CN106919859A - Basic input output system guard method and device - Google Patents

Basic input output system guard method and device Download PDF

Info

Publication number
CN106919859A
CN106919859A CN201510996109.XA CN201510996109A CN106919859A CN 106919859 A CN106919859 A CN 106919859A CN 201510996109 A CN201510996109 A CN 201510996109A CN 106919859 A CN106919859 A CN 106919859A
Authority
CN
China
Prior art keywords
code
authorization code
protection
active
mac address
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510996109.XA
Other languages
Chinese (zh)
Other versions
CN106919859B (en
Inventor
吴昌
修惠文
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Industrial Edge Intelligent Innovation Center Co ltd
Original Assignee
EVOC Intelligent Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by EVOC Intelligent Technology Co Ltd filed Critical EVOC Intelligent Technology Co Ltd
Priority to CN201510996109.XA priority Critical patent/CN106919859B/en
Publication of CN106919859A publication Critical patent/CN106919859A/en
Application granted granted Critical
Publication of CN106919859B publication Critical patent/CN106919859B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/73Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Mathematical Physics (AREA)
  • Storage Device Security (AREA)
  • Stored Programmes (AREA)

Abstract

The present invention relates to a kind of basic input output system guard method and device, including:Electricity, following steps are performed during the non-power-on self-test for first powering in start:The MAC Address of current network interface card is read, the current grant code of BIOS image files is generated according to the MAC Address;Reserved authorization code is read from nonvolatile memory, judges whether the current grant code is identical with reserved authorization code, if identical; then allow start; if the current grant code is differed with reserved authorization code, start is not allowed, realize the protection of basic input output system.

