CN107329753A - The method of adjustment and electronic equipment of a kind of firmware interface code - Google Patents

The method of adjustment and electronic equipment of a kind of firmware interface code Download PDF

Info

Publication number
CN107329753A
CN107329753A CN201710509791.4A CN201710509791A CN107329753A CN 107329753 A CN107329753 A CN 107329753A CN 201710509791 A CN201710509791 A CN 201710509791A CN 107329753 A CN107329753 A CN 107329753A
Authority
CN
China
Prior art keywords
code
patch
patch code
firmware interface
code file
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710509791.4A
Other languages
Chinese (zh)
Other versions
CN107329753B (en
Inventor
邱泰瑜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Lenovo Beijing Ltd
Original Assignee
Lenovo Beijing Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lenovo Beijing Ltd filed Critical Lenovo Beijing Ltd
Priority to CN201710509791.4A priority Critical patent/CN107329753B/en
Publication of CN107329753A publication Critical patent/CN107329753A/en
Application granted granted Critical
Publication of CN107329753B publication Critical patent/CN107329753B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/4401Bootstrapping
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates
    • G06F8/654Updates using techniques specially adapted for alterable solid state memories, e.g. for EEPROM or flash memories
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/4401Bootstrapping
    • G06F9/4411Configuring for operating with peripheral devices; Loading of device drivers

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)

Abstract

The present invention provides the method for adjustment and electronic equipment of a kind of firmware interface code, startup initial phase of this method in electronic equipment, it is determined whether exists and adjusts demand to the code of firmware interface;If in the presence of, obtained from electronic equipment internal memory for realize code adjustment patch code file, this document include for adjust firmware interface code section;On this basis, patch code file is loaded, and enters line code adjustment to firmware interface using patch code file.It can be seen that, the invention provides the patch code file deposited in advance in a kind of utilization internal memory, the scheme being adjusted in patch mode in the startup initial phase of electronic equipment to the code of firmware interface, it can be realized and only the code section that there is adjustment demand in firmware interface is adjusted using the present invention program targetedly, brush justifying interface code of laying equal stress on need not be reformulated, enables to the adjustment of firmware interface code more convenient and highly efficient.

