CN106919859B - Basic input output system protection method and device - Google Patents
Basic input output system protection method and device Download PDFInfo
- Publication number
- CN106919859B CN106919859B CN201510996109.XA CN201510996109A CN106919859B CN 106919859 B CN106919859 B CN 106919859B CN 201510996109 A CN201510996109 A CN 201510996109A CN 106919859 B CN106919859 B CN 106919859B
- Authority
- CN
- China
- Prior art keywords
- authorization code
- code
- initial
- current
- protection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/73—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Abstract
The invention relates to a method and a device for protecting a basic input and output system, comprising the following steps: starting up and powering up, wherein the following steps are executed in the power-up self-detection process without starting up for the first time: reading the MAC address of the current network card, and generating a current authorization code of a BIOS mirror image file according to the MAC address; and reading a reserved authorization code from the nonvolatile memory, judging whether the current authorization code is the same as the reserved authorization code, if so, allowing the computer to be started, and if not, disallowing the computer to be started, thereby realizing the protection of the basic input and output system.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a method and a device for protecting a basic input and output system.
Background
The BIOS (Basic Input and Output System) image file is a binary file generated by compiling BIOS source codes, and since the BIOS source codes have a single source and are expensive, a company needs to spend a high cost to purchase the BIOS image file from a BIOS manufacturer, so as to develop functions suitable for products of the company on the basis.
The BIOS image file is generally sold along with a company mainboard, but because the binary file can be read through software, a burner and the like, a thief often reads the BIOS image files of other companies through the software or the burner in the current market, simply changes part of key information, directly sells the BIOS image files on hardware on the same platform, or copies the hardware design of products, and reads the BIOS of published products through the software or the burner, so that the same function is realized at a terminal, and serious influence is caused on the competitiveness of stolen company products.
Disclosure of Invention
In view of the above, it is necessary to provide a bios protection method and apparatus for protecting a bios in order to solve the above technical problem.
A bios protection method, the method comprising:
starting up and powering up;
the method comprises the following steps of executing the following steps in the power-on self-test process of non-initial startup:
reading the MAC address of the current network card, and generating a current authorization code of a BIOS mirror image file according to the MAC address;
reading a reserved authorization code from a nonvolatile memory, judging whether the current authorization code is the same as the reserved authorization code, if so, allowing the computer to be started, and if not, disallowing the computer to be started.
In one embodiment, after the step of powering on, the method further includes:
detecting whether the BIOS is started for the first time, if so, generating an initial authorization code of a BIOS mirror image file according to an initial MAC address of a current network card, initializing a protection starting mark to be in a non-starting state, and storing the initial authorization code and the protection starting mark to a nonvolatile memory;
the step of if the current authorization code is different from the reserved authorization code further comprises:
reading a protection starting mark from the nonvolatile memory, judging whether the protection starting mark is in a protection starting state, if not, updating the initial authorization code to the current authorization code, modifying the protection starting mark to be in the protection starting state, storing the current authorization code and the protection starting mark in the nonvolatile memory, and allowing the nonvolatile memory to be started;
and if the protection starting mark is in a protection starting state, not allowing the computer to be started.
In one embodiment, before the step of disallowing booting, the method further includes:
the system is down and receives the input activation code;
judging whether an activation code is received or not, if so, verifying the activation code, and if the verification is passed, updating the reserved authorization code into the current authorization code, storing the current authorization code in a nonvolatile memory, and allowing the computer to be started;
if the activate code is not received or the activate code verification fails, then boot is not allowed.
In one embodiment, the step of generating the current authorization code of the BIOS image file according to the MAC address includes:
calculating the check sum of the EEPROM of the current network card, and generating the current authorization code according to the MAC address and the check sum;
the step of generating an initial authorization code of the BIOS image file according to the initial MAC address of the current network card includes:
and calculating an initial check sum of the EEPROM of the current network card, and generating the initial authorization code according to the initial MAC address and the initial check sum.
In one embodiment, the method further comprises:
saving the verified activation code to a nonvolatile memory;
the step of verifying the activation code includes:
reading the reserved activation code in the nonvolatile memory, judging whether the activation code received and input is the same as the reserved activation code, and if so, failing to verify.