Description

Basic input output system guard method and device
Technical field
The present invention relates to field of computer technology, more particularly to a kind of basic input output system guard method And device.
Background technology
BIOS (Basic Input&Output System, basic input output system) image file is by BIOS The binary file that source code is produced by compiling, it is expensive because BIOS source codes source is single, it is public Department needs to spend high cost to be bought from BIOS manufacturers, in order to develop suitable Products on this basis Function.
BIOS image files typically follow company mainboard to sell, but due to binary file can by software, The modes such as cd-rom recorder read, so often there is appropriator to read other by software or cd-rom recorder in the market After the BIOS image files of company, after simply Partial key information is changed, the hardware in same platform is used On sell, or plagiarize products-hardware design, release product is read by software or cd-rom recorder BIOS, so as to realize same function in terminal, serious shadow is caused to the competitiveness of stolen Products Ring.
The content of the invention
Based on this, it is necessary to for above-mentioned technical problem, there is provided a kind of basic input output system guard method And device, basic input output system is protected.
A kind of basic input output system guard method, methods described includes:
Electricity in start;
Following steps are performed during the non-power-on self-test for first powering on:
The MAC Address of current network interface card is read, working as BIOS image files is generated according to the MAC Address Preceding authorization code;
Reserved authorization code is read from nonvolatile memory, the current grant code and reserved authorization code is judged It is whether identical, if identical, start is allowed, if current grant code is differed with reserved authorization code, Start is not allowed then.
Wherein in one embodiment, also include after the step of electricity in the start:
Detect whether to first power on, if first powering on, then the initial MAC Address life according to current network interface card Into the initial authorization code of BIOS image files, initialization protection active flag is non-started state, will be described first Beginning authorization code and protection active flag are saved in nonvolatile memory;
If also included after the step of current grant code is differed with reserved authorization code:
Whether protection active flag is read from the nonvolatile memory, the protection active flag is judged It is protection starting state, if it is not, then initial authorization code is updated to the current grant code, will The protection active flag is revised as protecting starting state, and current grant code and protection active flag are protected It is stored to nonvolatile memory, it is allowed to start shooting;
If the protection active flag is protection starting state, start is not allowed.
Wherein in one embodiment, it is described do not allow start the step of before, also include:
System is delayed machine, receives the active coding of input;
Judge whether to receive active coding, if it is, the active coding is verified, if the verification passes, then The reserved authorization code is updated to the current grant code and is saved in nonvolatile memory, it is allowed to started shooting;
If being not received by active coding or active coding checking not passing through, start is not allowed.
It is described that the current of BIOS image files is generated according to the MAC Address wherein in one embodiment The step of authorization code, includes:
Calculate current network interface card EEPROM verification and, according to the MAC Address and verify and generation institute State current grant code;
The step of the initial authorization code of the initial MAC Address generation BIOS image files of the current network interface card of basis Suddenly include:
Calculate the EEPROM of current network interface card initial verification and, according to the initial MAC Address and initial Verify and generate the initial authorization code.
Wherein in one embodiment, methods described also includes:
The active coding being verified is saved in nonvolatile memory;
The step of checking active coding, includes:
Reserved active coding in reading non-volatile storage, judge it is described receive input active coding whether with The reserved active coding is identical, if identical, verify and do not pass through.
A kind of basic input output system protection device, described device includes:
Current grant code generation module, for upper electricity of starting shooting, reads during the non-power-on self-test for first powering on The MAC Address of current network interface card is taken, the current grant of BIOS image files is generated according to the MAC Address Code;
Protection module, for reading reserved authorization code from nonvolatile memory, judges the current grant Code it is whether identical with reserved authorization code, if identical, allow start, if the current grant code with it is pre- Stay authorization code to differ, then do not allow start.
Wherein in one embodiment, described device also includes:
Initialization module, for detecting whether to first power on, if first powering on, then according to current network interface card Initial MAC Address generation BIOS image files initial authorization code, initialization protection active flag is for non- Starting state, nonvolatile memory is saved in by initial authorization code and protection active flag;
The protection module includes:
Judging unit, for reading protection active flag from the nonvolatile memory, judges the guarantor Whether shield active flag is protection starting state, if it is not, then into processing unit, if the protection Active flag is protection starting state, then do not allow start;
Processing unit, for initial authorization code to be updated into the current grant code, the protection is opened Dynamic mark is revised as protecting starting state, current grant code and protection active flag is saved in non-volatile Property memory, it is allowed to start shooting.
Wherein in one embodiment, described device also includes:
Active module, delays machine for system, receives the active coding of input, judges whether to receive active coding, If it is, verifying the active coding, if the verification passes, then the reserved authorization code is updated to described Current grant code is saved in nonvolatile memory, it is allowed to start shooting, if being not received by active coding or described Active coding checking does not pass through, then do not allow start.
Wherein in one embodiment, the current grant code generation module is additionally operable to calculate current network interface card The verification of EEPROM and, according to the MAC Address and verification and generate current grant code;
The initialization module be additionally operable to calculate the EEPROM of current network interface card initial verification and, according to described Initial MAC Address and initial verify and generate the initial authorization code.
Wherein in one embodiment, the active module is additionally operable to preserve the active coding being verified To nonvolatile memory, the reserved active coding in reading non-volatile storage judges described to receive input Active coding it is whether identical with the reserved active coding, if identical, verify and do not pass through.