Description

The method of adjustment and electronic equipment of a kind of firmware interface code
Technical field
The invention belongs to the adjustment update method field that equipment starts configuration code, more particularly to a kind of firmware interface code Method of adjustment and electronic equipment.
Background technology
UEFI (Unified Extensible Firmware Interface, unified Extensible Firmware Interface), is one Plant the standard that style interface is described in detail.
At present, after UEFI is sent, if there is significant problem so that UEFI needs to adjust into line code, or some visitors Family special requirement need to enter UEFI line code adjustment, then need the UEFI codes for waiting until next new edition to send, or only pin Some clients are still further sent with a new UEFI, integrally to substitute original UEFI.I.e. prior art needs to reformulate newly Version UEFI, which lays equal stress on, brushes UEFI, and to meet UEFI code adjustment demand, this can make troubles for UEFI code adjustment, and adjustment It is less efficient.
The content of the invention
In view of this, it is an object of the invention to provide a kind of method of adjustment of interface code and electronic equipment, it is intended to gram The above mentioned problem that exists when taking prior art adjustment firmware interface code so that the adjustment of firmware interface code it is more convenient and It is highly efficient.
Therefore, the present invention is disclosed directly below technical scheme:
A kind of method of adjustment of firmware interface code, applied to electronic equipment, the firmware interface is applied to electronic equipment Startup initialization in, methods described includes:
In the startup initial phase of electronic equipment, it is determined whether exist and adjust demand to the code of the firmware interface;
If adjusting demand in the presence of the code to the firmware interface, obtained from electronic equipment internal memory for realizing code The patch code file of adjustment;The patch code file includes the firmware interface code section for adjusting;
The patch code file is loaded, line code adjustment is entered to the firmware interface using the patch code file.
The above method, it is preferred that described determine whether there is adjusts demand to the code of the firmware interface, including:
Determine in electronic equipment internal memory with the presence or absence of the patch code file for needing to be performed;
If in the presence of the patch code file that is performed is needed, judge the version number that is provided in the patch code file with Whether the version number of the firmware interface is consistent, obtains judged result;
If judged result represents consistent, it is determined that go out the code adjustment demand existed to the firmware interface.
The above method, it is preferred that the patch code text for realizing code adjustment is obtained in the internal memory from electronic equipment Part, including:
The patch code text for realizing code adjustment is obtained from the baseboard management controller BMC internal memories of electronic equipment Part.
The above method, it is preferred that before the loading patch code file, methods described also includes:
Verify whether the patch code in the patch code file occurred to repair by the way of private key encryption cryptographic Hash Change, be verified result, and when the result represents not occur modification, perform the step of the loading patch code file Suddenly.
The above method, it is preferred that described the patch code file to be verified by the way of private key encryption cryptographic Hash whether Generation, which is crossed, to be changed, including:
The cryptographic hash provided in the patch code file is provided;Wherein, the cryptographic hash is to be mended to described Patch code cryptographic Hash in fourth code file carries out the result of gained after private key encryption, and the patch code cryptographic Hash is advance The result of gained after being calculated using corresponding hash algorithm the patch code;
The cryptographic hash is decrypted using with the public key that the private key matches, the first cryptographic Hash is obtained;
Using the hash algorithm, Hash calculation is carried out to the patch code in the patch code file, second is obtained Cryptographic Hash;
Judge whether second cryptographic Hash is consistent with first cryptographic Hash, obtains judged result;If judged result table Show consistent, then modification did not occurred for the patch code in the patch code file.
A kind of electronic equipment, including:
Firmware interface, the firmware interface is applied in the startup initialization of electronic equipment;
Memory device, for depositing patch code file;
Processor, for the startup initial phase in electronic equipment, it is determined whether there is the generation to the firmware interface Code adjustment demand;If adjusting demand in the presence of the code to the firmware interface, obtained from the memory device for realizing The patch code file of code adjustment, the patch code file includes the firmware interface code section for adjusting;Loading The patch code file, line code adjustment is entered to the firmware interface using the patch code file.
Above-mentioned electronic equipment, it is preferred that the processor, it is determined whether existing to adjust the code of the firmware interface needs Ask, specifically include:
Determine in the memory device of electronic equipment with the presence or absence of the patch code file for needing to be performed;If in the presence of need by The patch code file of execution, then judge the version number of the version number and firmware interface provided in the patch code file It is whether consistent, obtain judged result;If judged result represents consistent, it is determined that go out the code adjustment existed to the firmware interface Demand.
Above-mentioned electronic equipment, it is preferred that the memory device is BMC internal memories, then the processor, from electronic equipment internal memory The patch code file for realizing code adjustment is obtained in device, is specifically included:
The patch code file for realizing code adjustment is obtained from the BMC internal memories of electronic equipment.
Above-mentioned electronic equipment, it is preferred that the processor, is additionally operable to:
Verify whether the patch code in the patch code file occurred to repair by the way of private key encryption cryptographic Hash Change, be verified result, and when the result represents not occur modification, perform the step of the loading patch code file Suddenly.
Above-mentioned electronic equipment, it is preferred that the processor verifies the patch generation by the way of private key encryption cryptographic Hash Whether code file occurred modification, specifically included:
The cryptographic hash provided in the patch code file is provided;Wherein, the cryptographic hash is to be mended to described Patch code cryptographic Hash in fourth code file carries out the result of gained after private key encryption, and the patch code cryptographic Hash is advance The result of gained after being calculated using corresponding hash algorithm the patch code;Utilize the public key matched with the private key The cryptographic hash is decrypted, the first cryptographic Hash is obtained;Using the hash algorithm, in the patch code file Patch code carry out Hash calculation, obtain the second cryptographic Hash;Judge second cryptographic Hash whether with first cryptographic Hash Unanimously, judged result is obtained;If judged result represents consistent, the patch code in the patch code file did not occurred to repair Change.
The method of adjustment and electronic equipment of the firmware interface code provided from above scheme, the present invention, set in electronics Standby startup initial phase, it is determined whether exist and demand is adjusted to the code of firmware interface;If in the presence of out of electronic equipment The middle patch code file obtained for realizing code adjustment is deposited, the patch code file includes the firmware interface for adjusting Code section;On this basis, patch code file is loaded, and enters line code to firmware interface using patch code file and is adjusted It is whole.It can be seen that, the invention provides the patch code file deposited in advance in a kind of utilization internal memory, in patch mode in electronic equipment The scheme that is adjusted to the code of firmware interface of startup initial phase, can be realized targetedly using the present invention program Only the code section that there is adjustment demand in firmware interface is adjusted, without reformulating brush justifying interface code of laying equal stress on, Enable to the adjustment of firmware interface code more convenient and highly efficient.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing There is the accompanying drawing used required in technology description to be briefly described, it should be apparent that, drawings in the following description are only this The embodiment of invention, for those of ordinary skill in the art, on the premise of not paying creative work, can also basis The accompanying drawing of offer obtains other accompanying drawings.