A bios protection device, the device comprising:
the current authorization code generating module is used for powering on when starting up, reading the MAC address of the current network card in the power-on self-test process without first starting up, and generating the current authorization code of the BIOS mirror image file according to the MAC address;
and the protection module is used for reading the reserved authorization code from the nonvolatile memory, judging whether the current authorization code is the same as the reserved authorization code or not, if so, allowing the computer to be started, and if not, disallowing the computer to be started.
In one embodiment, the apparatus further comprises:
the initialization module is used for detecting whether the BIOS is started for the first time, if so, generating an initial authorization code of the BIOS mirror image file according to an initial MAC address of the current network card, initializing a protection start-up flag to be in a non-start-up state, and storing the initial authorization code and the protection start-up flag to a nonvolatile memory;
the protection module includes:
the judging unit is used for reading a protection starting mark from the nonvolatile memory, judging whether the protection starting mark is in a protection starting state or not, if not, entering the processing unit, and if the protection starting mark is in the protection starting state, not allowing the computer to be started;
and the processing unit is used for updating the initial authorization code into the current authorization code, modifying the protection starting mark into a protection starting state, storing the current authorization code and the protection starting mark into a nonvolatile memory, and allowing the computer to be started.
In one embodiment, the apparatus further comprises:
and the activation module is used for receiving the input activation code, judging whether the activation code is received or not, verifying the activation code if the activation code is received, updating the reserved authorization code into the current authorization code and storing the current authorization code in the nonvolatile memory to allow the computer to be started if the verification is passed, and disallowing the computer to be started if the activation code is not received or the activation code is not verified.
In one embodiment, the current authorization code generating module is further configured to calculate a checksum of an EEPROM of a current network card, and generate the current authorization code according to the MAC address and the checksum;
the initialization module is further configured to calculate an initial checksum of the EEPROM of the current network card, and generate the initial authorization code according to the initial MAC address and the initial checksum.
In one embodiment, the activation module is further configured to store the activation code that passes the verification in a nonvolatile memory, read a reserved activation code in the nonvolatile memory, determine whether the activation code that is received and input is the same as the reserved activation code, and if so, not pass the verification.
The basic input and output system protection method and the device execute the following steps in the power-on self-test process without first starting up through starting up and power-on: reading the MAC address of the current network card, and generating a current authorization code of the BIOS mirror image file according to the MAC address; the reserved authorization code is read from the nonvolatile memory, whether the current authorization code is the same as the reserved authorization code or not is judged, if the current authorization code is the same as the reserved authorization code, the boot is allowed, if the current authorization code is not the same as the reserved authorization code, the boot is not allowed, and because the MAC address is globally unique, when the stolen BIOS image file uses other MAC addresses to communicate in a network, the current authorization code generated according to the MAC address is certainly inconsistent with the reserved authorization code, so that the normal boot cannot be realized, and the protection of a basic input and output system is realized.
Drawings
FIG. 1 is a flow diagram of a BIOS protection method in one embodiment;
fig. 2 is a flowchart of a basic input output system protection method in a case where a current authorization code is different from a reserved authorization code in an embodiment;
FIG. 3 is a flow diagram of a method for BIOS protection via activate code in one embodiment;
FIG. 4 is a flow diagram of a BIOS protection method in accordance with an exemplary embodiment;
FIG. 5 is a block diagram of a BIOS protection device according to an embodiment;
FIG. 6 is a block diagram showing the structure of a BIOS protection device according to another embodiment;
FIG. 7 is a block diagram of a protection module in one embodiment;
fig. 8 is a block diagram showing a basic input output system protection apparatus according to still another embodiment.
Detailed Description
In an embodiment, as shown in the figure, a method for protecting a basic input/output system is provided, because an EEPROM and an MAC address of a network card are generally burned online under DOS after a motherboard is booted, a manufacturer is required to boot the EEPROM and the MAC address for the first time before leaving a factory, and because the boot for the first time is performed by the manufacturer, the manufacturer does not leave the factory at this time, a situation of stealing a BIOS does not exist, and the BIOS does not need to be protected, so the embodiment describes a non-boot process. The method comprises the following steps:
step S110, starting up and powering on.
Specifically, after the computer is powered On, the computer enters a Power-On Self-Test process, i.e., a Power On Self-Test (POST) stage of a Basic Input and Output System (BIOS). In the power-on self-test stage, the computer runs the codes in the BIOS to detect the hardware inside the computer, and the like.
Step S120, reading the MAC address of the current network card, and generating the current authorization code of the BIOS image file according to the MAC address.
Specifically, the current network card may be an independent network card or an onboard network card, where the onboard network card refers to a network card chip integrated with a motherboard that integrates network functions. The MAC (Media Access Control) address, which defines the location of the network device, is determined by the network card and has global uniqueness. The current authorization code of the BIOS image file is generated according to the MAC address, a specific generation algorithm may be customized as needed, the MAC address may be further defined according to an EEPROM (Electrically Erasable Programmable Read-Only Memory) of the network card, the EEPROM of the network card stores a power-on default configuration of a register of the network card, and the current authorization code of the BIOS image file is generated by calculating a checksum thereof, so that security of the current authorization code is further improved, and the current authorization code is prevented from being cracked. Since the MAC address has global uniqueness, the generated current authorization code also has global uniqueness.
Step S130, reading the reserved authorization code from the nonvolatile memory, judging whether the current authorization code is the same as the reserved authorization code, if so, allowing the computer to be started, and if not, disallowing the computer to be started.
Specifically, the reserved authorization code is encoded information stored in the nonvolatile memory for verifying the power-on permission, and may be encoded information generated according to network card information when leaving the factory before leaving the factory, and for a network card to be maintained or a network card after updating the EEPROM, the MAC address or the EEPROM may be changed, or the reserved authorization code may be encoded information generated according to network card information after leaving the factory after changing. The reserved authorization code is also generated according to the MAC address, and has global uniqueness. The specific generation algorithm can be customized as required, and in addition to the MAC address, a reservation authorization code can be generated according to the checksum of the EEPROM of the network card, for example, the reservation authorization code is a combination of the MAC address and the checksum of the EEPROM of the network card. The method for generating the reserved authorization code further improves the security of the reserved authorization code and prevents the reserved authorization code from being cracked. And judging whether the current authorization code is the same as the reserved authorization code, if so, indicating that the network card information for generating the current authorization code is inconsistent with the network card information for generating the reserved authorization code, in this case, the BIOS image file may be stolen for use on other mainboards to communicate through other MAC addresses, the startup is not allowed, and the startup can be performed only if the current authorization code is the same as the reserved authorization code. When the stolen BIOS image file is used on other main boards and network cards, firstly, the thief cannot know what the reserved authorization code is, and secondly, even if the thief steals the reserved authorization code together, when the thief uses other MAC addresses to communicate in a network, the current authorization code of the stolen BIOS image file is not consistent with the reserved authorization code, so that normal startup cannot be realized, and the protection of the BIOS is realized. The BIOS protection method is low in cost and good in universality, and can protect the core competitive value of company products on the premise of not increasing any hardware cost.
In one embodiment, after the encrypted reservation authorization code is read from the non-volatile memory, the encrypted reservation authorization code is also decrypted to obtain the reservation authorization code. The purpose of the authorization code encryption stored in the nonvolatile memory is to prevent a malicious thief from cracking the implementation scheme of the BIOS protection technology.
In this embodiment, by powering on at the start, the following steps are executed in the power-on self-test process that is not the first start: reading the MAC address of the current network card, and generating a current authorization code of the BIOS mirror image file according to the MAC address; the reserved authorization code is read from the nonvolatile memory, whether the current authorization code is the same as the reserved authorization code or not is judged, if the current authorization code is the same as the reserved authorization code, the boot is allowed, if the current authorization code is not the same as the reserved authorization code, the boot is not allowed, and because the MAC address is globally unique, when the stolen BIOS image file uses other MAC addresses to communicate in a network, the current authorization code generated according to the MAC address is certainly inconsistent with the reserved authorization code, so that the normal boot cannot be realized, and the protection of a basic input and output system is realized.
In one embodiment, after step S110, the method further includes: and detecting whether the BIOS is started for the first time, if so, generating an initial authorization code of the BIOS image file according to an initial MAC address of the current network card, initializing a protection starting mark to be in a non-starting state, and storing the initial authorization code and the protection starting mark to a nonvolatile memory.
Specifically, the initial MAC address is generally random, and needs to be updated before shipment, so that the MAC address is a correct available address. It is desirable to keep an opportunity to modify the MAC address once so that the vendor can update the MAC address. A judgment mechanism needs to be added, that is, before the MAC address of the network card is changed for the first time, when the network card is turned on for the first time, the BIOS protection start flag is in a non-start state, the MAC address can be changed only when the protection start flag is in the non-start state, and after the change is performed for one time, the protection start flag is modified into a start state, and the protection function is started. The initial authorization code of the BIOS image file is generated according to the initial MAC address, a specific generation algorithm can be defined by self according to needs, the MAC address can also be used for generating the initial authorization code of the BIOS image file by calculating the check sum of the MAC address and the initial EEPROM of the network card, the safety of the current authorization code is further improved, and the BIOS image file is prevented from being cracked. Since the initial MAC address is typically random, the initial authorization code generated is also random. The protection start flag can be self-defined as required, such as defining 0 as a non-start state and 1 as a protection start state.
The step of judging that the current authorization code is different from the reserved authorization code further comprises the following steps:
step S210, reading the protection start flag from the nonvolatile memory, and determining whether the protection start flag is in a protection start state, if not, going to step S220, otherwise, not allowing the computer to start.
Specifically, if the MAC address is not in the protection start state, it indicates that the MAC address has not been updated once and is in a changeable state, and the reserved authorization code at this time is an initial authorization code that is reserved after the MAC address is first powered on. And the current authorization code is different from the reserved authorization code, which indicates that the MAC address has been changed at the moment and is the correct available MAC address, and the corresponding current authorization code is also the correct authorization code. Step S220 is thus entered to update the initial authorization code.
Step S220, the initial authorization code is updated to the current authorization code, the protection starting mark is modified to the protection starting state, and the current authorization code and the protection starting mark are stored in the nonvolatile memory to allow the boot.
Specifically, the initial authorization code is updated to the current authorization code, at this time, a factory manufacturer records a correct MAC address for the network card, and stores the corresponding correct authorization code, so that the factory can leave, and the BIOS is stolen after leaving the factory, so that the protection start flag is modified to the protection start state, and the protection function is started.
If the BIOS starts the BIOS protection function after the BIOS is started for the first time, the reserved initial authorization code is not generated by the updated MAC address after the MAC address is updated in factory production, and the current authorization code is always inconsistent with the reserved initial authorization code, so that the subsequent normal startup cannot be performed.
In one embodiment, the step of generating the current authorization code of the BIOS image file according to the MAC address includes: and calculating the check sum of the EEPROM of the current network card, and generating the current authorization code according to the MAC address and the check sum. The step of generating the initial authorization code of the BIOS image file according to the initial MAC address of the current network card comprises the following steps: and calculating an initial check sum of the EEPROM of the current network card, and generating the initial authorization code according to the initial MAC address and the initial check sum.
Specifically, the calculation of the EEPROM checksum of the network card can ensure the integrity and accuracy of the EEPROM, and the specific calculation method of the checksum can be customized as required. The check sum of the EEPROM is considered in the generation of the current authorization code and the initial authorization code, so that the generation algorithm of the authorization code is more difficult to be broken, and the safety of the authorization code is enhanced.
In one embodiment, as shown in fig. 3, before the step of disallowing boot, the method further includes:
and step S310, the system is down and receives the input activation code.
Specifically, for the network card to be maintained or the network card after the EEPROM is upgraded, the MAC address or the EEPROM may be changed, which may cause the current authorization code calculated according to the changed MAC address and the EEPROM to be inconsistent with the reserved authorization code, and in this case, the new hardware configuration is validated by inputting the activation code. The user of the legal BIOS image file can apply for the activation code from a manufacturer, can apply for the activation code on line and can apply for the activation code off line, and the activation code can be guaranteed to be effective by applying for the activation code off line, so that the activation code can be prevented from being stolen during online transmission. If the request is an online application, the request can be sent to an activation code server during application, the request can comprise an MAC address before upgrading, a check sum of an EEPROM or an authorization code before upgrading, a mainboard serial number and the like, a manufacturer judges whether the authority of obtaining the activation code exists or not according to information in the application request, and if the authority exists, the activation code is sent to an applicant. The sent activation code can be encrypted, and the safety of the activation code is improved. The generation algorithm of the activation code can be customized, for example, the activation code can be generated by the serial number of the mainboard, the model of the onboard network card, the MAC address and the like.
Step S320, whether the activation code is received is judged, if yes, the step S330 is entered, otherwise, the startup is not allowed.