Above-mentioned basic input output system guard method and device, by the upper electricity of start, first power on non- Following steps are performed during power-on self-test:The MAC Address of current network interface card is read, is given birth to according to MAC Address Into the current grant code of BIOS image files;Reserved authorization code is read from nonvolatile memory, judges to work as Whether preceding authorization code identical with reserved authorization code, if identical, allow start, if current grant code with Reserved authorization code is differed, then do not allow start, because the MAC Address whole world is unique, the BIOS mirrors stolen When being communicated in a network using other MAC Address as file, according to the current grant that MAC Address is generated Code must be inconsistent with reserved authorization code, leads to not normal boot-strap, it is achieved thereby that basic input and output system The protection of system.
Brief description of the drawings
Fig. 1 is the flow chart of basic input output system guard method in one embodiment;
Fig. 2 be one embodiment in current grant code differed with reserved authorization code in the case of be input into substantially it is defeated Go out the flow chart of system protection method;
Fig. 3 is that the flow chart of basic input output system guard method is carried out by active coding in one embodiment;
Fig. 4 is the flow chart of basic input output system guard method in a specific embodiment;
Fig. 5 is the structured flowchart of basic input output system protection device in one embodiment;
Fig. 6 is the structured flowchart of basic input output system protection device in another embodiment;
Fig. 7 is the structured flowchart of protection module in one embodiment;
Fig. 8 is the structured flowchart of basic input output system protection device in further embodiment.
Specific embodiment
In one embodiment, as shown in the figure, there is provided a kind of basic input output system guard method, by In the EEPROM and MAC Address of network interface card be usually mainboard start after, the online burning under DOS, So must need to first power on the burning for carrying out EEPROM and MAC Address before producer dispatches from the factory, due to It is that producer performs to first power on, and is not dispatched from the factory also now, in the absence of the situation that BIOS steals, it is not required that BIOS is protected, therefore the present embodiment describes non-to first power on process.Methods described includes:
Step S110, electricity in start.
Specifically, computer will enter power-on self-test process, i.e. BIOS (Basic Input& after the upper electricity of start Output System, basic input output system) POST (Power On Self-Test, power-on self-test) rank Section.In the power-on self-test stage, computer can run the code in BIOS, and the hardware to computer-internal is carried out Detection etc..
Step S120, reads the MAC Address of current network interface card, and BIOS mirror images text is generated according to MAC Address The current grant code of part.
Specifically, current network interface card can be independent network interface card, or Onboard NIC, Onboard NIC refers to whole The integrated network card chip of the mainboard of network function is closed.MAC (visit by Media Access Control, media Ask control) address, for defining the position of the network equipment, is that network interface card is determined, with global uniqueness. The current grant code of BIOS image files is generated according to MAC Address, specific generating algorithm can be as needed It is self-defined, except MAC Address can also be according to EEPROM (the Electrically Erasable of network interface card Programmable Read-Only Memory, EEPROM), the EEPROM of network interface card The upper electric default configuration of network interface card register is deposited, by calculating its verification and generating the current of BIOS image files Authorization code, further improves the security of current grant code, prevents from being cracked.Because MAC Address has entirely Ball uniqueness, the current grant code of generation also has global uniqueness.
Step S130, reads reserved authorization code from nonvolatile memory, judges current grant code and reserves Whether authorization code is identical, if identical, allows start, if current grant code and reserved authorization code not phase Together, then start is not allowed.
Specifically, reserved authorization code is stored in nonvolatile memory the coding for verifying start authority Information, can be the coding information according to network interface card information generation when dispatching from the factory before dispatching from the factory, for what is needed repairing Network interface card after network interface card, or upgrading EEPROM, MAC Address or EEPROM may be found that change, reserve Authorization code can also be the coding information generated according to the network interface card information after change after dispatching from the factory.Reserved authorization code It is to be generated according to MAC Address, with global uniqueness.Specific generating algorithm can be self-defined as needed, Except MAC Address can also be such as reserved to award according to the verification of the EEPROM of network interface card and the reserved authorization code of generation Weighted code is MAC Address, the combination of the verification sum of the EEPROM of network interface card.This reserved authorization code of generation Method further increases the security of reserved authorization code, prevents from being cracked.Judge current grant code and reserve Whether authorization code is identical, if it is different, then the network interface card information of explanation generation current grant code is reserved with generation awarding The network interface card information of weighted code is inconsistent, is probably in this case that BIOS image files are stolen using at other Communicated by other MAC Address on mainboard, start, only current grant code and reserved mandate code-phase are not allowed It is same to start shooting.The BIOS image files that eavesdropper will be stolen are used when on other mainboards and network interface card, first Eavesdropper not can know that what reserved authorization code is, even if secondly eavesdropper has together stolen reserved authorization code, When being communicated in a network using other MAC Address, the current grant of the BIOS image files stolen code with Reserved authorization code is also inconsistent, leads to not normal boot-strap, it is achieved thereby that the protection of BIOS.And it is this BIOS guard method low costs, versatility is good, on the premise of any hardware cost is not increased, can protect company The core competitive power value of product.
In one embodiment, after reading the reserved authorization code of encryption from nonvolatile memory, also pair plus Close reserved authorization code decryption obtains reserved authorization code.The mesh of the mandate code encryption preserved in nonvolatile memory Be, in order to prevent malice stealer, to go to crack the implementation of BIOS protection techniques.
In the present embodiment, by the upper electricity of start, walked below execution during the non-power-on self-test for first powering on Suddenly:The MAC Address of current network interface card is read, generating the current of BIOS image files according to MAC Address awards Weighted code;Reserved authorization code is read from nonvolatile memory, judges that current grant code is with reserved authorization code It is no identical, if identical, start is allowed, if current grant code is differed with reserved authorization code, no Start is allowed, because the MAC Address whole world is unique, the BIOS image files stolen use other MAC When address communicates in a network, the current grant code generated according to MAC Address must differ with reserved authorization code Cause, lead to not normal boot-strap, it is achieved thereby that the protection of basic input output system.