Fig. 1 is a kind of flow chart of the method for adjustment embodiment one for firmware interface code that the present invention is provided;
Fig. 2 is a kind of flow chart of the method for adjustment embodiment two for firmware interface code that the present invention is provided;
Fig. 3 is a kind of flow chart of the method for adjustment embodiment three for firmware interface code that the present invention is provided;
Fig. 4 be the embodiment of the present invention three provide in the way of private key encryption cryptographic Hash, to the benefit in patch code file The flow chart that fourth code is verified;
Fig. 5 is the principle signal that utilization the inventive method that the embodiment of the present invention three is provided enters line code adjustment to UEFI Figure;
Fig. 6 is the structural representation for a kind of electronic equipment example IV that the present invention is provided.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Site preparation is described, it is clear that described embodiment is only a part of embodiment of the invention, rather than whole embodiments.It is based on Embodiment in the present invention, it is every other that those of ordinary skill in the art are obtained under the premise of creative work is not made Embodiment, belongs to the scope of protection of the invention.
The embodiment of the present invention one provides a kind of method of adjustment of firmware interface code, to overcome prior art by making again Surely when refreshing version firmware interface of laying equal stress on enters line code adjustment to firmware interface, the problem of existing not convenient enough and low efficiency, So that the adjustment of firmware interface code is more convenient and highly efficient.This method can apply to electronic equipment, the electronics Equipment can be the various intelligent terminals such as smart mobile phone, tablet personal computer, can also be notebook computer, desktop computer, all-in-one etc. Various computer equipments.
A kind of flow chart of the method for adjustment embodiment one of firmware interface code with reference to shown in Fig. 1, methods described can be with Comprise the following steps:
Step 101, the startup initial phase in electronic equipment, it is determined whether there is the code tune to the firmware interface Whole demand.
Wherein, the firmware interface is applied in the startup initialization of electronic equipment, and the firmware interface can be but not It is confined to UEFI.
It is of the invention main by the startup initial phase in electronic equipment, to needing what is adjusted into line code in firmware interface Part carries out targetedly code adjustment in patch mode, to meet the code adjustment demand of firmware interface, so that After the completion of initialization, the firmware interface that electronic equipment is started is the firmware interface after code is adjusted.
In the startup initial phase of electronic equipment, need to determine whether there is to the firmware interface in electronic equipment first Code adjusts demand.And in the presence of, each ensuing step of the present invention program is continued executing with, to complete to firmware interface Code is adjusted, if conversely, being not present, in the conventional startup initialization procedure of electronic equipment execution.
If step 102, in the presence of to the code of the firmware interface adjusting demand, being obtained from electronic equipment internal memory is used for Realize the patch code file of code adjustment;The patch code file includes the firmware interface code section for adjusting.
Because the present invention is adjusted using patch mode to the code section that there is adjustment demand in firmware interface, from And, before line code adjustment is entered to firmware interface, need to possess and store the patch code file of firmware interface in advance.
Starting initial phase in view of electronic equipment, the resource being able to access that is limited, wherein, in storage resource Access in terms of, the memory source in the limited resources that can access can be conducted interviews, such as, by taking UEFI as an example, equipment exists The later stage in included PEI (Pre-EFI Initialization, EFI pre-initialize) stages can visit in UEFI start-up courses Memory source (be inside stored to PEI later stages be just initialised) is asked, in DXE (Driver Execution Environment, driving Performing environment) stage, internal memory can be fully used, so that the present invention is using the advance storage firmware interface in device memory Patch code file, support is provided to be embodied as equipment in the code adjustment for starting initial phase progress firmware interface.
In consideration of it, when determining in the presence of demand is adjusted to the code of firmware interface, electronic equipment may have access to and internal memory, from Obtained in electronic equipment internal memory at least includes being used in the patch code file for realizing code adjustment, the patch code file The firmware interface code section of adjustment, i.e. patch code are realized, justifying is directly provided with the firmware interface of new edition in the prior art Code is distinguished, and the patch code is only for the code section for needing to be adjusted in firmware interface.Wherein, the patch code file The form of file can be specifically driven using firmware interface, such as UEFI, patch code file can then use UEFI driver Document form.
Step 103, the loading patch code file, generation is carried out using the patch code file to the firmware interface Code adjustment.
After by accessing the patch code file that electronic equipment internal memory is obtained for realization adjustment, the patch generation can be loaded Code file, runtime code adjustment is carried out using the patch code in the patch code file to the firmware interface, so that Meet the firmware interface adjustment demand of equipment so that electronic equipment is after completing to start initialization, the firmware interface started Firmware interface specially after code adjustment.
The method of adjustment of firmware interface code provided in an embodiment of the present invention, in the startup initial phase of electronic equipment, Determine whether there is and demand is adjusted to the code of firmware interface;If in the presence of being obtained from electronic equipment internal memory is used to realize generation The patch code file of code adjustment, the patch code file includes the firmware interface code section for adjusting;It is basic herein On, patch code file is loaded, and enter line code adjustment to firmware interface using patch code file.It can be seen that, the present invention is provided A kind of patch code file deposited in advance in utilization internal memory, with patch mode electronic equipment startup initial phase pair The scheme that the code of firmware interface is adjusted, can be realized targetedly only to existing in firmware interface using the present invention program The code section of adjustment demand is adjusted, and without reformulating brush justifying interface code of laying equal stress on, enables to firmware interface generation The adjustment of code is more convenient and highly efficient.
In ensuing embodiment, the method for adjustment of the firmware interface code provided the present invention is carried out specifically Elaboration, a kind of flow chart of the method for adjustment embodiment two of firmware interface code with reference to shown in Fig. 2, in the present embodiment, institute The method of stating can be realized by procedure below:
Step 201, determine electronic equipment BMC (Baseboard Management Controller, substrate management control Device) in internal memory with the presence or absence of the patch code file for needing to be performed.
In view of BMC internal memories are compared to other internal memories, such as HDD (Hard Disk Drive, hard disk drive) etc., can Accessed in the earlier stage for starting initialization by equipment, so that in the present embodiment, it is preferable that deposit firmware using BMC internal memories The patch code file of interface.
Wherein, in the startup initial phase of electronic equipment, due to not completing the startup of operating system also, so as to use IPMI (Intelligent Platform Management Interface, intelligence are sent to baseboard management controller (BMC) Platform management interface) order mode, come learn in BMC internal memories whether there is patch code file, such as with the presence or absence of UEFI Driver files need to be performed.
If step 202, the patch code file being performed in the presence of needs, judge what is provided in the patch code file Whether version number is consistent with the version number of the firmware interface, obtains judged result.
In practical application, each edition firmware interface is all to that should have a corresponding version number, based on this feature, the present embodiment When carrying out the design of patch code file, except providing required patch code in this document, use is also provided hereof In the version number of comparison, the version number specifically indicate which/firmware interface of a little version needs adjustment.
