CN106919859A - Basic input output system guard method and device - Google Patents
Basic input output system guard method and device Download PDFInfo
- Publication number
- CN106919859A CN106919859A CN201510996109.XA CN201510996109A CN106919859A CN 106919859 A CN106919859 A CN 106919859A CN 201510996109 A CN201510996109 A CN 201510996109A CN 106919859 A CN106919859 A CN 106919859A
- Authority
- CN
- China
- Prior art keywords
- code
- authorization code
- protection
- active
- mac address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/73—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Stored Programmes (AREA)
- Storage Device Security (AREA)
Abstract
The present invention relates to a kind of basic input output system guard method and device, including:Electricity, following steps are performed during the non-power-on self-test for first powering in start:The MAC Address of current network interface card is read, the current grant code of BIOS image files is generated according to the MAC Address;Reserved authorization code is read from nonvolatile memory, judges whether the current grant code is identical with reserved authorization code, if identical; then allow start; if the current grant code is differed with reserved authorization code, start is not allowed, realize the protection of basic input output system.
Description
Technical field
The present invention relates to field of computer technology, more particularly to a kind of basic input output system guard method
And device.
Background technology
BIOS (Basic Input&Output System, basic input output system) image file is by BIOS
The binary file that source code is produced by compiling, it is expensive because BIOS source codes source is single, it is public
Department needs to spend high cost to be bought from BIOS manufacturers, in order to develop suitable Products on this basis
Function.
BIOS image files typically follow company mainboard to sell, but due to binary file can by software,
The modes such as cd-rom recorder read, so often there is appropriator to read other by software or cd-rom recorder in the market
After the BIOS image files of company, after simply Partial key information is changed, the hardware in same platform is used
On sell, or plagiarize products-hardware design, release product is read by software or cd-rom recorder
BIOS, so as to realize same function in terminal, serious shadow is caused to the competitiveness of stolen Products
Ring.
The content of the invention
Based on this, it is necessary to for above-mentioned technical problem, there is provided a kind of basic input output system guard method
And device, basic input output system is protected.
A kind of basic input output system guard method, methods described includes:
Electricity in start;
Following steps are performed during the non-power-on self-test for first powering on:
The MAC Address of current network interface card is read, working as BIOS image files is generated according to the MAC Address
Preceding authorization code;
Reserved authorization code is read from nonvolatile memory, the current grant code and reserved authorization code is judged
It is whether identical, if identical, start is allowed, if current grant code is differed with reserved authorization code,
Start is not allowed then.
Wherein in one embodiment, also include after the step of electricity in the start:
Detect whether to first power on, if first powering on, then the initial MAC Address life according to current network interface card
Into the initial authorization code of BIOS image files, initialization protection active flag is non-started state, will be described first
Beginning authorization code and protection active flag are saved in nonvolatile memory;
If also included after the step of current grant code is differed with reserved authorization code:
Whether protection active flag is read from the nonvolatile memory, the protection active flag is judged
It is protection starting state, if it is not, then initial authorization code is updated to the current grant code, will
The protection active flag is revised as protecting starting state, and current grant code and protection active flag are protected
It is stored to nonvolatile memory, it is allowed to start shooting;
If the protection active flag is protection starting state, start is not allowed.
Wherein in one embodiment, it is described do not allow start the step of before, also include:
System is delayed machine, receives the active coding of input;
Judge whether to receive active coding, if it is, the active coding is verified, if the verification passes, then
The reserved authorization code is updated to the current grant code and is saved in nonvolatile memory, it is allowed to started shooting;
If being not received by active coding or active coding checking not passing through, start is not allowed.
It is described that the current of BIOS image files is generated according to the MAC Address wherein in one embodiment
The step of authorization code, includes:
Calculate current network interface card EEPROM verification and, according to the MAC Address and verify and generation institute
State current grant code;
The step of the initial authorization code of the initial MAC Address generation BIOS image files of the current network interface card of basis
Suddenly include:
Calculate the EEPROM of current network interface card initial verification and, according to the initial MAC Address and initial
Verify and generate the initial authorization code.
Wherein in one embodiment, methods described also includes:
The active coding being verified is saved in nonvolatile memory;
The step of checking active coding, includes:
Reserved active coding in reading non-volatile storage, judge it is described receive input active coding whether with
The reserved active coding is identical, if identical, verify and do not pass through.
A kind of basic input output system protection device, described device includes:
Current grant code generation module, for upper electricity of starting shooting, reads during the non-power-on self-test for first powering on
The MAC Address of current network interface card is taken, the current grant of BIOS image files is generated according to the MAC Address
Code;
Protection module, for reading reserved authorization code from nonvolatile memory, judges the current grant
Code it is whether identical with reserved authorization code, if identical, allow start, if the current grant code with it is pre-
Stay authorization code to differ, then do not allow start.