In one embodiment, after step S110, also include:Detect whether to first power on, if first Secondary start, then according to current network interface card initial MAC Address generation BIOS image files initial authorization code, It is non-started state that active flag is protected in initialization, initial authorization code and protection active flag is saved in non-easy The property lost memory.
Specifically, initial MAC Address is usually random, it is necessary to initial MAC Address before dispatching from the factory It is updated so that MAC Address is correct available address.So needing to retain once modification MAC ground The chance of location so that producer can be updated to MAC Address.Need to increase judgment mechanism, i.e., first The MAC Address of secondary network interface card before changing, when starting shooting first time so that BIOS protection active flags are opened for non- Dynamic state, only protects active flag for non-started state could be changed to MAC Address, carries out once Protection active flag is just revised as starting state, starting protection function after change.According to initial MAC Address The initial authorization code of BIOS image files is generated, specific generating algorithm can be self-defined as needed, except MAC Address can also be verified and generation BIOS mirror image texts according to the initial EEPROM of network interface card by calculating it The initial authorization code of part, further improves the security of current grant code, prevents from being cracked.Due to initial MAC Address is usually random, and the initial authorization code of generation is also random.Protection active flag can be as needed Make by oneself, it is non-started state such as to define 0, and 1 is protection starting state.
Judge also to include after the step of current grant code is differed with reserved authorization code:
Step S210, reads protection active flag from nonvolatile memory, judges that protection active flag is No is protection starting state, if it is not, then into step S220, not allowing start otherwise.
Specifically, if not protection starting state, then illustrate that MAC Address did not carry out also once updating, In modifiable state, reserved authorization code now must be the initial authorization code retained after first powering on. And current grant code is differed with reserved authorization code and illustrates that now MAC Address is altered, is correct available MAC Address, corresponding current grant code is also proper authorization code.Hence into step S220, will initially award Weighted code is updated.
Step S220, current grant code is updated to by initial authorization code, and protection active flag is revised as into protection Starting state, is saved in nonvolatile memory, it is allowed to start shooting by current grant code and protection active flag.
Specifically, initial authorization code is updated into current grant code, manufacturer of now dispatching from the factory has been network interface card burning Correct MAC Address, and save corresponding correct authorization code, it is possible to dispatch from the factory, after dispatching from the factory just There is a problem of that BIOS steals, so protection active flag is revised as protecting starting state, starting protection work( Energy.
If BIOS starts BIOS defencive functions if first time starts shooting, can cause to be have updated during plant produced After MAC Address, reserved initial authorization code is not the MAC Address generation after updating, current grant code It is inconsistent all the time with reserved initial authorization code cause it is follow-up all cannot normal boot-strap, in the present embodiment, pass through Protection active flag solves the replacement problem of MAC Address and authorization code before dispatching from the factory.
In one embodiment, the current grant code of BIOS image files is generated according to the MAC Address Step includes:Calculate current network interface card EEPROM verification and, according to the MAC Address and verification and Generate the current grant code.Initial MAC Address according to current network interface card generates the first of BIOS image files The step of beginning authorization code, includes:Calculate current network interface card EEPROM initial verification and, according to initial MAC Address and initial verify and generate the initial authorization code.
Specifically, calculating the EEPROM verifications of network interface card and the integrality of EEPROM and accurate can be ensured Property, the circular for verifying sum can be self-defined as needed.The life of current grant code and initial authorization code Chengdu consider EEPROM verification and so that the generating algorithm of authorization code is more difficult to be cracked, and strengthens and awards The security of weighted code.
In one embodiment, as shown in figure 3, before the step of not allowing start, also including:
Step S310, system is delayed machine, receives the active coding of input.
Specifically, for the network interface card for needing repairing, or the network interface card after upgrading EEPROM, MAC Address or EEPROM may be found that change, cause according to MAC Address after change and EEPROM calculate it is current Authorization code is inconsistent with reserved authorization code, is made by way of being input into active coding and verifying in this case new hard Part configuration take-effective.The user of legal BIOS image files can apply for active coding to producer, can be with online application Can also apply under line, application can ensure the validity of active coding under line, prevent from being stolen in transfers on network Take.If online application, can be sent to active coding server in application and asked, may include to rise in request Authorization code, mainboard sequence number before MAC Address, the verification of EEPROM and/or upgrading before level etc., factory Information of the family in application request determines whether to obtain the authority of active coding, if had permission, to Shen Please just send active coding.The active coding of transmission can be encrypted, and increase the security of active coding.The life of active coding Be can customize into algorithm, can such as be generated by the sequence number of mainboard, the model of Onboard NIC and MAC Address.
Step S320, judges whether to receive active coding, if it is, into step S330, not permitting otherwise Perhaps start shooting.
Specifically, following step is carried out if active coding is received, if being not received by active coding, The authority being then not powered on.
Step S330, verifies active coding, judges whether active coding is verified, and if the verification passes, then enters Enter step S340, do not allow start otherwise.
Specifically, if the active coding of encryption, first passes through decryption, then verify, can lead to when verifying active coding The sequence number of mainboard, the model of Onboard NIC and the MAC Address crossed during specific decoding algorithm extracts active coding Verified etc. information.Such as extract the MAC Address needs for obtaining consistent with the MAC Address of current network interface card, In ensureing that active coding only can be used in a fixed machine.If the verification passes, then explanation is legal BIOS The user of image file, current grant code it is inconsistent with reserved authorization code the reason for be due to having carried out upgrading etc., Need to update reserved authorization code.If checking not over, can be again introduced into receive input active coding step Suddenly, if repeatedly the active coding of input is all incorrect, start is not allowed, while BIOS image files can be with Self-destruction, can determine according to concrete application demand.
Step S340, is updated to reserved authorization code current grant code and is saved in nonvolatile memory, it is allowed to Start.