If in consideration of it, as there is the patch code file for needing to be performed in BMC internal memories in the internal memory of electronic equipment, Read version number therein from the patch code file first, and by the corresponding actual version number of electronic device firmware interface with The version number included in the patch code file is compared, and judges whether both are consistent, to determine in electronic equipment Whether firmware interface needs to adjust into line code.
If step 203, judged result represent consistent, it is determined that go out the code adjustment demand existed to the firmware interface.
If both are consistent, then it represents that the firmware interface in electronic equipment needs to adjust into line code, so that in such cases, Determine and adjust demand in the presence of the code to electronic device firmware interface;Otherwise, if both are inconsistent, set in the absence of to electronics The code adjustment demand of standby firmware interface.
If step 204, in the presence of to the code of the firmware interface adjusting demand, obtained from electronic equipment BMC internal memories Patch code file for realizing code adjustment.
Because the present embodiment prestores the patch code file of firmware interface using BMC internal memories, so that, when in the presence of to electricity During the code adjustment demand of sub- equipment firmware interface, the BMC internal memories of specific addressable electronic equipment, out of, electronic equipment BMC Deposit middle acquisition and realize the required patch code file of firmware interface code adjustment, such as, adjustment UEFI generations are obtained from BMC internal memories UEFI driver needed for code etc..
Step 205, the loading patch code file, generation is carried out using the patch code file to the firmware interface Code adjustment.
By access the BMC internal memories of electronic equipment obtain for realize code adjust patch code file after, can add The patch code file is carried, line code adjustment is entered to the firmware interface using the patch code in the patch code file, So as to meet the firmware interface adjustment demand of equipment so that electronic equipment is after completing to start initialization, the firmware started Interface is specially the firmware interface after code adjustment.
The present embodiment realizes the patch code file deposited in advance in a kind of utilization internal memory, is set in patch mode in electronics The scheme that standby startup initial phase is adjusted to the code of firmware interface, can be realized targetedly using the present invention program Ground is only adjusted to the code section that there is adjustment demand in firmware interface, without reformulating brush justifying interface generation of laying equal stress on Code, enables to the adjustment of firmware interface code more convenient and highly efficient.
In ensuing another embodiment, i.e. embodiments of the invention three, a kind of firmware interface generation with reference to shown in Fig. 3 The flow chart of the method for adjustment embodiment three of code, in the present embodiment, methods described the loading patch code file it Before, it can also include:
Step 103 ', verify by the way of private key encryption cryptographic Hash whether is patch code in the patch code file Generation, which is crossed, to be changed, and is verified result, and when the result represents not occur modification, performs the loading patch code text The step of part.
The present embodiment is specifically provided in the way of private key encryption cryptographic Hash, and the patch code in patch code file is carried out The scheme of checking, to verify whether the patch code in the patch code file occurred modification, and then ensures the patch The security of code file, and modification, i.e. patch did not occurred for patch code only in the patch code file is verified In the case of code file safety, just using the patch code file as according to the code adjustment for carrying out firmware interface.
With reference to Fig. 4, the present embodiment provides following processing procedure to realize in the way of private key encryption cryptographic Hash, to patch generation Patch code in code file is verified:
The cryptographic hash provided in step 401, the reading patch code file;Wherein, the cryptographic hash is The result of gained after private key encryption, the patch code Hash are carried out to the patch code cryptographic Hash in the patch code file It is worth to advance with the result of gained after corresponding hash algorithm calculates the patch code.
To support the authentication function to patch code file, the present embodiment is removed when being designed to patch code file Required patch code is provided in this document, also added wherein for realizing the encryption verified to patch code Kazakhstan Uncommon value.
The cryptographic hash is specially:Before patch code file is sent, corresponding hash algorithm is advanced with to this document In patch code carry out Hash calculation, and the result of rear gained using private key the cryptographic Hash obtained by calculating is encrypted. When carrying out document design, the cryptographic hash can be added to the afterbody of patch code hereof, but not limited to this.
Based on this, when electronic equipment obtains patch code file from internal memory, and when being verified to it, it need to read first The cryptographic hash provided in patch code file.
Step 402, using with the public key that the private key matches the cryptographic hash is decrypted, obtains the first Kazakhstan Uncommon value.
After the cryptographic hash provided in reading patch code file, the private key phase used during using with encryption The cryptographic hash is decrypted the public key matched somebody with somebody, so as to obtain the first cryptographic Hash.
Step 403, using the hash algorithm, Hash calculation is carried out to the patch code in the patch code file, Obtain the second cryptographic Hash.
Whether occurred modification after patch code file is sent for checking patch code, the Hash can be reused and calculated The current patch code that method includes to patch code file carries out Hash calculation, so as to obtain the second cryptographic Hash.
Step 404, judge whether second cryptographic Hash is consistent with first cryptographic Hash, obtains judged result.
On this basis, first cryptographic Hash, the second cryptographic Hash can be compared, and judges second cryptographic Hash It is whether consistent with first cryptographic Hash.
If step 405, judged result represent consistent, the patch code in the patch code file did not occurred to repair Change.
If both are consistent, then it represents that offer before included current patch code is sent with file in patch code file Patch code is consistent, namely represents that modification did not occurred for the patch code in patch code file, ensures that patch The security of patch code in code file, subsequently can be by loading patch code file and using patch code therein to electricity The firmware interface of sub- equipment enters line code adjustment.
Next, the present embodiment is adjusted to example there is provided the concrete application of the present invention program is real to enter line code to UEFI Example.
In this example, the specific patch code file UEFI driver for depositing UEFI in advance using BMC internal memories, reference Shown in table 1, UEFI driver have file structure as shown in table 1:Wherein, one is designed with UEFI top of file Function mark (feature flag), the function mark specifically indicates to need the version number of the firmware interface into line code adjustment; Patch code is deposited in document body;Cryptographic hash is added with tail of file, the acquisition pattern of the cryptographic hash can With reference to described in foregoing embodiments, no longer it is discussed in detail herein.
Table 1
UEFI driver structure
Header(feature flag)
UEFI driver content
Encrypt Hash value
On this basis, the principle schematic of line code adjustment is entered to UEFI with reference to Fig. 5 utilization the present invention program provided.
Wherein, start to set in BIOS (Basic Input Output System, basic input output system) power-on self-test Standby startup initialization, and enter after UEFI startup stages, the PEI phase in UEFI start-up courses is sent out to baseboard controller Go out IPMI orders, known with this with the presence or absence of the UEFI driver for needing to be performed in BMC internal memories of equipment, if finding BMC There is UEFI driver in internal memory, then by the way that the version number provided in UEFI driver at feature flag is consolidated with equipment The actual version number of part interface is compared, and determines that the firmware interface in equipment adjusts demand with the presence or absence of code, and at both It is consistent to determine that the cryptographic Hash provided in UEFI driver is read in continuation when adjusting demand in the presence of the code to firmware interface Value, the mode of the private key encryption cryptographic Hash provided using foregoing embodiments verifies whether the patch code in UEFI driver is sent out Modification was given birth to, if the result represents that modification did not occurred, i.e. when patch code in UEFI driver is safe, UEFI is loaded Driver, the UEFI codes needed for PEI phase is carried out using the corresponding patch code provided in UEFI driver are adjusted.