Wherein in one embodiment, described device also includes:
Initialization module, for detecting whether to first power on, if first powering on, then according to current network interface card
Initial MAC Address generation BIOS image files initial authorization code, initialization protection active flag is for non-
Starting state, nonvolatile memory is saved in by initial authorization code and protection active flag;
The protection module includes:
Judging unit, for reading protection active flag from the nonvolatile memory, judges the guarantor
Whether shield active flag is protection starting state, if it is not, then into processing unit, if the protection
Active flag is protection starting state, then do not allow start;
Processing unit, for initial authorization code to be updated into the current grant code, the protection is opened
Dynamic mark is revised as protecting starting state, current grant code and protection active flag is saved in non-volatile
Property memory, it is allowed to start shooting.
Wherein in one embodiment, described device also includes:
Active module, delays machine for system, receives the active coding of input, judges whether to receive active coding,
If it is, verifying the active coding, if the verification passes, then the reserved authorization code is updated to described
Current grant code is saved in nonvolatile memory, it is allowed to start shooting, if being not received by active coding or described
Active coding checking does not pass through, then do not allow start.
Wherein in one embodiment, the current grant code generation module is additionally operable to calculate current network interface card
The verification of EEPROM and, according to the MAC Address and verification and generate current grant code;
The initialization module be additionally operable to calculate the EEPROM of current network interface card initial verification and, according to described
Initial MAC Address and initial verify and generate the initial authorization code.
Wherein in one embodiment, the active module is additionally operable to preserve the active coding being verified
To nonvolatile memory, the reserved active coding in reading non-volatile storage judges described to receive input
Active coding it is whether identical with the reserved active coding, if identical, verify and do not pass through.
Above-mentioned basic input output system guard method and device, by the upper electricity of start, first power on non-
Following steps are performed during power-on self-test:The MAC Address of current network interface card is read, is given birth to according to MAC Address
Into the current grant code of BIOS image files;Reserved authorization code is read from nonvolatile memory, judges to work as
Whether preceding authorization code identical with reserved authorization code, if identical, allow start, if current grant code with
Reserved authorization code is differed, then do not allow start, because the MAC Address whole world is unique, the BIOS mirrors stolen
When being communicated in a network using other MAC Address as file, according to the current grant that MAC Address is generated
Code must be inconsistent with reserved authorization code, leads to not normal boot-strap, it is achieved thereby that basic input and output system
The protection of system.
Brief description of the drawings
Fig. 1 is the flow chart of basic input output system guard method in one embodiment;
Fig. 2 be one embodiment in current grant code differed with reserved authorization code in the case of be input into substantially it is defeated
Go out the flow chart of system protection method;
Fig. 3 is that the flow chart of basic input output system guard method is carried out by active coding in one embodiment;
Fig. 4 is the flow chart of basic input output system guard method in a specific embodiment;
Fig. 5 is the structured flowchart of basic input output system protection device in one embodiment;
Fig. 6 is the structured flowchart of basic input output system protection device in another embodiment;
Fig. 7 is the structured flowchart of protection module in one embodiment;
Fig. 8 is the structured flowchart of basic input output system protection device in further embodiment.
Specific embodiment
In one embodiment, as shown in the figure, there is provided a kind of basic input output system guard method, by
In the EEPROM and MAC Address of network interface card be usually mainboard start after, the online burning under DOS,
So must need to first power on the burning for carrying out EEPROM and MAC Address before producer dispatches from the factory, due to
It is that producer performs to first power on, and is not dispatched from the factory also now, in the absence of the situation that BIOS steals, it is not required that
BIOS is protected, therefore the present embodiment describes non-to first power on process.Methods described includes:
Step S110, electricity in start.
Specifically, computer will enter power-on self-test process, i.e. BIOS (Basic Input& after the upper electricity of start
Output System, basic input output system) POST (Power On Self-Test, power-on self-test) rank
Section.In the power-on self-test stage, computer can run the code in BIOS, and the hardware to computer-internal is carried out
Detection etc..
Step S120, reads the MAC Address of current network interface card, and BIOS mirror images text is generated according to MAC Address
The current grant code of part.
Specifically, current network interface card can be independent network interface card, or Onboard NIC, Onboard NIC refers to whole
The integrated network card chip of the mainboard of network function is closed.MAC (visit by Media Access Control, media
Ask control) address, for defining the position of the network equipment, is that network interface card is determined, with global uniqueness.