Specifically, if the verification passes, then by reserved authorization code be updated to current grant code be saved in it is non-volatile Property memory, it is ensured that reserved authorization code is matched with the network interface card information after upgrading, and solves the follow-up of Products Maintenance issues.
In one embodiment, method also includes:The active coding that will be verified is saved in non-volatile memories Device.The step of verifying the active coding includes:Reserved active coding in reading non-volatile storage, judges Whether the active coding for receiving input is identical with reserved active coding, if identical, verify and do not pass through.
Specifically, the active coding that will be verified is saved in nonvolatile memory, it is easy to defeated in next needs When entering active coding, the reserved active coding in reading non-volatile storage, if next time input active coding with Reserved active coding is identical, then verify and do not pass through, it is ensured that active coding is used only once, and further enhances The security of active coding, strengthens the validity of BIOS protections.
In a specific embodiment, using Onboard NIC, as shown in figure 4, basic input output system The detailed process of guard method is as follows:
Step S410, reads the MAC Address and EEPROM of current Onboard NIC, calculates EEPROM's Verification and the current grant of verification and generation BIOS image files according to MAC Address and EEPROM Code.
Step S420, judges whether it is start for the first time, if it is, into step S430, otherwise entering Step S440.
Step S430, current grant code as initial authorization code encryption puts initialization protection active flag 0, non-started state is represented, the initial authorization code and protection active flag after encryption are saved in the non-of BIOS In volatile memory, the step of into normal boot-strap.
Step S440, the reserved authorization code and protection that encryption is read from the nonvolatile memory of BIOS is opened Dynamic mark, the reserved authorization code decoding that will be encrypted obtains reserved authorization code.Judge that current grant code is awarded with reserved Whether weighted code is identical, if it is not the same, then enter step S450, if identical, can normal boot-strap.
Step S450, judges whether whether protection active flag is 1, i.e., be starting state, if it is, Into step S460, otherwise into step S490.
Step S460, system is delayed machine, the input of the active coding of display reminding user input BIOS image files Frame, receives the active coding of input.
Step S470, judges whether active coding is proved to be successful, and if yes then enter step S480, otherwise enters Step S460.
Step S480, current grant code is updated to by the reserved authorization code in the nonvolatile memory of BIOS, And preserve into the nonvolatile memory of BIOS active coding, the step of subsequently into normal boot-strap.
Step S490, current grant code is updated to by the reserved authorization code in the nonvolatile memory of BIOS, Initialization protection active flag is put 1, starting state is represented, the step of subsequently into normal boot-strap.
In one embodiment, as shown in Figure 5, there is provided a kind of basic input output system protection device, Including:
Current grant code generation module 510, for upper electricity of starting shooting, during the non-power-on self-test for first powering on The MAC Address of current network interface card is read, the current grant code of BIOS image files is generated according to MAC Address.
Protection module 520, for reading reserved authorization code from nonvolatile memory, judges current grant code It is whether identical with reserved authorization code, if identical, start is allowed, if current grant code and reserved mandate Code is differed, then do not allow start.
In one embodiment, as shown in fig. 6, device also includes:
Initialization module 530, for detecting whether to first power on, if first powering on, then according to current net The initial authorization code of the initial MAC Address generation BIOS image files of card, initializing protection active flag is Non-started state, nonvolatile memory is saved in by initial authorization code and protection active flag.
As shown in fig. 7, protection module 520 includes:
Judging unit 521, for reading protection active flag from nonvolatile memory, judges that protection starts Whether mark is protection starting state, if it is not, then into processing unit, if protection active flag is Protection starting state, then do not allow start.
Processing unit 522, for initial authorization code to be updated into the current grant code, will protect active flag It is revised as protecting starting state, current grant code and protection active flag is saved in nonvolatile memory, Allow start.
In one embodiment, as shown in figure 8, device also includes:
Active module 540, delays machine for system, receives the active coding of input, judges whether to receive active coding, If it is, checking active coding, if the verification passes, is then updated to the current grant by reserved authorization code Code is saved in nonvolatile memory, it is allowed to start shooting, if being not received by active coding or active coding checking not Pass through, then do not allow start.
In one embodiment, current grant code generation module 510 is additionally operable to calculate current network interface card The verification of EEPROM and, according to MAC Address and verify and generation current grant code.
Initialization module 530 be additionally operable to calculate the EEPROM of current network interface card initial verification and, according to initial MAC Address and initial verification and generation initial authorization code.
In one embodiment, the active coding that active module 540 is additionally operable to be verified is saved in non-volatile Property memory, the reserved active coding in reading non-volatile storage, judge receive input active coding whether It is identical with reserved active coding, if identical, verify and do not pass through.
One of ordinary skill in the art will appreciate that all or part of flow in realizing above-described embodiment method, Computer program be can be by instruct the hardware of correlation to complete, described program can be stored in a computer In read/write memory medium, such as in the embodiment of the present invention, the storage that the program can be stored in computer system is situated between In matter, and by least one of computer system computing device, to realize including such as above-mentioned each method Embodiment flow.Wherein, the storage medium can be magnetic disc, CD, read-only memory (Read-Only Memory, ROM) or random access memory (Random Access Memory, RAM) Deng.
Each technical characteristic of embodiment described above can be combined arbitrarily, not right to make description succinct The all possible combination of each technical characteristic in above-described embodiment is all described, as long as however, these skills The combination of art feature does not exist contradiction, is all considered to be the scope of this specification record.
Embodiment described above only expresses several embodiments of the invention, and its description is more specific and detailed, But can not therefore be construed as limiting the scope of the patent.It should be pointed out that for this area For those of ordinary skill, without departing from the inventive concept of the premise, some deformations can also be made and changed Enter, these belong to protection scope of the present invention.Therefore, the protection domain of patent of the present invention should be with appended power Profit requires to be defined.

Claims (10)

1. a kind of basic input output system guard method, methods described includes:
Electricity in start;
Following steps are performed during the non-power-on self-test for first powering on:
The MAC Address of current network interface card is read, working as BIOS image files is generated according to the MAC Address Preceding authorization code;
Reserved authorization code is read from nonvolatile memory, the current grant code and reserved authorization code is judged It is whether identical, if identical, start is allowed, if current grant code is differed with reserved authorization code, Start is not allowed then.
2. method according to claim 1, it is characterised in that in the start after the step of electricity Also include:
Detect whether to first power on, if first powering on, then the initial MAC Address life according to current network interface card Into the initial authorization code of BIOS image files, initialization protection active flag is non-started state, will be described first Beginning authorization code and protection active flag are saved in nonvolatile memory;
If also included after the step of current grant code is differed with reserved authorization code:
Whether protection active flag is read from the nonvolatile memory, the protection active flag is judged It is protection starting state, if it is not, then initial authorization code is updated to the current grant code, will The protection active flag is revised as protecting starting state, and current grant code and protection active flag are protected It is stored to nonvolatile memory, it is allowed to start shooting;
If the protection active flag is protection starting state, start is not allowed.
3. method according to claim 1 and 2, it is characterised in that described the step of do not allow start Before, also include:
System is delayed machine, receives the active coding of input;
Judge whether to receive active coding, if it is, the active coding is verified, if the verification passes, then The reserved authorization code is updated to the current grant code and is saved in nonvolatile memory, it is allowed to started shooting,
If being not received by active coding or active coding checking not passing through, start is not allowed.
4. method according to claim 1 and 2, it is characterised in that described according to MAC ground The step of current grant code of location generation BIOS image files, includes:
Calculate current network interface card EEPROM verification and, according to the MAC Address and verify and generation institute State current grant code;
The step of the initial authorization code of the initial MAC Address generation BIOS image files of the current network interface card of basis Suddenly include:
Calculate the EEPROM of current network interface card initial verification and, according to the initial MAC Address and initial Verify and generate the initial authorization code.
5. method according to claim 3, it is characterised in that methods described also includes:
The active coding being verified is saved in nonvolatile memory;
The step of checking active coding, includes:
Reserved active coding in reading non-volatile storage, judge it is described receive input active coding whether with The reserved active coding is identical, if identical, verify and do not pass through.
6. a kind of basic input output system protection device, it is characterised in that described device includes:
Current grant code generation module, for upper electricity of starting shooting, reads during the non-power-on self-test for first powering on The MAC Address of current network interface card is taken, the current grant of BIOS image files is generated according to the MAC Address Code;
Protection module, for reading reserved authorization code from nonvolatile memory, judges the current grant Code it is whether identical with reserved authorization code, if identical, allow start, if the current grant code with it is pre- Stay authorization code to differ, then do not allow start.
7. device according to claim 6, it is characterised in that described device also includes:
Initialization module, for detecting whether to first power on, if first powering on, then according to current network interface card Initial MAC Address generation BIOS image files initial authorization code, initialization protection active flag is for non- Starting state, nonvolatile memory is saved in by initial authorization code and protection active flag;
The protection module includes:
Judging unit, for reading protection active flag from the nonvolatile memory, judges the guarantor Whether shield active flag is protection starting state, if it is not, then into processing unit, if the protection Active flag is protection starting state, then do not allow start;
Processing unit, for initial authorization code to be updated into the current grant code, the protection is opened Dynamic mark is revised as protecting starting state, current grant code and protection active flag is saved in non-volatile Property memory, it is allowed to start shooting.
8. the device according to claim 6 or 7, it is characterised in that described device also includes:
Active module, delays machine for system, receives the active coding of input, judges whether to receive active coding, If it is, verifying the active coding, if the verification passes, then the reserved authorization code is updated to described Current grant code is saved in nonvolatile memory, it is allowed to start shooting, if being not received by active coding or described Active coding checking does not pass through, then do not allow start.
9. the device according to claim 6 or 7, it is characterised in that the current grant code generation mould Block be additionally operable to the EEPROM for calculating current network interface card verification and, according to the MAC Address and verification and raw Into current grant code;
The initialization module be additionally operable to calculate the EEPROM of current network interface card initial verification and, according to described Initial MAC Address and initial verify and generate the initial authorization code.
10. device according to claim 8, it is characterised in that the active module is additionally operable to institute State the active coding being verified and be saved in nonvolatile memory, it is reserved sharp in reading non-volatile storage Code living, judges whether the active coding for receiving input is identical with the reserved active coding, if identical, Checking does not pass through.
CN201510996109.XA 2015-12-25 2015-12-25 Basic input output system protection method and device Active CN106919859B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510996109.XA CN106919859B (en) 2015-12-25 2015-12-25 Basic input output system protection method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510996109.XA CN106919859B (en) 2015-12-25 2015-12-25 Basic input output system protection method and device