Afterwards, when entering UEFI DXE phase, perform and the similar processing procedure of PEI phase, to complete the stage The adjustment of UEFI codes, adjusted by the UEFI codes in described two stages, demand adjusted the runtime code that meets UEFI. So as to be completed in power-on self-test, after the startup initialization for terminating equipment, the UEFI of achievable startup completion code adjustment.
The present embodiment carries out safety by way of with private key encryption cryptographic Hash to the patch code in patch code file Checking, can effectively ensure the security of patch code in patch code file, and then can ensure the generation of electronic device firmware interface Code adjustment security.
There is provided a kind of electronic equipment in the embodiment of the present invention four, to overcome prior art by reformulating brush of laying equal stress on When new edition firmware interface enters line code adjustment to firmware interface, the problem of existing not convenient enough and low efficiency so that firmware The adjustment of interface code is more convenient and highly efficient.The electronic equipment can be that smart mobile phone, tablet personal computer etc. are various Intelligent terminal, can also be the various computer equipments such as notebook computer, desktop computer, all-in-one.
The structural representation of a kind of electronic equipment example IV with reference to shown in Fig. 6, the electronic equipment includes:
Firmware interface 601, the firmware interface is applied in the startup initialization of electronic equipment;
Memory device 602, for depositing patch code file;
Processor 603, for the startup initial phase in electronic equipment, it is determined whether exist to the firmware interface Code adjusts demand;If adjusting demand in the presence of the code to the firmware interface, obtained from the memory device for real The patch code file of modern code adjustment, the patch code file includes the firmware interface code section for adjusting;Plus The patch code file is carried, line code adjustment is entered to the firmware interface using the patch code file.
Wherein, the firmware interface is applied in the startup initialization of electronic equipment, and the firmware interface can be but not It is confined to UEFI.
It is of the invention main by the startup initial phase in electronic equipment, to needing what is adjusted into line code in firmware interface Part carries out targetedly code adjustment in patch mode, to meet the code adjustment demand of firmware interface, so that After the completion of initialization, the firmware interface that electronic equipment is started is the firmware interface after code is adjusted.
In the startup initial phase of electronic equipment, need to determine whether there is the firmware interface in electronic equipment first Code adjustment demand.And in the presence of, each ensuing step of the present invention program is continued executing with, to complete to connect firmware The code adjustment of mouth, if conversely, being not present, in the conventional startup initialization procedure of electronic equipment execution.
Because the present invention is adjusted using patch mode to the code section that there is adjustment demand in firmware interface, from And, before line code adjustment is entered to firmware interface, need to possess and store the patch code file of firmware interface in advance.
Starting initial phase in view of electronic equipment, the resource being able to access that is limited, wherein, in storage resource Access in terms of, the memory source in the limited resources that can access can be conducted interviews, such as, by taking UEFI as an example, equipment exists The later stage of included PEI phase is able to access that memory source (has inside been stored to the PEI later stages just initial in UEFI start-up courses Change), in DXE phase, internal memory can be fully used, so that the present invention is using the advance storage firmware interface in device memory Patch code file, support is provided to be embodied as equipment in the code adjustment for starting initial phase progress firmware interface.
In consideration of it, when determining in the presence of demand is adjusted to the code of firmware interface, electronic equipment may have access to and internal memory, from Obtained in electronic equipment internal memory at least includes being used in the patch code file for realizing code adjustment, the patch code file The firmware interface code section of adjustment, i.e. patch code are realized, justifying is directly provided with the firmware interface of new edition in the prior art Code is distinguished, and the patch code is only for the code section for needing to be adjusted in firmware interface.Wherein, the patch code file The form of file can be specifically driven using firmware interface, such as UEFI, patch code file can then use UEFI driver Document form.
After by accessing the patch code file that electronic equipment internal memory is obtained for realization adjustment, the patch generation can be loaded Code file, runtime code adjustment is carried out using the patch code in the patch code file to the firmware interface, so that Meet the firmware interface adjustment demand of equipment so that electronic equipment is after completing to start initialization, the firmware interface started Firmware interface specially after code adjustment.
Electronic equipment provided in an embodiment of the present invention, is starting initial phase, it is determined whether exist to firmware interface Code adjusts demand;If in the presence of, obtained from electronic equipment internal memory for realize code adjustment patch code file, the benefit Fourth code file includes the firmware interface code section for adjusting;On this basis, patch code file is loaded, and is utilized Patch code file enters line code adjustment to firmware interface.It can be seen that, the invention provides what is deposited in advance in a kind of utilization internal memory Patch code file, the side being adjusted in patch mode in the startup initial phase of electronic equipment to the code of firmware interface Case, can be realized using the present invention program and targetedly only the code section that there is adjustment demand in firmware interface is adjusted It is whole, without reformulating brush justifying interface code of laying equal stress on, enable to the adjustment of firmware interface code more convenient and more Efficiently.
In ensuing embodiment five, the function of processor carries out more detailed in the electronic equipment that will be provided the present invention In thin elaboration, the present embodiment, the processing implement body can realize that entering line code to firmware interface adjusts by following processing procedure It is whole:
Determine in electronic equipment BMC internal memories with the presence or absence of the patch code file for needing to be performed;If being held in the presence of needs Capable patch code file, then judge that the version number and the version number of the firmware interface that are provided in the patch code file are It is no consistent, obtain judged result;If judged result represents consistent, it is determined that going out to exist to adjust the code of the firmware interface needs Ask;If adjusting demand in the presence of the code to the firmware interface, obtained from electronic equipment BMC internal memories for realizing that code is adjusted Whole patch code file;The patch code file is loaded, the firmware interface is carried out using the patch code file Code is adjusted.
Specifically, in view of BMC internal memories are compared to other internal memories, such as HDD etc., the earlier stage of initialization can started Accessed by equipment, so that in the present embodiment, it is preferable that the patch code file of firmware interface is deposited using BMC internal memories.
Wherein, in the startup initial phase of electronic equipment, due to not completing the startup of operating system also, so as to use The mode of IPMI orders is sent to baseboard management controller (BMC), patch code file is whether there is in BMC internal memories to learn, Such as need to be performed with the presence or absence of UEFI driver files.
In practical application, each edition firmware interface is all to that should have a corresponding version number, based on this feature, the present embodiment When carrying out the design of patch code file, except providing required patch code in this document, use is also provided hereof In the version number of comparison, the version number specifically indicate which/firmware interface of a little version needs adjustment.
If in consideration of it, as there is the patch code file for needing to be performed in BMC internal memories in the internal memory of electronic equipment, Read version number therein from the patch code file first, and by the corresponding actual version number of electronic device firmware interface with The version number included in the patch code file is compared, and judges whether both are consistent, to determine in electronic equipment Whether firmware interface needs to adjust into line code.
If both are consistent, then it represents that the firmware interface in electronic equipment needs to adjust into line code, so that in such cases, Determine and adjust demand in the presence of the code to electronic device firmware interface;Otherwise, if both are inconsistent, set in the absence of to electronics The code adjustment demand of standby firmware interface.
