted computing environment |
| CN101000586A (en) * | 2006-01-13 | 2007-07-18 | 英业达股份有限公司 | On-line processing method and system for peripheral equipment of computer operated by person |
| CN101021793A (en) * | 2006-02-13 | 2007-08-22 | 刘文斌 | Method and system for realizing Pre-OS Application utilizing extended BIOS technique |
| CN101324912A (en) * | 2008-07-30 | 2008-12-17 | 中国航天科工集团第二研究院七○六所 | Credible safety computer |
| CN101488177A (en) * | 2009-03-02 | 2009-07-22 | 中国航天科工集团第二研究院七○六所 | BIOS based computer security control system and method thereof |
| US20090265537A1 (en) * | 2008-04-22 | 2009-10-22 | Asustek Computer Inc. | Computer system, bios structure and boot method thereof |
| CN101650647A (en) * | 2008-08-12 | 2010-02-17 | 武汉卓华软件有限责任公司 | Compatibility method for EFI platform |
| CN102214278A (en) * | 2010-04-06 | 2011-10-12 | 国民技术股份有限公司 | Creditability detection method of computer |
| CN102279914A (en) * | 2011-07-13 | 2011-12-14 | 中国人民解放军海军计算技术研究所 | Unified extensible firmware interface (UEFI) trusted supporting system and method for controlling same |
| CN102332070A (en) * | 2011-09-30 | 2012-01-25 | 中国人民解放军海军计算技术研究所 | Trust chain transfer method for trusted computing platform |
| CN102436566A (en) * | 2012-01-12 | 2012-05-02 | 冶金自动化研究设计院 | Dynamic trusted measurement method and safe embedded system |
| CN104751063A (en) * | 2014-12-31 | 2015-07-01 | 国家电网公司 | Operation system trusted guide method based on real mode technology |
-
2015
- 2015-12-22 CN CN201510969189.XA patent/CN106909848A/en active Pending
Patent Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5694582A (en) * | 1996-01-26 | 1997-12-02 | Dell Usa, Lp | Operation system independent polled interface for extension BIOS (XBIOS) operations |
| US20030074548A1 (en) * | 2001-10-16 | 2003-04-17 | International Business Machines Corporation | Method and system for tracking a secure boot in a trusted computing environment |
| CN101000586A (en) * | 2006-01-13 | 2007-07-18 | 英业达股份有限公司 | On-line processing method and system for peripheral equipment of computer operated by person |
| CN101021793A (en) * | 2006-02-13 | 2007-08-22 | 刘文斌 | Method and system for realizing Pre-OS Application utilizing extended BIOS technique |
| US20090265537A1 (en) * | 2008-04-22 | 2009-10-22 | Asustek Computer Inc. | Computer system, bios structure and boot method thereof |
| CN101324912A (en) * | 2008-07-30 | 2008-12-17 | 中国航天科工集团第二研究院七○六所 | Credible safety computer |
| CN101650647A (en) * | 2008-08-12 | 2010-02-17 | 武汉卓华软件有限责任公司 | Compatibility method for EFI platform |
| CN101488177A (en) * | 2009-03-02 | 2009-07-22 | 中国航天科工集团第二研究院七○六所 | BIOS based computer security control system and method thereof |
| CN102214278A (en) * | 2010-04-06 | 2011-10-12 | 国民技术股份有限公司 | Creditability detection method of computer |
| CN102279914A (en) * | 2011-07-13 | 2011-12-14 | 中国人民解放军海军计算技术研究所 | Unified extensible firmware interface (UEFI) trusted supporting system and method for controlling same |
| CN102332070A (en) * | 2011-09-30 | 2012-01-25 | 中国人民解放军海军计算技术研究所 | Trust chain transfer method for trusted computing platform |
| CN102436566A (en) * | 2012-01-12 | 2012-05-02 | 冶金自动化研究设计院 | Dynamic trusted measurement method and safe embedded system |
| CN104751063A (en) * | 2014-12-31 | 2015-07-01 | 国家电网公司 | Operation system trusted guide method based on real mode technology |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107894905A (en) * | 2017-11-29 | 2018-04-10 | 郑州云海信息技术有限公司 | A kind of operating system file guard method based on BIOS |
| CN108197477A (en) * | 2017-12-29 | 2018-06-22 | 山东超越数控电子股份有限公司 | A kind of method prevented hard disk and replaced |
| CN108875358A (en) * | 2018-06-08 | 2018-11-23 | 山东超越数控电子股份有限公司 | A kind of android system safe starting method based on X86 platform |