The current grant code of BIOS image files is generated according to MAC Address, specific generating algorithm can be as needed
It is self-defined, except MAC Address can also be according to EEPROM (the Electrically Erasable of network interface card
Programmable Read-Only Memory, EEPROM), the EEPROM of network interface card
The upper electric default configuration of network interface card register is deposited, by calculating its verification and generating the current of BIOS image files
Authorization code, further improves the security of current grant code, prevents from being cracked.Because MAC Address has entirely
Ball uniqueness, the current grant code of generation also has global uniqueness.
Step S130, reads reserved authorization code from nonvolatile memory, judges current grant code and reserves
Whether authorization code is identical, if identical, allows start, if current grant code and reserved authorization code not phase
Together, then start is not allowed.
Specifically, reserved authorization code is stored in nonvolatile memory the coding for verifying start authority
Information, can be the coding information according to network interface card information generation when dispatching from the factory before dispatching from the factory, for what is needed repairing
Network interface card after network interface card, or upgrading EEPROM, MAC Address or EEPROM may be found that change, reserve
Authorization code can also be the coding information generated according to the network interface card information after change after dispatching from the factory.Reserved authorization code
It is to be generated according to MAC Address, with global uniqueness.Specific generating algorithm can be self-defined as needed,
Except MAC Address can also be such as reserved to award according to the verification of the EEPROM of network interface card and the reserved authorization code of generation
Weighted code is MAC Address, the combination of the verification sum of the EEPROM of network interface card.This reserved authorization code of generation
Method further increases the security of reserved authorization code, prevents from being cracked.Judge current grant code and reserve
Whether authorization code is identical, if it is different, then the network interface card information of explanation generation current grant code is reserved with generation awarding
The network interface card information of weighted code is inconsistent, is probably in this case that BIOS image files are stolen using at other
Communicated by other MAC Address on mainboard, start, only current grant code and reserved mandate code-phase are not allowed
It is same to start shooting.The BIOS image files that eavesdropper will be stolen are used when on other mainboards and network interface card, first
Eavesdropper not can know that what reserved authorization code is, even if secondly eavesdropper has together stolen reserved authorization code,
When being communicated in a network using other MAC Address, the current grant of the BIOS image files stolen code with
Reserved authorization code is also inconsistent, leads to not normal boot-strap, it is achieved thereby that the protection of BIOS.And it is this
BIOS guard method low costs, versatility is good, on the premise of any hardware cost is not increased, can protect company
The core competitive power value of product.
In one embodiment, after reading the reserved authorization code of encryption from nonvolatile memory, also pair plus
Close reserved authorization code decryption obtains reserved authorization code.The mesh of the mandate code encryption preserved in nonvolatile memory
Be, in order to prevent malice stealer, to go to crack the implementation of BIOS protection techniques.
In the present embodiment, by the upper electricity of start, walked below execution during the non-power-on self-test for first powering on
Suddenly:The MAC Address of current network interface card is read, generating the current of BIOS image files according to MAC Address awards
Weighted code;Reserved authorization code is read from nonvolatile memory, judges that current grant code is with reserved authorization code
It is no identical, if identical, start is allowed, if current grant code is differed with reserved authorization code, no
Start is allowed, because the MAC Address whole world is unique, the BIOS image files stolen use other MAC
When address communicates in a network, the current grant code generated according to MAC Address must differ with reserved authorization code
Cause, lead to not normal boot-strap, it is achieved thereby that the protection of basic input output system.
In one embodiment, after step S110, also include:Detect whether to first power on, if first
Secondary start, then according to current network interface card initial MAC Address generation BIOS image files initial authorization code,
It is non-started state that active flag is protected in initialization, initial authorization code and protection active flag is saved in non-easy
The property lost memory.
Specifically, initial MAC Address is usually random, it is necessary to initial MAC Address before dispatching from the factory
It is updated so that MAC Address is correct available address.So needing to retain once modification MAC ground
The chance of location so that producer can be updated to MAC Address.Need to increase judgment mechanism, i.e., first
The MAC Address of secondary network interface card before changing, when starting shooting first time so that BIOS protection active flags are opened for non-
Dynamic state, only protects active flag for non-started state could be changed to MAC Address, carries out once
Protection active flag is just revised as starting state, starting protection function after change.According to initial MAC Address
The initial authorization code of BIOS image files is generated, specific generating algorithm can be self-defined as needed, except
MAC Address can also be verified and generation BIOS mirror image texts according to the initial EEPROM of network interface card by calculating it
The initial authorization code of part, further improves the security of current grant code, prevents from being cracked.Due to initial MAC
Address is usually random, and the initial authorization code of generation is also random.Protection active flag can be as needed
Make by oneself, it is non-started state such as to define 0, and 1 is protection starting state.
Judge also to include after the step of current grant code is differed with reserved authorization code:
Step S210, reads protection active flag from nonvolatile memory, judges that protection active flag is
No is protection starting state, if it is not, then into step S220, not allowing start otherwise.