Because the present embodiment prestores the patch code file of firmware interface using BMC internal memories, so that, when in the presence of to electricity During the code adjustment demand of sub- equipment firmware interface, the BMC internal memories of specific addressable electronic equipment, out of, electronic equipment BMC Deposit middle acquisition and realize the required patch code file of firmware interface code adjustment, such as, adjustment UEFI generations are obtained from BMC internal memories UEFI driver needed for code etc..
By access the BMC internal memories of electronic equipment obtain for realize code adjust patch code file after, can add The patch code file is carried, enters line code adjustment to the firmware interface using the patch code file, is set so as to meet Standby firmware interface adjustment demand so that electronic equipment is after completing to start initialization, the firmware interface started specially generation Firmware interface after code adjustment.
The present embodiment realizes the patch code file deposited in advance in a kind of utilization internal memory, is set in patch mode in electronics The scheme that standby startup initial phase is adjusted to the code of firmware interface, can be realized targetedly using the present invention program Ground is only adjusted to the code section that there is adjustment demand in firmware interface, without reformulating brush justifying interface generation of laying equal stress on Code, enables to the adjustment of firmware interface code more convenient and highly efficient.
In the embodiment of the present invention six, the processor in the electronic equipment can be also used for:Using private key encryption Hash The mode of value verifies whether the patch code in the patch code file occurred modification, is verified result, and in checking When as a result representing not occur modification, the step of loading the patch code file is performed.
That is, the present embodiment is provided in the way of private key encryption cryptographic Hash, and the patch code in patch code file is carried out The scheme of checking, to verify whether the patch code in the patch code file occurred modification, and then ensures the patch The security of code file, and modification, i.e. patch did not occurred for patch code only in the patch code file is verified In the case of code file safety, just using the patch code file as according to the code adjustment for carrying out firmware interface.
Wherein, the present embodiment uses following processing procedure to realize in the way of private key encryption cryptographic Hash in processor, right Patch code in patch code file is verified:
The cryptographic hash provided in the patch code file is provided;Wherein, the cryptographic hash is to be mended to described Patch code cryptographic Hash in fourth code file carries out the result of gained after private key encryption, and the patch code cryptographic Hash is advance The result of gained after being calculated using corresponding hash algorithm the patch code;Utilize the public key matched with the private key The cryptographic hash is decrypted, the first cryptographic Hash is obtained;Using the hash algorithm, in the patch code file Patch code carry out Hash calculation, obtain the second cryptographic Hash;Judge second cryptographic Hash whether with first cryptographic Hash Unanimously, judged result is obtained;If judged result represents consistent, the patch code in the patch code file did not occurred to repair Change.
Specifically, to support the authentication function to patch code file, the present embodiment is set to patch code file Timing, except providing patch code in this document, is also added for realizing the encryption verified to patch code wherein Cryptographic Hash.
The cryptographic hash is specially:Before patch code file is sent, corresponding hash algorithm is advanced with to this document In patch code carry out Hash calculation, and the knot of rear gained using private key the cryptographic Hash result obtained by calculating is encrypted Really.When carrying out document design, the cryptographic hash can be added to the afterbody of patch code hereof, but be not limited to This.
Based on this, when electronic equipment obtains patch code file from internal memory, and when being verified to it, it need to read first The cryptographic hash provided in patch code file.
After the cryptographic hash provided in reading patch code file, the private key phase used during using with encryption The cryptographic hash is decrypted the public key matched somebody with somebody, so as to obtain the first cryptographic Hash.
Whether occurred modification after patch code file is sent for checking patch code, the Hash can be reused and calculated The current patch code that method includes to patch code file carries out Hash calculation, so as to obtain the second cryptographic Hash.
Again on the basis of this, first cryptographic Hash, the second cryptographic Hash can be compared, judge that second cryptographic Hash is It is no consistent with first cryptographic Hash, if both are consistent, then it represents that in patch code file included current patch code with The patch code of offer is consistent before file is sent, namely represents that the patch code in patch code file did not occurred to repair Change, ensure that the security of patch code in patch code file, subsequently can be by loading patch code file and utilizing Patch code therein enters line code adjustment to the firmware interface of electronic equipment.
The present embodiment in electronics processors with private key encryption cryptographic Hash by way of, in patch code file Patch code carry out safety verification, can effectively ensure the security of patch code in patch code file, and then electricity can be ensured The code adjustment security of sub- equipment firmware interface.
In summary, the solution of the present invention has the advantage that:
, can when firmware interface such as UEFI is because having a significant problem or when some customer specific requirements need to adjust into line code To send the runtime code adjustment that patch file carries out firmware interface to domestic consumer or particular client in time, it is not required to make again Determine new edition firmware interface to lay equal stress on the complete interface code of brush so that the adjustment of firmware interface code is more convenient and more high Effect;The verification method that can be provided by the present invention ensures the security of patch code;One patch can be covered with different platform, The versatility of code adjustment is improved, and increase or modification patch content are more flexible.
It should be noted that each embodiment in this specification is described by the way of progressive, each embodiment weight Point explanation be all between difference with other embodiment, each embodiment identical similar part mutually referring to.
For convenience of description, describe to be divided into various modules when system above or device with function or unit is described respectively. Certainly, the function of each unit can be realized in same or multiple softwares and/or hardware when implementing the application.
As seen through the above description of the embodiments, those skilled in the art can be understood that the application can Realized by the mode of software plus required general hardware platform.Understood based on such, the technical scheme essence of the application On the part that is contributed in other words to prior art can be embodied in the form of software product, the computer software product It can be stored in storage medium, such as ROM/RAM, magnetic disc, CD, including some instructions are to cause a computer equipment (can be personal computer, server, or network equipment etc.) performs some of each embodiment of the application or embodiment Method described in part.
Finally, in addition it is also necessary to explanation, herein, the relational terms of such as first, second, third and fourth or the like It is used merely to make a distinction an entity or operation with another entity or operation, and not necessarily requires or imply these There is any this actual relation or order between entity or operation.Moreover, term " comprising ", "comprising" or its is any Other variants are intended to including for nonexcludability, so that process, method, article or equipment including a series of key elements Not only include those key elements, but also other key elements including being not expressly set out, or also include being this process, side Method, article or the intrinsic key element of equipment.In the absence of more restrictions, limited by sentence "including a ..." Key element, it is not excluded that also there is other identical element in the process including the key element, method, article or equipment.
Described above is only the preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art For member, under the premise without departing from the principles of the invention, some improvements and modifications can also be made, these improvements and modifications also should It is considered as protection scope of the present invention.