Publications (2)

Publication Number Publication Date
CN106919859A true CN106919859A (en) 2017-07-04
CN106919859B CN106919859B (en) 2020-09-18

Family

ID=59454725

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510996109.XA Active CN106919859B (en) 2015-12-25 2015-12-25 Basic input output system protection method and device

Country Status (1)

Country Link
CN (1) CN106919859B (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107704731A (en) * 2017-09-28 2018-02-16 成都安恒信息技术有限公司 A kind of cloud platform mirror image method for preventing piracy based on HOTP
CN107832588A (en) * 2017-11-17 2018-03-23 珠海市多泰吉智能技术有限公司 A kind of anti-method and apparatus and computer-readable storage medium divulged a secret of Flash
CN108009421A (en) * 2017-11-21 2018-05-08 国云科技股份有限公司 A kind of method of safety management desktop cloud terminal
CN108710803A (en) * 2018-04-09 2018-10-26 南京百敖软件有限公司 A kind of method of mainboard and BIOS bindings
CN109858233A (en) * 2018-12-21 2019-06-07 惠州Tcl移动通信有限公司 The mutual recognition methods of chip, device, storage medium and mobile terminal
CN110673861A (en) * 2019-08-12 2020-01-10 深圳市国科亿道科技有限公司 Protection method based on BIOS software
CN114661367A (en) * 2022-04-26 2022-06-24 苏州浪潮智能科技有限公司 Operating system installation method, device, equipment and medium in IPv6 environment

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050182732A1 (en) * 2003-01-31 2005-08-18 Microsoft Corporation Systems and methods for using machine attributes to deter software piracy in an enterprise environment
CN101667128A (en) * 2008-09-05 2010-03-10 华硕电脑股份有限公司 Method for updating and repairing basic input and output system
CN101777105A (en) * 2010-01-25 2010-07-14 上海北大方正科技电脑系统有限公司 Computer booting anti-counterfeit authentication method based on BIOS
CN102411545A (en) * 2010-09-25 2012-04-11 研祥智能科技股份有限公司 Method, device and system for protecting EEPROM (Electrically Erasable Programmable Read-Only Memory) operation
CN102855421A (en) * 2011-06-30 2013-01-02 研祥智能科技股份有限公司 Method for protecting BIOS (basic input and output system) program from being embezzled, basic input and output system and computing device
CN103336918A (en) * 2013-06-21 2013-10-02 福建伊时代信息科技股份有限公司 Electronic hard disk system authorization method and device

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050182732A1 (en) * 2003-01-31 2005-08-18 Microsoft Corporation Systems and methods for using machine attributes to deter software piracy in an enterprise environment
CN101667128A (en) * 2008-09-05 2010-03-10 华硕电脑股份有限公司 Method for updating and repairing basic input and output system
CN101777105A (en) * 2010-01-25 2010-07-14 上海北大方正科技电脑系统有限公司 Computer booting anti-counterfeit authentication method based on BIOS
CN102411545A (en) * 2010-09-25 2012-04-11 研祥智能科技股份有限公司 Method, device and system for protecting EEPROM (Electrically Erasable Programmable Read-Only Memory) operation
CN102855421A (en) * 2011-06-30 2013-01-02 研祥智能科技股份有限公司 Method for protecting BIOS (basic input and output system) program from being embezzled, basic input and output system and computing device
CN103336918A (en) * 2013-06-21 2013-10-02 福建伊时代信息科技股份有限公司 Electronic hard disk system authorization method and device

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107704731A (en) * 2017-09-28 2018-02-16 成都安恒信息技术有限公司 A kind of cloud platform mirror image method for preventing piracy based on HOTP
CN107704731B (en) * 2017-09-28 2021-03-09 成都安恒信息技术有限公司 Cloud platform mirror image anti-piracy method based on HOTP
CN107832588A (en) * 2017-11-17 2018-03-23 珠海市多泰吉智能技术有限公司 A kind of anti-method and apparatus and computer-readable storage medium divulged a secret of Flash
CN108009421A (en) * 2017-11-21 2018-05-08 国云科技股份有限公司 A kind of method of safety management desktop cloud terminal
CN108710803A (en) * 2018-04-09 2018-10-26 南京百敖软件有限公司 A kind of method of mainboard and BIOS bindings
CN109858233A (en) * 2018-12-21 2019-06-07 惠州Tcl移动通信有限公司 The mutual recognition methods of chip, device, storage medium and mobile terminal
CN110673861A (en) * 2019-08-12 2020-01-10 深圳市国科亿道科技有限公司 Protection method based on BIOS software
CN110673861B (en) * 2019-08-12 2022-03-18 深圳市国科亿道科技有限公司 Protection method based on BIOS software
CN114661367A (en) * 2022-04-26 2022-06-24 苏州浪潮智能科技有限公司 Operating system installation method, device, equipment and medium in IPv6 environment
CN114661367B (en) * 2022-04-26 2023-08-04 苏州浪潮智能科技有限公司 Method, device, equipment and medium for installing operating system in IPv6 environment

Also Published As

Publication number Publication date
CN106919859B (en) 2020-09-18

Similar Documents

Publication Publication Date Title
CN106919859A (en) Basic input output system guard method and device
CN109492378B (en) Identity verification method based on equipment identification code, server and medium
CN102509046B (en) The operating system effectively measured with the overall situation of dormancy support is started
CN103729597B (en) System starts method of calibration, system starts calibration equipment and terminal
CN105122258B (en) Method, computing system and the article that system is configured
CN101432752B (en) Trusted platform field upgrade system and method
CN105453103A (en) Secure OS boot as per reference platform manifest and data sealing
MX2007003737A (en) Random password automatically generated by bios for securing a data storage device.
WO2007016395A2 (en) Computing system feature activation mechanism
US20090287917A1 (en) Secure software distribution
CN101968834A (en) Encryption method and device for anti-copy plate of electronic product
CN102831079A (en) Mobile terminal and method for detecting same
CN102750100A (en) Terminal and method for identifying operating system of terminal
CN109086578A (en) A kind of method that soft ware authorization uses, equipment and storage medium
CN104364791A (en) PC security using BIOS/(U)EFI extensions
CN113076564B (en) Hard disk protection method, device and equipment based on Beidou positioning and storage medium
CN105718762B (en) A kind of BIOS authentication method and device
CN101221614A (en) Remote calibration method of real time clock in software protection device
US8423473B2 (en) Systems and methods for game activation
CN107209840A (en) With the Secure Transaction for the ancillary equipment being connected
CN112187783B (en) Authentication method and device, electronic equipment and storage medium
CN107133499B (en) Software copyright protection method, client, server and system
CN102855421A (en) Method for protecting BIOS (basic input and output system) program from being embezzled, basic input and output system and computing device
JP4678217B2 (en) Method and apparatus for managing numerical control apparatus
CN107180169A (en) A kind of software activation method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20230710

Address after: 518000 Shenzhen, Futian District, Guangdong Futian street Gangxia community Shennan Road No. 1003 Dongfang Xintiandi Plaza 5 floor 502F

Patentee after: Guangdong Industrial edge intelligent Innovation Center Co.,Ltd.

Address before: 518107 5th floor, No.1, Yanxiang Zhigu chuangxiangdi, No.11, Gaoxin Road, Guangming New District, Shenzhen City, Guangdong Province

Patentee before: EVOC INTELLIGENT TECHNOLOGY Co.,Ltd.

TR01 Transfer of patent right