Specifically, if not protection starting state, then illustrate that MAC Address did not carry out also once updating,
In modifiable state, reserved authorization code now must be the initial authorization code retained after first powering on.
And current grant code is differed with reserved authorization code and illustrates that now MAC Address is altered, is correct available
MAC Address, corresponding current grant code is also proper authorization code.Hence into step S220, will initially award
Weighted code is updated.
Step S220, current grant code is updated to by initial authorization code, and protection active flag is revised as into protection
Starting state, is saved in nonvolatile memory, it is allowed to start shooting by current grant code and protection active flag.
Specifically, initial authorization code is updated into current grant code, manufacturer of now dispatching from the factory has been network interface card burning
Correct MAC Address, and save corresponding correct authorization code, it is possible to dispatch from the factory, after dispatching from the factory just
There is a problem of that BIOS steals, so protection active flag is revised as protecting starting state, starting protection work(
Energy.
If BIOS starts BIOS defencive functions if first time starts shooting, can cause to be have updated during plant produced
After MAC Address, reserved initial authorization code is not the MAC Address generation after updating, current grant code
It is inconsistent all the time with reserved initial authorization code cause it is follow-up all cannot normal boot-strap, in the present embodiment, pass through
Protection active flag solves the replacement problem of MAC Address and authorization code before dispatching from the factory.
In one embodiment, the current grant code of BIOS image files is generated according to the MAC Address
Step includes:Calculate current network interface card EEPROM verification and, according to the MAC Address and verification and
Generate the current grant code.Initial MAC Address according to current network interface card generates the first of BIOS image files
The step of beginning authorization code, includes:Calculate current network interface card EEPROM initial verification and, according to initial MAC
Address and initial verify and generate the initial authorization code.
Specifically, calculating the EEPROM verifications of network interface card and the integrality of EEPROM and accurate can be ensured
Property, the circular for verifying sum can be self-defined as needed.The life of current grant code and initial authorization code
Chengdu consider EEPROM verification and so that the generating algorithm of authorization code is more difficult to be cracked, and strengthens and awards
The security of weighted code.
In one embodiment, as shown in figure 3, before the step of not allowing start, also including:
Step S310, system is delayed machine, receives the active coding of input.
Specifically, for the network interface card for needing repairing, or the network interface card after upgrading EEPROM, MAC Address or
EEPROM may be found that change, cause according to MAC Address after change and EEPROM calculate it is current
Authorization code is inconsistent with reserved authorization code, is made by way of being input into active coding and verifying in this case new hard
Part configuration take-effective.The user of legal BIOS image files can apply for active coding to producer, can be with online application
Can also apply under line, application can ensure the validity of active coding under line, prevent from being stolen in transfers on network
Take.If online application, can be sent to active coding server in application and asked, may include to rise in request
Authorization code, mainboard sequence number before MAC Address, the verification of EEPROM and/or upgrading before level etc., factory
Information of the family in application request determines whether to obtain the authority of active coding, if had permission, to Shen
Please just send active coding.The active coding of transmission can be encrypted, and increase the security of active coding.The life of active coding
Be can customize into algorithm, can such as be generated by the sequence number of mainboard, the model of Onboard NIC and MAC Address.
Step S320, judges whether to receive active coding, if it is, into step S330, not permitting otherwise
Perhaps start shooting.
Specifically, following step is carried out if active coding is received, if being not received by active coding,
The authority being then not powered on.
Step S330, verifies active coding, judges whether active coding is verified, and if the verification passes, then enters
Enter step S340, do not allow start otherwise.
Specifically, if the active coding of encryption, first passes through decryption, then verify, can lead to when verifying active coding
The sequence number of mainboard, the model of Onboard NIC and the MAC Address crossed during specific decoding algorithm extracts active coding
Verified etc. information.Such as extract the MAC Address needs for obtaining consistent with the MAC Address of current network interface card,
In ensureing that active coding only can be used in a fixed machine.If the verification passes, then explanation is legal BIOS
The user of image file, current grant code it is inconsistent with reserved authorization code the reason for be due to having carried out upgrading etc.,
Need to update reserved authorization code.If checking not over, can be again introduced into receive input active coding step
Suddenly, if repeatedly the active coding of input is all incorrect, start is not allowed, while BIOS image files can be with
Self-destruction, can determine according to concrete application demand.
Step S340, is updated to reserved authorization code current grant code and is saved in nonvolatile memory, it is allowed to
Start.
Specifically, if the verification passes, then by reserved authorization code be updated to current grant code be saved in it is non-volatile
Property memory, it is ensured that reserved authorization code is matched with the network interface card information after upgrading, and solves the follow-up of Products
Maintenance issues.