Claims (10)

1. a kind of method of adjustment of firmware interface code, it is characterised in that applied to electronic equipment, the firmware interface is applied to In the startup initialization of electronic equipment, methods described includes:
In the startup initial phase of electronic equipment, it is determined whether exist and adjust demand to the code of the firmware interface;
If adjusting demand in the presence of the code to the firmware interface, obtained from electronic equipment internal memory for realizing that code is adjusted Patch code file;The patch code file includes the firmware interface code section for adjusting;
The patch code file is loaded, line code adjustment is entered to the firmware interface using the patch code file.
2. according to the method described in claim 1, it is characterised in that the code determined whether there is to the firmware interface Adjustment demand, including:
Determine in electronic equipment internal memory with the presence or absence of the patch code file for needing to be performed;
If in the presence of the patch code file that is performed is needed, judge the version number that is provided in the patch code file with it is described Whether the version number of firmware interface is consistent, obtains judged result;
If judged result represents consistent, it is determined that go out the code adjustment demand existed to the firmware interface.
3. according to the method described in claim 1, it is characterised in that obtained in the internal memory from electronic equipment for realizing code The patch code file of adjustment, including:
The patch code file for realizing code adjustment is obtained from the baseboard management controller BMC internal memories of electronic equipment.
4. the method according to claim any one of 1-3, it is characterised in that the loading patch code file it Before, methods described also includes:
Verify whether the patch code in the patch code file occurred modification by the way of private key encryption cryptographic Hash, obtain To the result, and when the result represents not occur modification, the step of loading the patch code file is performed.
5. method according to claim 4, it is characterised in that described to verify described by the way of private key encryption cryptographic Hash Whether patch code file occurred modification, including:
The cryptographic hash provided in the patch code file is provided;Wherein, the cryptographic hash is to the patch generation Patch code cryptographic Hash in code file carries out the result of gained after private key encryption, and the patch code cryptographic Hash is to advance with The result of gained after corresponding hash algorithm is calculated the patch code;
The cryptographic hash is decrypted using with the public key that the private key matches, the first cryptographic Hash is obtained;
Using the hash algorithm, Hash calculation is carried out to the patch code in the patch code file, the second Hash is obtained Value;
Judge whether second cryptographic Hash is consistent with first cryptographic Hash, obtains judged result;If judged result represents one Cause, then modification did not occurred for the patch code in the patch code file.
6. a kind of electronic equipment, it is characterised in that including:
Firmware interface, the firmware interface is applied in the startup initialization of electronic equipment;
Memory device, for depositing patch code file;
Processor, for the startup initial phase in electronic equipment, it is determined whether there is the code tune to the firmware interface Whole demand;If adjusting demand in the presence of the code to the firmware interface, obtained from the memory device for realizing code The patch code file of adjustment, the patch code file includes the firmware interface code section for adjusting;Loading is described Patch code file, line code adjustment is entered to the firmware interface using the patch code file.
7. electronic equipment according to claim 6, it is characterised in that the processor, it is determined whether exist to described solid The code adjustment demand of part interface, is specifically included:
Determine in the memory device of electronic equipment with the presence or absence of the patch code file for needing to be performed;If being performed in the presence of needs Patch code file, then judge the version number and firmware interface provided in the patch code file version number whether Unanimously, judged result is obtained;If judged result represents consistent, it is determined that going out to exist to adjust the code of the firmware interface needs Ask.
8. electronic equipment according to claim 6, it is characterised in that the memory device is BMC internal memories, the then processing Device, the patch code file for realizing code adjustment is obtained from electronic equipment memory device, is specifically included:
The patch code file for realizing code adjustment is obtained from the BMC internal memories of electronic equipment.
9. the device according to claim any one of 6-8, it is characterised in that the processor, is additionally operable to:
Verify whether the patch code in the patch code file occurred modification by the way of private key encryption cryptographic Hash, obtain To the result, and when the result represents not occur modification, the step of loading the patch code file is performed.
10. electronic equipment according to claim 9, it is characterised in that the processor is using private key encryption cryptographic Hash Mode verifies whether the patch code file occurred modification, specifically includes:
The cryptographic hash provided in the patch code file is provided;Wherein, the cryptographic hash is to the patch generation Patch code cryptographic Hash in code file carries out the result of gained after private key encryption, and the patch code cryptographic Hash is to advance with The result of gained after corresponding hash algorithm is calculated the patch code;Using the public key matched with the private key to institute State cryptographic hash to be decrypted, obtain the first cryptographic Hash;Using the hash algorithm, to the benefit in the patch code file Fourth code carries out Hash calculation, obtains the second cryptographic Hash;Judge whether second cryptographic Hash is consistent with first cryptographic Hash, Obtain judged result;If judged result represents consistent, modification did not occurred for the patch code in the patch code file.
CN201710509791.4A 2017-06-28 2017-06-28 Firmware interface code adjusting method and electronic equipment Active CN107329753B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710509791.4A CN107329753B (en) 2017-06-28 2017-06-28 Firmware interface code adjusting method and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710509791.4A CN107329753B (en) 2017-06-28 2017-06-28 Firmware interface code adjusting method and electronic equipment