Specifically, if the activation code is received, the following steps are performed, and if the activation code is not received, the power-on authority is not available.
And step S330, verifying the activation code, judging whether the activation code passes the verification, if so, entering step S340, otherwise, not allowing the computer to be started.
Specifically, if the activation code is encrypted, the activation code is decrypted and then verified, and when the activation code is verified, information such as a serial number of a main board, a model number of an onboard network card and an MAC address in the activation code can be extracted through a specific decoding algorithm for verification. If the extracted MAC address needs to be consistent with the MAC address of the current network card, the activation code can only be used in one fixed machine. If the verification is passed, the verification is that the user is the user of the genuine BIOS image file, and the reason that the current authorization code is inconsistent with the reserved authorization code is that the reserved authorization code needs to be updated due to upgrading and the like. If the verification fails, the step of receiving the input activation code can be entered again, if the activation codes input for many times are incorrect, the boot is not allowed, and meanwhile, the BIOS image file can be self-destructed and can be determined according to specific application requirements.
Step S340, updating the reserved authorization code to the current authorization code, and storing the current authorization code in the nonvolatile memory, allowing the computer to be booted.
Specifically, if the verification is passed, the reserved authorization code is updated to the current authorization code and stored in the nonvolatile memory, so that the reserved authorization code is matched with the upgraded network card information, and the problem of subsequent maintenance of company products is solved.
In one embodiment, the method further comprises: and saving the activation code passing the verification to the nonvolatile memory. The step of verifying the activation code includes: and reading the reserved activation code in the nonvolatile memory, judging whether the activation code received and input is the same as the reserved activation code, and if so, failing to verify.
Specifically, the activation code passing verification is stored in the nonvolatile memory, so that when the activation code needs to be input next time, the reserved activation code in the nonvolatile memory can be read conveniently, if the activation code input next time is the same as the reserved activation code, verification does not pass, the activation code is guaranteed to be used only once, the safety of the activation code is further enhanced, and the effectiveness of BIOS protection is enhanced.
In a specific embodiment, using an onboard network card, as shown in fig. 4, the basic input output system protection method specifically includes the following steps:
and S410, reading the MAC address and the EEPROM of the current onboard network card, calculating the checksum of the EEPROM, and generating the current authorization code of the BIOS image file according to the checksum of the MAC address and the EEPROM.
Step S420, determine whether it is the first time of starting up, if yes, go to step S430, otherwise go to step S440.
Step S430, the current authorization code is used as the initial authorization code to be encrypted, the initialization protection start flag is set to 0 to indicate the non-start state, the encrypted initial authorization code and the encrypted protection start flag are stored in the non-volatile memory of the BIOS, and the normal start-up step is performed.
Step S440, reading the encrypted reserved authorization code and the protection start-up flag from the nonvolatile memory of the BIOS, and decoding the encrypted reserved authorization code to obtain the reserved authorization code. And judging whether the current authorization code is the same as the reserved authorization code, if not, entering the step S450, and if so, normally starting the computer.
Step S450, determine whether the protection start flag is 1, i.e. whether it is in a start state, if yes, go to step S460, otherwise go to step S490.
Step S460, the system goes down, displays an input box for prompting the user to input the activation code of the BIOS image file, and receives the input activation code.
Step 470, determining whether the activation code is successfully verified, if so, going to step 480, otherwise, going to step 460.
Step S480, updating the reserved authorization code in the nonvolatile memory of the BIOS into a current authorization code, storing the activation code in the nonvolatile memory of the BIOS, and then entering a normal boot step.
Step S490, the reserved authorization code in the nonvolatile memory of the BIOS is updated to the current authorization code, the initialization protection start flag is set to 1, indicating the start state, and then the normal boot is performed.
In one embodiment, as shown in fig. 5, there is provided a bios protection apparatus including:
and a current authorization code generating module 510, configured to power on, read the MAC address of the current network card in a power-on self-test process other than the first power on, and generate a current authorization code of the BIOS image file according to the MAC address.
The protection module 520 is configured to read the reserved authorization code from the nonvolatile memory, determine whether the current authorization code is the same as the reserved authorization code, allow the computer to boot if the current authorization code is the same as the reserved authorization code, and disallow the computer to boot if the current authorization code is not the same as the reserved authorization code.
In one embodiment, as shown in fig. 6, the apparatus further comprises:
an initialization module 530, configured to detect whether the network card is booted for the first time, if the network card is booted for the first time, generate an initial authorization code of the BIOS image file according to an initial MAC address of the current network card, initialize the protection start flag in a non-start state, and store the initial authorization code and the protection start flag in the non-volatile memory.
As shown in fig. 7, the protection module 520 includes:
the determining unit 521 is configured to read the protection start flag from the nonvolatile memory, determine whether the protection start flag is in a protection start state, enter the processing unit if the protection start flag is not in the protection start state, and disallow the boot if the protection start flag is in the protection start state.
The processing unit 522 is configured to update the initial authorization code to the current authorization code, modify the protection start flag to a protection start state, store the current authorization code and the protection start flag in the nonvolatile memory, and allow power on.
In one embodiment, as shown in fig. 8, the apparatus further comprises:
and the activation module 540 is used for the system downtime, receiving the input activation code, judging whether the activation code is received or not, verifying the activation code if the activation code is received, updating the reserved authorization code into the current authorization code and storing the current authorization code in the nonvolatile memory if the verification is passed, and allowing the startup, or not allowing the startup if the activation code is not received or the activation code is not verified.
In one embodiment, the current authorization code generating module 510 is further configured to calculate a checksum of the EEPROM of the current network card, and generate the current authorization code according to the MAC address and the checksum.
The initialization module 530 is further configured to calculate an initial checksum of the EEPROM of the current network card, and generate an initial authorization code according to the initial MAC address and the initial checksum.
In one embodiment, the activation module 540 is further configured to save the verified activate code to a non-volatile memory, read a reserved activate code in the non-volatile memory, determine whether the received activate code is the same as the reserved activate code, and if so, fail the verification.
It will be understood by those skilled in the art that all or part of the processes in the methods of the embodiments described above may be implemented by hardware related to instructions of a computer program, which may be stored in a computer readable storage medium, for example, in the storage medium of a computer system, and executed by at least one processor in the computer system, so as to implement the processes of the embodiments including the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like.
The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present invention, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the inventive concept, which falls within the scope of the present invention. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (10)
1. A bios protection method, the method comprising:
starting up and powering up; detecting whether the BIOS is started for the first time, if so, generating an initial authorization code of a BIOS mirror image file according to an initial MAC address of a current network card, initializing a protection starting mark to be in a non-starting state, and storing the initial authorization code and the protection starting mark to a nonvolatile memory;
reading the MAC address of the current network card in the power-on self-test process without starting up for the first time, and generating the current authorization code of the BIOS mirror image file according to the MAC address;
reading a reserved initial authorization code from a nonvolatile memory, judging whether the current authorization code is the same as the reserved initial authorization code, and if so, allowing the computer to be started; if the current authorization code is different from the reserved initial authorization code, reading a protection starting mark from the nonvolatile memory, judging whether the protection starting mark is in a protection starting state, if not, updating the initial authorization code to the current authorization code, modifying the protection starting mark to be in a protection starting state, storing the current authorization code and the protection starting mark in the nonvolatile memory, and allowing the computer to be started; and if the protection starting mark is in a protection starting state, not allowing the computer to be started.
2. The method of claim 1, wherein the step of not allowing boot-up is preceded by the step of:
the system is down and receives the input activation code;
judging whether an activation code is received, if so, verifying the activation code, if the verification is passed, updating the reserved initial authorization code into the current authorization code, storing the current authorization code in a nonvolatile memory, allowing the computer to be started,
if the activate code is not received or the activate code verification fails, then boot is not allowed.
3. The method of claim 1, wherein generating the current authorization code for the BIOS image file based on the MAC address comprises:
calculating the check sum of the EEPROM of the current network card, and generating the current authorization code according to the MAC address and the check sum;
the step of generating an initial authorization code of the BIOS image file according to the initial MAC address of the current network card includes:
and calculating an initial check sum of the EEPROM of the current network card, and generating the initial authorization code according to the initial MAC address and the initial check sum.
4. The method of claim 2, further comprising:
saving the verified activation code to a nonvolatile memory;
the step of verifying the activation code includes:
reading the reserved activation code in the nonvolatile memory, judging whether the activation code received and input is the same as the reserved activation code, and if so, failing to verify.
5. A bios protection device, the device comprising:
the initialization module is used for starting up and electrifying, detecting whether the BIOS is started up for the first time, if the BIOS is started up for the first time, generating an initial authorization code of a BIOS mirror image file according to an initial MAC address of a current network card, initializing a protection starting mark to be in a non-starting state, and storing the initial authorization code and the protection starting mark to a nonvolatile memory;
the current authorization code generating module is used for reading the MAC address of the current network card in the power-on self-test process without starting up for the first time and generating the current authorization code of the BIOS mirror image file according to the MAC address;
a protection module, configured to read a reserved initial authorization code from a nonvolatile memory, determine whether the current authorization code is the same as the reserved initial authorization code, if so, allow power on, if not, read a protection start flag from the nonvolatile memory, determine whether the protection start flag is in a protection start state, if not, update the initial authorization code to the current authorization code, modify the protection start flag to the protection start state, store the current authorization code and the protection start flag in the nonvolatile memory, and allow power on; and if the protection starting mark is in a protection starting state, not allowing the computer to be started.
6. The apparatus of claim 5, further comprising:
and the activation module is used for down of the system, receiving the input activation code, judging whether the activation code is received or not, verifying the activation code if the activation code is received, updating the reserved initial authorization code into the current authorization code and storing the current authorization code in a nonvolatile memory if the verification is passed, and allowing the start-up, or disallowing the start-up if the activation code is not received or the activation code is not verified.
7. The apparatus according to claim 5, wherein the current authorization code generating module is further configured to calculate a checksum of an EEPROM of a current network card, and generate the current authorization code according to the MAC address and the checksum;
the initialization module is further configured to calculate an initial checksum of the EEPROM of the current network card, and generate the initial authorization code according to the initial MAC address and the initial checksum.
8. The apparatus of claim 6, wherein the activation module is further configured to save the verified activate code to a non-volatile memory, read a reserved activate code in the non-volatile memory, determine whether the received input activate code is the same as the reserved activate code, and if so, not verify the verified activate code.
9. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor, when executing the computer program, implements the steps of the method of any of claims 1 to 4.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510996109.XA CN106919859B (en) | 2015-12-25 | 2015-12-25 | Basic input output system protection method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510996109.XA CN106919859B (en) | 2015-12-25 | 2015-12-25 | Basic input output system protection method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106919859A CN106919859A (en) | 2017-07-04 |
| CN106919859B true CN106919859B (en) | 2020-09-18 |
Family
ID=59454725
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510996109.XA Active CN106919859B (en) | 2015-12-25 | 2015-12-25 | Basic input output system protection method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106919859B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107704731B (en) * | 2017-09-28 | 2021-03-09 | 成都安恒信息技术有限公司 | Cloud platform mirror image anti-piracy method based on HOTP |
| CN107832588A (en) * | 2017-11-17 | 2018-03-23 | 珠海市多泰吉智能技术有限公司 | A kind of anti-method and apparatus and computer-readable storage medium divulged a secret of Flash |
| CN108009421A (en) * | 2017-11-21 | 2018-05-08 | 国云科技股份有限公司 | A kind of method of safety management desktop cloud terminal |
| CN108710803A (en) * | 2018-04-09 | 2018-10-26 | 南京百敖软件有限公司 | A kind of method of mainboard and BIOS bindings |
| CN109858233A (en) * | 2018-12-21 | 2019-06-07 | 惠州Tcl移动通信有限公司 | The mutual recognition methods of chip, device, storage medium and mobile terminal |
| CN110673861B (en) * | 2019-08-12 | 2022-03-18 | 深圳市国科亿道科技有限公司 | Protection method based on BIOS software |
| CN114661367B (en) * | 2022-04-26 | 2023-08-04 | 苏州浪潮智能科技有限公司 | Method, device, equipment and medium for installing operating system in IPv6 environment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101667128A (en) * | 2008-09-05 | 2010-03-10 | 华硕电脑股份有限公司 | Method for updating and repairing basic input and output system |
| CN101777105A (en) * | 2010-01-25 | 2010-07-14 | 上海北大方正科技电脑系统有限公司 | Computer booting anti-counterfeit authentication method based on BIOS |
| CN102411545A (en) * | 2010-09-25 | 2012-04-11 | 研祥智能科技股份有限公司 | Method, device and system for protecting EEPROM (Electrically Erasable Programmable Read-Only Memory) operation |
| CN102855421A (en) * | 2011-06-30 | 2013-01-02 | 研祥智能科技股份有限公司 | Method for protecting BIOS (basic input and output system) program from being embezzled, basic input and output system and computing device |
| CN103336918A (en) * | 2013-06-21 | 2013-10-02 | 福建伊时代信息科技股份有限公司 | Electronic hard disk system authorization method and device |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7644442B2 (en) * | 2003-01-31 | 2010-01-05 | Microsoft Corporation | Systems and methods for using machine attributes to deter software piracy in an enterprise environment |
-
2015
- 2015-12-25 CN CN201510996109.XA patent/CN106919859B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101667128A (en) * | 2008-09-05 | 2010-03-10 | 华硕电脑股份有限公司 | Method for updating and repairing basic input and output system |
| CN101777105A (en) * | 2010-01-25 | 2010-07-14 | 上海北大方正科技电脑系统有限公司 | Computer booting anti-counterfeit authentication method based on BIOS |
| CN102411545A (en) * | 2010-09-25 | 2012-04-11 | 研祥智能科技股份有限公司 | Method, device and system for protecting EEPROM (Electrically Erasable Programmable Read-Only Memory) operation |
| CN102855421A (en) * | 2011-06-30 | 2013-01-02 | 研祥智能科技股份有限公司 | Method for protecting BIOS (basic input and output system) program from being embezzled, basic input and output system and computing device |
| CN103336918A (en) * | 2013-06-21 | 2013-10-02 | 福建伊时代信息科技股份有限公司 | Electronic hard disk system authorization method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106919859A (en) | 2017-07-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106919859B (en) | Basic input output system protection method and device | |
| EP3522059B1 (en) | Perform security action based on inventory comparison | |
| JP5767751B2 (en) | Method, computing platform, and program for verifying BIOS | |
| JP4769608B2 (en) | Information processing apparatus having start verification function | |
| US8438377B2 (en) | Information processing apparatus, method and computer-readable storage medium that encrypts and decrypts data using a value calculated from operating-state data | |
| JP6054908B2 (en) | Method for repairing variable sets, computer program and computer | |
| EP2854066B1 (en) | System and method for firmware integrity verification using multiple keys and OTP memory | |
| US7984283B2 (en) | System and method for secure operating system boot | |
| CN105122258B (en) | Method, computing system and the article that system is configured | |
| US11030347B2 (en) | Protect computing device using hash based on power event | |
| CN103729597A (en) | System starting verifying method and device and terminal | |
| CN113127011A (en) | Electronic device and operation method of electronic device | |
| JP2016099837A (en) | Information processing apparatus, server device, information processing system, control method and computer program | |
| CN115934194A (en) | Controller starting method and device, electronic equipment and storage medium | |
| CN113190880B (en) | Determining whether to perform an action on a computing device based on analysis of endorsement information of a security co-processor | |
| CN112613011B (en) | USB flash disk system authentication method and device, electronic equipment and storage medium | |
| CN102855421A (en) | Method for protecting BIOS (basic input and output system) program from being embezzled, basic input and output system and computing device | |
| US11663299B2 (en) | Method and apparatus for preventing rollback of firmware of data processing device, and data processing device | |
| JP5049179B2 (en) | Information processing terminal device and application program activation authentication method | |
| CN109460262B (en) | Method, system, android device and medium for verifying validity of main system image | |
| JP2021140601A (en) | Information processing device, control method therefor, and program | |
| CN110688663A (en) | Execution command protection method and device, android device and storage medium | |
| CN112966276B (en) | Method, device and medium for safely starting computer | |
| US7502942B1 (en) | System and method for authentication of embedded raid on a motherboard having input/output processor | |
| CN117574352B (en) | Software and hardware combined anti-counterfeiting method, system, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20230710 Address after: 518000 Shenzhen, Futian District, Guangdong Futian street Gangxia community Shennan Road No. 1003 Dongfang Xintiandi Plaza 5 floor 502F Patentee after: Guangdong Industrial edge intelligent Innovation Center Co.,Ltd. Address before: 518107 5th floor, No.1, Yanxiang Zhigu chuangxiangdi, No.11, Gaoxin Road, Guangming New District, Shenzhen City, Guangdong Province Patentee before: EVOC INTELLIGENT TECHNOLOGY Co.,Ltd. |
|
| TR01 | Transfer of patent right |