In one embodiment, method also includes:The active coding that will be verified is saved in non-volatile memories
Device.The step of verifying the active coding includes:Reserved active coding in reading non-volatile storage, judges
Whether the active coding for receiving input is identical with reserved active coding, if identical, verify and do not pass through.
Specifically, the active coding that will be verified is saved in nonvolatile memory, it is easy to defeated in next needs
When entering active coding, the reserved active coding in reading non-volatile storage, if next time input active coding with
Reserved active coding is identical, then verify and do not pass through, it is ensured that active coding is used only once, and further enhances
The security of active coding, strengthens the validity of BIOS protections.
In a specific embodiment, using Onboard NIC, as shown in figure 4, basic input output system
The detailed process of guard method is as follows:
Step S410, reads the MAC Address and EEPROM of current Onboard NIC, calculates EEPROM's
Verification and the current grant of verification and generation BIOS image files according to MAC Address and EEPROM
Code.
Step S420, judges whether it is start for the first time, if it is, into step S430, otherwise entering
Step S440.
Step S430, current grant code as initial authorization code encryption puts initialization protection active flag
0, non-started state is represented, the initial authorization code and protection active flag after encryption are saved in the non-of BIOS
In volatile memory, the step of into normal boot-strap.
Step S440, the reserved authorization code and protection that encryption is read from the nonvolatile memory of BIOS is opened
Dynamic mark, the reserved authorization code decoding that will be encrypted obtains reserved authorization code.Judge that current grant code is awarded with reserved
Whether weighted code is identical, if it is not the same, then enter step S450, if identical, can normal boot-strap.
Step S450, judges whether whether protection active flag is 1, i.e., be starting state, if it is,
Into step S460, otherwise into step S490.
Step S460, system is delayed machine, the input of the active coding of display reminding user input BIOS image files
Frame, receives the active coding of input.
Step S470, judges whether active coding is proved to be successful, and if yes then enter step S480, otherwise enters
Step S460.
Step S480, current grant code is updated to by the reserved authorization code in the nonvolatile memory of BIOS,
And preserve into the nonvolatile memory of BIOS active coding, the step of subsequently into normal boot-strap.
Step S490, current grant code is updated to by the reserved authorization code in the nonvolatile memory of BIOS,
Initialization protection active flag is put 1, starting state is represented, the step of subsequently into normal boot-strap.
In one embodiment, as shown in Figure 5, there is provided a kind of basic input output system protection device,
Including:
Current grant code generation module 510, for upper electricity of starting shooting, during the non-power-on self-test for first powering on
The MAC Address of current network interface card is read, the current grant code of BIOS image files is generated according to MAC Address.
Protection module 520, for reading reserved authorization code from nonvolatile memory, judges current grant code
It is whether identical with reserved authorization code, if identical, start is allowed, if current grant code and reserved mandate
Code is differed, then do not allow start.
In one embodiment, as shown in fig. 6, device also includes:
Initialization module 530, for detecting whether to first power on, if first powering on, then according to current net
The initial authorization code of the initial MAC Address generation BIOS image files of card, initializing protection active flag is
Non-started state, nonvolatile memory is saved in by initial authorization code and protection active flag.
As shown in fig. 7, protection module 520 includes:
Judging unit 521, for reading protection active flag from nonvolatile memory, judges that protection starts
Whether mark is protection starting state, if it is not, then into processing unit, if protection active flag is
Protection starting state, then do not allow start.
Processing unit 522, for initial authorization code to be updated into the current grant code, will protect active flag
It is revised as protecting starting state, current grant code and protection active flag is saved in nonvolatile memory,
Allow start.
In one embodiment, as shown in figure 8, device also includes:
Active module 540, delays machine for system, receives the active coding of input, judges whether to receive active coding,
If it is, checking active coding, if the verification passes, is then updated to the current grant by reserved authorization code
Code is saved in nonvolatile memory, it is allowed to start shooting, if being not received by active coding or active coding checking not
Pass through, then do not allow start.
In one embodiment, current grant code generation module 510 is additionally operable to calculate current network interface card
The verification of EEPROM and, according to MAC Address and verify and generation current grant code.
Initialization module 530 be additionally operable to calculate the EEPROM of current network interface card initial verification and, according to initial
MAC Address and initial verification and generation initial authorization code.
In one embodiment, the active coding that active module 540 is additionally operable to be verified is saved in non-volatile
Property memory, the reserved active coding in reading non-volatile storage, judge receive input active coding whether
It is identical with reserved active coding, if identical, verify and do not pass through.
One of ordinary skill in the art will appreciate that all or part of flow in realizing above-described embodiment method,
Computer program be can be by instruct the hardware of correlation to complete, described program can be stored in a computer
In read/write memory medium, such as in the embodiment of the present invention, the storage that the program can be stored in computer system is situated between
In matter, and by least one of computer system computing device, to realize including such as above-mentioned each method
Embodiment flow.Wherein, the storage medium can be magnetic disc, CD, read-only memory
(Read-Only Memory, ROM) or random access memory (Random Access Memory, RAM)
Deng.
Each technical characteristic of embodiment described above can be combined arbitrarily, not right to make description succinct
The all possible combination of each technical characteristic in above-described embodiment is all described, as long as however, these skills
The combination of art feature does not exist contradiction, is all considered to be the scope of this specification record.
Embodiment described above only expresses several embodiments of the invention, and its description is more specific and detailed,
But can not therefore be construed as limiting the scope of the patent.It should be pointed out that for this area
For those of ordinary skill, without departing from the inventive concept of the premise, some deformations can also be made and changed
Enter, these belong to protection scope of the present invention.Therefore, the protection domain of patent of the present invention should be with appended power
Profit requires to be defined.
Claims (10)
1. a kind of basic input output system guard method, methods described includes:
Electricity in start;
Following steps are performed during the non-power-on self-test for first powering on:
The MAC Address of current network interface card is read, working as BIOS image files is generated according to the MAC Address
Preceding authorization code;
Reserved authorization code is read from nonvolatile memory, the current grant code and reserved authorization code is judged
It is whether identical, if identical, start is allowed, if current grant code is differed with reserved authorization code,
Start is not allowed then.
2. method according to claim 1, it is characterised in that in the start after the step of electricity
Also include:
Detect whether to first power on, if first powering on, then the initial MAC Address life according to current network interface card
Into the initial authorization code of BIOS image files, initialization protection active flag is non-started state, will be described first
Beginning authorization code and protection active flag are saved in nonvolatile memory;
If also included after the step of current grant code is differed with reserved authorization code:
Whether protection active flag is read from the nonvolatile memory, the protection active flag is judged
It is protection starting state, if it is not, then initial authorization code is updated to the current grant code, will
The protection active flag is revised as protecting starting state, and current grant code and protection active flag are protected
It is stored to nonvolatile memory, it is allowed to start shooting;
If the protection active flag is protection starting state, start is not allowed.
3. method according to claim 1 and 2, it is characterised in that described the step of do not allow start
Before, also include:
System is delayed machine, receives the active coding of input;
Judge whether to receive active coding, if it is, the active coding is verified, if the verification passes, then
The reserved authorization code is updated to the current grant code and is saved in nonvolatile memory, it is allowed to started shooting,
If being not received by active coding or active coding checking not passing through, start is not allowed.
4. method according to claim 1 and 2, it is characterised in that described according to MAC ground
The step of current grant code of location generation BIOS image files, includes:
Calculate current network interface card EEPROM verification and, according to the MAC Address and verify and generation institute
State current grant code;
The step of the initial authorization code of the initial MAC Address generation BIOS image files of the current network interface card of basis
Suddenly include:
Calculate the EEPROM of current network interface card initial verification and, according to the initial MAC Address and initial
Verify and generate the initial authorization code.
5. method according to claim 3, it is characterised in that methods described also includes:
The active coding being verified is saved in nonvolatile memory;
The step of checking active coding, includes:
Reserved active coding in reading non-volatile storage, judge it is described receive input active coding whether with
The reserved active coding is identical, if identical, verify and do not pass through.
6. a kind of basic input output system protection device, it is characterised in that described device includes:
Current grant code generation module, for upper electricity of starting shooting, reads during the non-power-on self-test for first powering on
The MAC Address of current network interface card is taken, the current grant of BIOS image files is generated according to the MAC Address
Code;
Protection module, for reading reserved authorization code from nonvolatile memory, judges the current grant
Code it is whether identical with reserved authorization code, if identical, allow start, if the current grant code with it is pre-
Stay authorization code to differ, then do not allow start.
7. device according to claim 6, it is characterised in that described device also includes:
Initialization module, for detecting whether to first power on, if first powering on, then according to current network interface card
Initial MAC Address generation BIOS image files initial authorization code, initialization protection active flag is for non-
Starting state, nonvolatile memory is saved in by initial authorization code and protection active flag;
The protection module includes:
Judging unit, for reading protection active flag from the nonvolatile memory, judges the guarantor
Whether shield active flag is protection starting state, if it is not, then into processing unit, if the protection
Active flag is protection starting state, then do not allow start;
Processing unit, for initial authorization code to be updated into the current grant code, the protection is opened
Dynamic mark is revised as protecting starting state, current grant code and protection active flag is saved in non-volatile
Property memory, it is allowed to start shooting.