Publications (2)

Publication Number Publication Date
CN107329753A true CN107329753A (en) 2017-11-07
CN107329753B CN107329753B (en) 2021-07-16

Family

ID=60198596

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710509791.4A Active CN107329753B (en) 2017-06-28 2017-06-28 Firmware interface code adjusting method and electronic equipment

Country Status (1)

Country Link
CN (1) CN107329753B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109472148A (en) * 2018-11-15 2019-03-15 百度在线网络技术(北京)有限公司 Load the method, apparatus and storage medium of hot patch
CN109857583A (en) * 2018-12-26 2019-06-07 联想(北京)有限公司 A kind of processing method and processing device
CN110175057A (en) * 2019-05-31 2019-08-27 联想(北京)有限公司 A kind of data processing method, electronic equipment and server

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1983927A (en) * 2006-04-18 2007-06-20 华为技术有限公司 Method for searching and killing virus of network equipment
CN102479265A (en) * 2010-11-25 2012-05-30 上海华虹集成电路有限责任公司 Method for modifying wrong function of firmware of hard mask product
CN103942073A (en) * 2014-04-08 2014-07-23 北京奇虎科技有限公司 Method and device for realizing system hot patching
CN104239082A (en) * 2013-06-20 2014-12-24 上海博达数据通信有限公司 Hot patching implementation method of embedded system
CN105320554A (en) * 2015-12-11 2016-02-10 网易(杭州)网络有限公司 Program updating method as well as client and system for program updating
US20170003956A1 (en) * 2015-07-01 2017-01-05 Quanta Computer Inc. Updating computer firmware

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1983927A (en) * 2006-04-18 2007-06-20 华为技术有限公司 Method for searching and killing virus of network equipment
CN102479265A (en) * 2010-11-25 2012-05-30 上海华虹集成电路有限责任公司 Method for modifying wrong function of firmware of hard mask product
CN104239082A (en) * 2013-06-20 2014-12-24 上海博达数据通信有限公司 Hot patching implementation method of embedded system
CN103942073A (en) * 2014-04-08 2014-07-23 北京奇虎科技有限公司 Method and device for realizing system hot patching
US20170003956A1 (en) * 2015-07-01 2017-01-05 Quanta Computer Inc. Updating computer firmware
CN105320554A (en) * 2015-12-11 2016-02-10 网易(杭州)网络有限公司 Program updating method as well as client and system for program updating

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109472148A (en) * 2018-11-15 2019-03-15 百度在线网络技术(北京)有限公司 Load the method, apparatus and storage medium of hot patch
CN109472148B (en) * 2018-11-15 2021-04-02 百度在线网络技术(北京)有限公司 Method, device and storage medium for loading hot patch
CN109857583A (en) * 2018-12-26 2019-06-07 联想(北京)有限公司 A kind of processing method and processing device
CN110175057A (en) * 2019-05-31 2019-08-27 联想(北京)有限公司 A kind of data processing method, electronic equipment and server

Also Published As

Publication number Publication date
CN107329753B (en) 2021-07-16

Similar Documents

Publication Publication Date Title
US10148429B2 (en) System and method for recovery key management
US10417427B2 (en) Method for authenticating firmware volume and system therefor
US7111292B2 (en) Apparatus and method for secure program upgrade
KR101066727B1 (en) Secure booting a computing device
US10671372B2 (en) Blockchain-based secure customized catalog system
US20120185683A1 (en) System and method for tamper-resistant booting
US9292664B2 (en) Key injection tool
TW201516733A (en) System and method for verifying changes to UEFI authenticated variables
US11200065B2 (en) Boot authentication
CN107329753A (en) The method of adjustment and electronic equipment of a kind of firmware interface code
CN115033294A (en) System, method, and apparatus for secure non-volatile memory
US11822669B2 (en) Systems and methods for importing security credentials for use by an information handling system
US11977640B2 (en) Systems and methods for authenticating the identity of an information handling system
US12003960B2 (en) Booting and operating computing devices at designated locations
US11822668B2 (en) Systems and methods for authenticating configurations of an information handling system
CN115964721A (en) Program verification method and electronic equipment
US11907373B2 (en) Validation of fixed firmware profiles for information handling systems
CN109376550A (en) A kind of starting control method, device and the equipment of target component
US11601262B2 (en) Distributed key management system
CN111353150A (en) Trusted boot method, trusted boot device, electronic equipment and readable storage medium
US7143278B2 (en) Method and apparatus for offloaded enhanced boot process
US11843707B2 (en) Systems and methods for authenticating hardware of an information handling system
US11669618B2 (en) Systems and methods for securing and loading bios drivers and dependencies in a predefined and measured load order
CN116522291A (en) Software license authorization method, device and equipment
CN114049193A (en) Invoice authentication deduction method and system based on tax control cabinet

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant