CN107194264A - A kind of network interface card with safety certification function based on UEFI - Google Patents

A kind of network interface card with safety certification function based on UEFI Download PDF

Info

Publication number
CN107194264A
CN107194264A CN201710373177.XA CN201710373177A CN107194264A CN 107194264 A CN107194264 A CN 107194264A CN 201710373177 A CN201710373177 A CN 201710373177A CN 107194264 A CN107194264 A CN 107194264A
Authority
CN
China
Prior art keywords
network interface
ukey
interface card
uefi
safety certification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710373177.XA
Other languages
Chinese (zh)
Inventor
于晓艳
王万强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jinan Inspur Hi Tech Investment and Development Co Ltd
Original Assignee
Jinan Inspur Hi Tech Investment and Development Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jinan Inspur Hi Tech Investment and Development Co Ltd filed Critical Jinan Inspur Hi Tech Investment and Development Co Ltd
Priority to CN201710373177.XA priority Critical patent/CN107194264A/en
Publication of CN107194264A publication Critical patent/CN107194264A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Stored Programmes (AREA)

Abstract

The present invention discloses a kind of network interface card with safety certification function based on UEFI, is related to operation system information safety certification field;The invention discloses a kind of network interface card with safety certification function based on UEFI, based on UEFI BIOS frameworks, by UKEY relevant controls and verification process, develop in the trawl performance by UEFI standard implementations, and trawl performance and the configuration information of network interface card and other relevant informations are integrated in network interface card ROM, corresponding bootload is configured in systems, it can be conveniently applied on any UEFI BIOS systems, and authentication is realized before system loads, the security of increase system, reduces system bios space-consuming.

Description

A kind of network interface card with safety certification function based on UEFI
Technical field
The present invention discloses a kind of network interface card with safety certification function based on UEFI, is related to operation system information and recognizes safely Card field.
Background technology
UEFI full name " unified Extensible Firmware Interface " (Unified Extensible Firmware Interface), it is a kind of standard that style interface is described in detail.This interface is used for the automatic behaviour from pretrigger of operating system Make environment, be loaded into a kind of operating system.UEFI BIOS systems are supported also to have formulated relevant criterion in driving aspect, with reality Existing compatibility, every driver according to this standard development, it may not be necessary to change driving, directly matched somebody with somebody by simple UEFI Put, be applied on UEFI BIOS.UEFI start-up courses include SEC, PEI, DXE, BDS, TSL, RT several stages.And PEI Code is un-compressed, is used to reduce ROM Space, should also try one's best various regarded as output controlling being put into DXE and afterwards each Stage.Wherein UKEY information security certifications, are the dual keys of the safety certification USB flash disk passed through, realize the process of authentication.This hair It is bright to disclose a kind of network interface card with safety certification function based on UEFI, based on UEFI BIOS frameworks, by UKEY relevant controls And verification process, exploitation arrived in the trawl performance by UEFI standard implementations, and by the configuration information of trawl performance and network interface card and its His relevant information is integrated in network interface card ROM, and corresponding bootload is configured in systems, in that context it may be convenient to applied to any UEFI On BIOS system, and authentication is realized before system loads, increase the security of system, the occupancy for reducing system bios is empty Between.
The content of the invention
The present invention provides a kind of network interface card with safety certification function based on UEFI, in that context it may be convenient to applied to any On UEFI BIOS systems, and authentication is realized before system loads, increase the security of system, before wide application Scape.
Concrete scheme proposed by the present invention is:
A kind of network interface card with safety certification function based on UEFI:
The driving of network interface card includes the UKEY associated verification programs by UEFI standard implementations, and trawl performance and network interface card relevant configuration Information is stored in network interface card ROM simultaneously, and reutilization system BIOS configures corresponding bootload, makes network interface card in any UEFI Authentication is realized before BIOS system loading.
The DXE phase operation that the trawl performance guiding is verified in UKEY, carries out associative operation in BDS phase, runs to Network card equipment, first starts UKEY safety certification, if otherwise certification is shut down by carrying out follow-up system loads and RT stages again Restart.
The UKEY associated verifications function includes detection operation driving and authentication of the UKEY based on UEFI BIOS frameworks Program.
A kind of application method of the network interface card with safety certification function based on UEFI, the network interface card is installed to UEFI On BIOS system mainboard, safety verification USB flash disk is connected with mainboard,
Starting up, by UEFI BIOS each startup stage, when running to trawl performance, starts UKEY correlation functions, UKEY Control program detects UKEY and runs corresponding UKEY safety certification process,
Safety certification is carried out to the information of main frame by UKEY, judges whether to continue to start, is verified, continue follow-up open Dynamic process, completion system is safely loaded with, and does not otherwise continue to start.
The DXE phase operation that trawl performance guiding is verified in UKEY in described method, related behaviour is carried out in BDS phase Make, run to network card equipment, first start UKEY safety certification, if certification by carrying out follow-up system loads and RT ranks again Section, otherwise cycle power.
Usefulness of the present invention is:
The invention discloses a kind of network interface card with safety certification function based on UEFI, the driving of network interface card includes pressing UEFI standards The UKEY associated verification programs of realization, and trawl performance and network interface card relevant configuration information be stored in network interface card ROM simultaneously, then profit Corresponding bootload is configured with system bios, network interface card is realized authentication before the loading of any UEFI BIOS systems;This hair Bright is to be based on UEFI BIOS frameworks, and by UKEY relevant controls and verification process, the trawl performance by UEFI standard implementations is arrived in exploitation In, and trawl performance and the configuration information of network interface card and other relevant informations are integrated in network interface card ROM, configure corresponding in systems Bootload, in that context it may be convenient to applied on any UEFI BIOS systems, and authentication is realized before system loads, increased The security of adding system, reduces system bios space-consuming.
Brief description of the drawings
Fig. 1 is network interface card operation logic schematic flow sheet of the present invention.
Fig. 2 network interface card application method schematic flow sheets of the present invention.
Embodiment
The present invention provides a kind of network interface card with safety certification function based on UEFI:
The driving of network interface card includes the UKEY associated verification programs by UEFI standard implementations, and trawl performance and network interface card relevant configuration Information is stored in network interface card ROM simultaneously, and reutilization system BIOS configures corresponding bootload, makes network interface card in any UEFI Authentication is realized before BIOS system loading.
The application method of above-mentioned network interface card is provided simultaneously:
The network interface card is installed on UEFI BIOS system mainboards, and safety verification USB flash disk is connected with mainboard,
Starting up, by UEFI BIOS each startup stage, when running to trawl performance, starts UKEY correlation functions, UKEY Control program detects UKEY and runs corresponding UKEY safety certification process,
Safety certification is carried out to the information of main frame by UKEY, judges whether to continue to start, is verified, continue follow-up open Dynamic process, completion system is safely loaded with, and does not otherwise continue to start.
With reference to accompanying drawing, the present invention will be further described.
Network interface card wherein of the present invention is by correlations such as detection operation drivings of the UKEY based on UEFI BIOS frameworks and authentications Function program is developed into trawl performance;
Trawl performance and network card configuration message file are integrated into network interface card ROM, reduce system bios;
In system bios, trawl performance bootstrap is set;
By UEFI SEC phase after client rs PC is started shooting, it is initialization before EFI to set CPU protected mode, PEI phase After PEI, into DXE phase;
Start that each Device handle and protocol are installed, now run network interface card bootstrap, carried out in BDS phase related When shadow is operated, network card equipment is run to, first starts UKEY safety certification, certification by carrying out follow-up system loads again And the RT stages;Otherwise shutdown need to restart manually, i.e., the safety certification of system is completed before system loads, it is ensured that the safety of system.
Realize that UEKY safety certification functions complete the safety certification of system in driving in trawl performance above, realize band There is the network interface card of UKEY authentication functions, and can be conveniently suitable in UEFI BIOS, do not increase system bios to a certain extent Size.
Wherein above-mentioned network interface card is in specifically used, after network interface card is installed on computer main board, and safety verification USB flash disk and mainboard are connected Connect, starting up.
By UEFI BIOS each startup stage, when running to trawl performance, start UKEY correlation functions, UKEY controls Programmable detection is to UKEY and runs corresponding UKEY safety certification process,
Safety certification is carried out to the information of main frame by UKEY, judges whether to continue to start computer:
If checking does not pass through, in order to which computer security does not continue to start, automatic shutdown;Then continue follow-up if the verification passes Start-up course, completion system is safely loaded with.

Claims (5)

1. a kind of network interface card with safety certification function based on UEFI, it is characterized in that
The driving of network interface card includes the UKEY associated verification programs by UEFI standard implementations, and trawl performance and network interface card relevant configuration Information is stored in network interface card ROM simultaneously, and reutilization system BIOS configures corresponding bootload, makes network interface card in any UEFI Authentication is realized before BIOS system loading.
2. network interface card according to claim 1, it is characterized in that the DXE phase fortune that trawl performance guiding is verified in UKEY OK, associative operation is carried out in BDS phase, runs to network card equipment, first start UKEY safety certification, if certification by carrying out again Follow-up system loads and RT stages, otherwise cycle power.
3. network interface card according to claim 1 or 2, it is characterized in that the UKEY associated verifications function, which includes UKEY, is based on UEFI The detection operation driving of BIOS frameworks and authentication program.
4. a kind of application method of the network interface card with safety certification function based on UEFI, it is characterized in that the network interface card is installed to On UEFI BIOS system mainboards, safety verification USB flash disk is connected with mainboard,
Starting up, by UEFI BIOS each startup stage, when running to trawl performance, starts UKEY correlation functions, UKEY Control program detects UKEY and runs corresponding UKEY safety certification process,
Safety certification is carried out to the information of main frame by UKEY, judges whether to continue to start, is verified, continue follow-up open Dynamic process, completion system is safely loaded with, and does not otherwise continue to start.
5. method according to claim 4, it is characterized in that the DXE phase fortune that trawl performance guiding is verified in UKEY OK, associative operation is carried out in BDS phase, runs to network card equipment, first start UKEY safety certification, if certification by carrying out again Follow-up system loads and RT stages, otherwise cycle power.
CN201710373177.XA 2017-05-24 2017-05-24 A kind of network interface card with safety certification function based on UEFI Pending CN107194264A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710373177.XA CN107194264A (en) 2017-05-24 2017-05-24 A kind of network interface card with safety certification function based on UEFI

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710373177.XA CN107194264A (en) 2017-05-24 2017-05-24 A kind of network interface card with safety certification function based on UEFI

Publications (1)

Publication Number Publication Date
CN107194264A true CN107194264A (en) 2017-09-22

Family

ID=59875282

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710373177.XA Pending CN107194264A (en) 2017-05-24 2017-05-24 A kind of network interface card with safety certification function based on UEFI

Country Status (1)

Country Link
CN (1) CN107194264A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108287988A (en) * 2017-12-25 2018-07-17 武汉华工安鼎信息技术有限责任公司 Safety management system and method for mobile terminal document
CN111831306A (en) * 2020-03-26 2020-10-27 成都万创科技有限责任公司 Serial number and ProjectName reading and writing method based on network card NVM
CN112363776A (en) * 2020-11-13 2021-02-12 北京智芯微电子科技有限公司 Terminal control method and device and terminal

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1609748A (en) * 2004-10-14 2005-04-27 苏州超锐微电子有限公司 Method for realizing starting up lock function in network card bootstrap zone
CN102244684A (en) * 2011-07-29 2011-11-16 电子科技大学 EFI (Extensible Firmware Interface) trusted Cloud chain guiding method based on USBKey
CN102629309A (en) * 2012-03-16 2012-08-08 苏州优康通信设备有限公司 Method for protecting personal information through network card
CN105975842A (en) * 2016-05-11 2016-09-28 浪潮集团有限公司 KEY-based BIOS safety authentication method and system in UEFI

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1609748A (en) * 2004-10-14 2005-04-27 苏州超锐微电子有限公司 Method for realizing starting up lock function in network card bootstrap zone
CN102244684A (en) * 2011-07-29 2011-11-16 电子科技大学 EFI (Extensible Firmware Interface) trusted Cloud chain guiding method based on USBKey
CN102629309A (en) * 2012-03-16 2012-08-08 苏州优康通信设备有限公司 Method for protecting personal information through network card
CN105975842A (en) * 2016-05-11 2016-09-28 浪潮集团有限公司 KEY-based BIOS safety authentication method and system in UEFI

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
王晓箴 等: "EFI BIOS安全隐患分析及基于Ukey的可信防护策略", 《全国计算机、网络在现代科学技术领域的应用学术会议2009》 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108287988A (en) * 2017-12-25 2018-07-17 武汉华工安鼎信息技术有限责任公司 Safety management system and method for mobile terminal document
CN111831306A (en) * 2020-03-26 2020-10-27 成都万创科技有限责任公司 Serial number and ProjectName reading and writing method based on network card NVM
CN112363776A (en) * 2020-11-13 2021-02-12 北京智芯微电子科技有限公司 Terminal control method and device and terminal

Similar Documents

Publication Publication Date Title
US9886580B2 (en) Method for optimizing boot time of an information handling system
US8826261B1 (en) Programming processors through CAN interface without changing the boot mode select pins
US7752428B2 (en) System and method for trusted early boot flow
CN106020875B (en) Firmware update management method and device of embedded terminal
CN101656949B (en) Method and terminals for aerial upgrade of firmware
CN104102518B (en) double-CPU system and program upgrading method thereof
CN104581397B (en) The method for upgrading system and device of android set top box
CN107194264A (en) A kind of network interface card with safety certification function based on UEFI
CN105825131B (en) A kind of computer safety start means of defence based on UEFI
CN111125675B (en) Method and system for controlling debug port and test method
CN105488418B (en) trusted starting method and system of virtualization platform server
WO2017219861A1 (en) Method and device for controlling system start-up mode
US20090019435A1 (en) System and method for over the air programming
CN100504778C (en) Open system and method for computer
WO2016062146A1 (en) Serial number information update method, device and terminal
CN104951328A (en) Embedded equipment and starting method thereof
CN103019758A (en) Electronic device starting-up acceleration method and related electronic device
CN112860330A (en) Method and device for installing operating system, computer equipment and storage medium
CN110457073A (en) A kind of credible starting method of the Pre-boot Execution Environment PXE of Shen prestige server
CN105677409B (en) A kind of method for upgrading system and device
CN102414662A (en) Method and system for providing a data module lock to device hardware, system and method for confirming that a circuit card is compatible with a computer
CN108139901B (en) Runtime verification using external devices
CN102622254B (en) Television outage disposal route and system
CN106919423B (en) Firmware upgrading method and device
US11023220B2 (en) Firmware update with integrated smart sequence and action engine

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20170922