8. the device according to claim 6 or 7, it is characterised in that described device also includes:
Active module, delays machine for system, receives the active coding of input, judges whether to receive active coding,
If it is, verifying the active coding, if the verification passes, then the reserved authorization code is updated to described
Current grant code is saved in nonvolatile memory, it is allowed to start shooting, if being not received by active coding or described
Active coding checking does not pass through, then do not allow start.
9. the device according to claim 6 or 7, it is characterised in that the current grant code generation mould
Block be additionally operable to the EEPROM for calculating current network interface card verification and, according to the MAC Address and verification and raw
Into current grant code;
The initialization module be additionally operable to calculate the EEPROM of current network interface card initial verification and, according to described
Initial MAC Address and initial verify and generate the initial authorization code.
10. device according to claim 8, it is characterised in that the active module is additionally operable to institute
State the active coding being verified and be saved in nonvolatile memory, it is reserved sharp in reading non-volatile storage
Code living, judges whether the active coding for receiving input is identical with the reserved active coding, if identical,
Checking does not pass through.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510996109.XA CN106919859B (en) | 2015-12-25 | 2015-12-25 | Basic input output system protection method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510996109.XA CN106919859B (en) | 2015-12-25 | 2015-12-25 | Basic input output system protection method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106919859A true CN106919859A (en) | 2017-07-04 |
| CN106919859B CN106919859B (en) | 2020-09-18 |
Family
ID=59454725
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510996109.XA Active CN106919859B (en) | 2015-12-25 | 2015-12-25 | Basic input output system protection method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106919859B (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107704731A (en) * | 2017-09-28 | 2018-02-16 | 成都安恒信息技术有限公司 | A kind of cloud platform mirror image method for preventing piracy based on HOTP |
| CN107832588A (en) * | 2017-11-17 | 2018-03-23 | 珠海市多泰吉智能技术有限公司 | A kind of anti-method and apparatus and computer-readable storage medium divulged a secret of Flash |
| CN108009421A (en) * | 2017-11-21 | 2018-05-08 | 国云科技股份有限公司 | A kind of method of safety management desktop cloud terminal |
| CN108710803A (en) * | 2018-04-09 | 2018-10-26 | 南京百敖软件有限公司 | A kind of method of mainboard and BIOS bindings |
| CN109858233A (en) * | 2018-12-21 | 2019-06-07 | 惠州Tcl移动通信有限公司 | The mutual recognition methods of chip, device, storage medium and mobile terminal |
| CN110673861A (en) * | 2019-08-12 | 2020-01-10 | 深圳市国科亿道科技有限公司 | Protection method based on BIOS software |
| CN114661367A (en) * | 2022-04-26 | 2022-06-24 | 苏州浪潮智能科技有限公司 | Operating system installation method, device, equipment and medium in IPv6 environment |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050182732A1 (en) * | 2003-01-31 | 2005-08-18 | Microsoft Corporation | Systems and methods for using machine attributes to deter software piracy in an enterprise environment |
| CN101667128A (en) * | 2008-09-05 | 2010-03-10 | 华硕电脑股份有限公司 | Method for updating and repairing basic input and output system |
| CN101777105A (en) * | 2010-01-25 | 2010-07-14 | 上海北大方正科技电脑系统有限公司 | Computer booting anti-counterfeit authentication method based on BIOS |
| CN102411545A (en) * | 2010-09-25 | 2012-04-11 | 研祥智能科技股份有限公司 | Method, device and system for protecting EEPROM (Electrically Erasable Programmable Read-Only Memory) operation |
| CN102855421A (en) * | 2011-06-30 | 2013-01-02 | 研祥智能科技股份有限公司 | Method for protecting BIOS (basic input and output system) program from being embezzled, basic input and output system and computing device |
| CN103336918A (en) * | 2013-06-21 | 2013-10-02 | 福建伊时代信息科技股份有限公司 | Electronic hard disk system authorization method and device |
-
2015
- 2015-12-25 CN CN201510996109.XA patent/CN106919859B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050182732A1 (en) * | 2003-01-31 | 2005-08-18 | Microsoft Corporation | Systems and methods for using machine attributes to deter software piracy in an enterprise environment |
| CN101667128A (en) * | 2008-09-05 | 2010-03-10 | 华硕电脑股份有限公司 | Method for updating and repairing basic input and output system |
| CN101777105A (en) * | 2010-01-25 | 2010-07-14 | 上海北大方正科技电脑系统有限公司 | Computer booting anti-counterfeit authentication method based on BIOS |
| CN102411545A (en) * | 2010-09-25 | 2012-04-11 | 研祥智能科技股份有限公司 | Method, device and system for protecting EEPROM (Electrically Erasable Programmable Read-Only Memory) operation |