| CN109033848A (en) * | 2018-06-25 | 2018-12-18 | 湖南国科微电子股份有限公司 | Storing data method for safe operation and system |
| CN109993001A (en) * | 2019-04-03 | 2019-07-09 | 中电科技(北京)有限公司 | Firmware layer user management method based on credible chip |
| CN110610091A (en) * | 2019-09-12 | 2019-12-24 | 江苏域固威芯科技有限公司 | Security PXE method based on domestic network platform |
| CN111008379A (en) * | 2019-11-22 | 2020-04-14 | 腾讯科技(深圳)有限公司 | Firmware safety detection method of electronic equipment and related equipment |
| CN111008379B (en) * | 2019-11-22 | 2023-02-28 | 腾讯科技(深圳)有限公司 | Firmware safety detection method of electronic equipment and related equipment |
| CN113986362A (en) * | 2021-10-22 | 2022-01-28 | 山东云海国创云计算装备产业创新中心有限公司 | RAID card, control method thereof and server host |
| CN113986362B (en) * | 2021-10-22 | 2024-01-23 | 山东云海国创云计算装备产业创新中心有限公司 | RAID card, control method thereof and server host |
| CN114912131A (en) * | 2022-04-19 | 2022-08-16 | 山东鲸鲨信息技术有限公司 | Data encryption method and system and electronic equipment |
| CN114666167A (en) * | 2022-05-23 | 2022-06-24 | 中电云数智科技有限公司 | Safety user authentication method of industrial equipment and industrial equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106909848A (en) | A kind of computer security strengthening system and its method based on BIOS extensions | |
| US11080405B2 (en) | Securing operating system configuration using hardware | |
| US7937575B2 (en) | Information processing system, program product, and information processing method | |
| CN102279914B (en) | Unified extensible firmware interface (UEFI) trusted supporting system and method for controlling same | |
| CN107025406B (en) | Motherboard, computer-readable storage device, and firmware verification method | |
| JP6053786B2 (en) | Firmware-based Trusted Platform Module (TPM) for ARM® Trust Zone implementation | |
| US8909940B2 (en) | Extensible pre-boot authentication | |
| CN103718165B (en) | BIOS flash memory attack protection and notice | |
| US10216936B2 (en) | Method of preventing computer malfunction, computer program, and computer | |
| US9703635B2 (en) | Method, computer program, and computer for restoring set of variables | |
| US20090328195A1 (en) | Authentication and Access Protection of Computer Boot Modules in Run-Time Environments | |
| CN104794393A (en) | Embedded type partition image security certification and kernel trusted boot method and equipment thereof | |
| US20130227262A1 (en) | Authentication device and authentication method | |
| CN109992973B (en) | Starting measurement method and device by using OPROM mechanism | |
| CN107567629A (en) | Dynamic firmware module loader in credible performing environment container | |
| CN109918887A (en) | Firmware layer fingerprint identification method and computer system based on UEFI | |
| US11861011B2 (en) | Secure boot process | |
| US8924306B2 (en) | Remote computer rebooting tool | |
| CN115906046A (en) | Trusted computing system and measurement method based on trusted computing system | |
| CN114510751A (en) | Hardware replacement prevention device and method based on processor security kernel | |
| CN100375027C (en) | System and method for fast starting TCPA/TCG safety computer | |
| CN110688663A (en) | Execution command protection method and device, android device and storage medium | |
| CN109992933A (en) | The firmware of PIN-based code authorization starts method | |
| US20230401316A1 (en) | Pre-authorized virtualization engine for dynamic firmware measurement | |
| Gu et al. | A secure bootstrap based on trusted computing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20170630 |
|
| WD01 | Invention patent application deemed withdrawn after publication |