| CN102855421A (en) * | 2011-06-30 | 2013-01-02 | 研祥智能科技股份有限公司 | Method for protecting BIOS (basic input and output system) program from being embezzled, basic input and output system and computing device |
| CN103336918A (en) * | 2013-06-21 | 2013-10-02 | 福建伊时代信息科技股份有限公司 | Electronic hard disk system authorization method and device |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107704731A (en) * | 2017-09-28 | 2018-02-16 | 成都安恒信息技术有限公司 | A kind of cloud platform mirror image method for preventing piracy based on HOTP |
| CN107704731B (en) * | 2017-09-28 | 2021-03-09 | 成都安恒信息技术有限公司 | Cloud platform mirror image anti-piracy method based on HOTP |
| CN107832588A (en) * | 2017-11-17 | 2018-03-23 | 珠海市多泰吉智能技术有限公司 | A kind of anti-method and apparatus and computer-readable storage medium divulged a secret of Flash |
| CN108009421A (en) * | 2017-11-21 | 2018-05-08 | 国云科技股份有限公司 | A kind of method of safety management desktop cloud terminal |
| CN108710803A (en) * | 2018-04-09 | 2018-10-26 | 南京百敖软件有限公司 | A kind of method of mainboard and BIOS bindings |
| CN109858233A (en) * | 2018-12-21 | 2019-06-07 | 惠州Tcl移动通信有限公司 | The mutual recognition methods of chip, device, storage medium and mobile terminal |
| CN110673861A (en) * | 2019-08-12 | 2020-01-10 | 深圳市国科亿道科技有限公司 | Protection method based on BIOS software |
| CN110673861B (en) * | 2019-08-12 | 2022-03-18 | 深圳市国科亿道科技有限公司 | Protection method based on BIOS software |
| CN114661367A (en) * | 2022-04-26 | 2022-06-24 | 苏州浪潮智能科技有限公司 | Operating system installation method, device, equipment and medium in IPv6 environment |
| CN114661367B (en) * | 2022-04-26 | 2023-08-04 | 苏州浪潮智能科技有限公司 | Method, device, equipment and medium for installing operating system in IPv6 environment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106919859B (en) | 2020-09-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106919859A (en) | Basic input output system guard method and device | |
| CN109492378B (en) | Identity verification method based on equipment identification code, server and medium | |
| CN102509046B (en) | The operating system effectively measured with the overall situation of dormancy support is started | |
| CN105122258B (en) | Method, computing system and the article that system is configured | |
| CN101432752B (en) | Trusted platform field upgrade system and method | |
| CN103729597A (en) | System starting verifying method and device and terminal | |
| CN108108631A (en) | A kind of root key processing method and relevant apparatus | |
| CN105453103A (en) | Secure OS boot as per reference platform manifest and data sealing | |
| MX2007003737A (en) | Random password automatically generated by bios for securing a data storage device. | |
| WO2007016395A2 (en) | Computing system feature activation mechanism | |
| US20090287917A1 (en) | Secure software distribution | |
| CN102831079A (en) | Mobile terminal and method for detecting same | |
| CN111538517A (en) | Server firmware upgrading method and system, electronic equipment and storage medium | |
| CN102750100A (en) | Terminal and method for identifying operating system of terminal | |
| CN109086578A (en) | A kind of method that soft ware authorization uses, equipment and storage medium | |
| CN104364791A (en) | PC security using BIOS/(U)EFI extensions | |
| CN113076564B (en) | Hard disk protection method, device and equipment based on Beidou positioning and storage medium | |
| CN105718762B (en) | A kind of BIOS authentication method and device | |
| CN101221614A (en) | Remote calibration method of real time clock in software protection device | |
| US8423473B2 (en) | Systems and methods for game activation | |
| CN113190880B (en) | Determining whether to perform an action on a computing device based on analysis of endorsement information of a security co-processor | |
| CN102985929A (en) | External boot device, external boot program, external boot method and network communication system | |
| CN112187783B (en) | Authentication method and device, electronic equipment and storage medium | |
| CN107133499B (en) | Software copyright protection method, client, server and system | |
| CN102855421A (en) | Method for protecting BIOS (basic input and output system) program from being embezzled, basic input and output system and computing device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20230710 Address after: 518000 Shenzhen, Futian District, Guangdong Futian street Gangxia community Shennan Road No. 1003 Dongfang Xintiandi Plaza 5 floor 502F Patentee after: Guangdong Industrial edge intelligent Innovation Center Co.,Ltd. Address before: 518107 5th floor, No.1, Yanxiang Zhigu chuangxiangdi, No.11, Gaoxin Road, Guangming New District, Shenzhen City, Guangdong Province Patentee before: EVOC INTELLIGENT TECHNOLOGY Co.,Ltd. |
|
| TR01 | Transfer of patent right |