CN107590392A - Utilize the system and method for script verification hardware integrity - Google Patents
Utilize the system and method for script verification hardware integrity Download PDFInfo
- Publication number
- CN107590392A CN107590392A CN201710694172.7A CN201710694172A CN107590392A CN 107590392 A CN107590392 A CN 107590392A CN 201710694172 A CN201710694172 A CN 201710694172A CN 107590392 A CN107590392 A CN 107590392A
- Authority
- CN
- China
- Prior art keywords
- nextport
- white list
- script
- hardware component
- hardware
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The present invention discloses a kind of system and method that hardware integrity is verified using script, the Hard disc module of each main frame is accessed by Redfish api interfaces using script, by the key message of each Hard disc module compared with being stored in the corresponding a reference value in white list, to judge the integrality of Hard disc module.By management server can mass to some server hosts carry out hardware integrity checking, and integrity verification is independent of hardware, even if the nextport hardware component NextPort of server host changes, as long as synchronized update script accesses the information of corresponding nextport hardware component NextPort, and renewal white list, you can the integrity verification to all hardware component is realized, without considering the otherness of nextport hardware component NextPort, scalability is extremely strong, portable strong;White list is easy to read, safeguarded, versatile.Operating efficiency can be substantially improved in the present invention, reduce the construction cycle, reduce development cost, efficiently complete the process of host hardware integrity verification, improve security of system.
Description
Technical field
The present invention relates to a kind of system and method that hardware integrity is verified using script, belongs to information security technology neck
Domain.
Background technology
During server disposition, to ensure the integrality of server hardware, it is necessary to each hardware to each server host
Component carries out integrity verification, ensures the credible and secure property of the nextport hardware component NextPort of each server.Current hardware integrity authentication
Method, each nextport hardware component NextPort is measured generally by credible start-up course, the benchmark that will be preserved in metric and credible chip
Metric is compared, and integrity verification is by otherwise it is assumed that the main frame is insincere if consistent.Existing hardware integrity is tested
Card method, it can not realize and mass integrity verification is carried out to the various nextport hardware component NextPorts of multiple servers main frame, efficiency is very low, nothing
Method extends, without versatility.
Redfish is the contemporary hardware management regulation of DMTF tissue definition, is to be directed to different address and server provider
The standardized management interface that provides of infrastructure, the present invention i.e. using its scalability, security, the advantage such as be easily managed,
Realize the process that integrity verification is carried out to the nextport hardware component NextPort of multiple servers main frame.
The content of the invention
In view of the foregoing, it is an object of the invention to provide a kind of system and side that hardware integrity is verified using script
Method, each nextport hardware component NextPort is accessed by Redfish api interfaces using script, the integrity verification to each nextport hardware component NextPort is realized, leads to
It is strong with property, it is portable strong, operating efficiency can be greatly improved.
To achieve the above object, the present invention uses following technical scheme:
A kind of system that hardware integrity is verified using script, including management server and some server hosts,
Management server includes script module, RESTful api interfaces,
Server host includes white list, and the white list includes nextport hardware component NextPort title, and benchmark corresponding to each nextport hardware component NextPort
Value;
Script module is communicated by RESTful api interfaces with server host, obtains white list and each hardware group
The key message of part, by the key message compared with a reference value of corresponding nextport hardware component NextPort in white list, to verify hardware
The integrality of component.
The nextport hardware component NextPort supports Redfish standards, supports the access operation of RESTful api interfaces.
The key message include version, model, brand, capacity, manufacturer, interface type, the BIOS release times,
ROM Size, CheckSum etc..
The method that hardware integrity is verified using script realized based on said system,
The white list of main frame is obtained, the white list includes nextport hardware component NextPort title, and a reference value corresponding to each nextport hardware component NextPort;
The key message of each nextport hardware component NextPort of main frame is obtained, by the base of key message Hard disc module corresponding with white list
Quasi- value is compared, to verify the integrality of nextport hardware component NextPort.
Script sends the request message for obtaining, updating white list by RESTful api interfaces to main frame, to be obtained from main frame
Take, update white list.
The white list is stored in the eeprom memory of the main frame, the IPMI Master that script passes through standard
Write-read orders and EERPOM memory communications, obtain, update the white list.
Script sends corresponding request message by RESTful api interfaces to each nextport hardware component NextPort of main frame, each to obtain
The key message of nextport hardware component NextPort.
The white list includes nextport hardware component NextPort title, and benchmark metric value corresponding to each nextport hardware component NextPort;Obtain each of main frame
The key message of nextport hardware component NextPort, the metric of key message is calculated, by metric Hard disc module corresponding with the white list
Benchmark metric value be compared, to verify the integrality of nextport hardware component NextPort.
It is an advantage of the invention that:
1st, system and method for the invention, the hardware integrity that mass can be carried out to main frame is verified, work is substantially improved
Efficiency, the construction cycle is reduced, reduce development cost, efficiently complete the process of host hardware integrity verification, improve system safety
Property;
2nd, system and method for the invention, integrity verification is independent of hardware, without considering the otherness of nextport hardware component NextPort,
Scalability is extremely strong, portable strong;
3rd, system and method for the invention, white list is easy to read, safeguarded, versatile.
Brief description of the drawings
Fig. 1 is the block diagram of system of the present invention.
Embodiment
Below in conjunction with drawings and examples, the present invention is described in further detail.
As shown in figure 1, it is disclosed by the invention using script verify hardware integrity system, if including management server with
Dry server host, management server are used for the integrality for verifying each nextport hardware component NextPort of each server host.
Management server include script module, RESTful api interfaces, script module by RESTful api interfaces with
Server host enters row data communication, obtains the key message of each nextport hardware component NextPort of server host.Nextport hardware component NextPort be, for example, CPU,
Mainboard, internal storage location, hard disk, BMC chip, memory, video card, sound card, power supply etc. support the nextport hardware component NextPort of Redfish standards,
Each nextport hardware component NextPort supports the access operation of RESTful api interfaces;Key message is, for example, version, model, brand, capacity, factory
Business, interface type, BIOS release times, ROM Size, CheckSum etc..
White list is preserved in the memory of server host, the white list includes needing the hardware for carrying out integrity verification
Component Name, and a reference value corresponding to each nextport hardware component NextPort.Script module first accesses the memory of server host, therefrom obtains white
List, then according to the nextport hardware component NextPort title preserved in white list, corresponding nextport hardware component NextPort is obtained from the server host
Key message, by the key message compared with a reference value corresponding to the nextport hardware component NextPort in white list, if unanimously, the hardware
Component integrity verification is by the way that if inconsistent, the nextport hardware component NextPort integrity verification is not by can perform the strategies such as alarm.
The method that hardware integrity is verified using script realized based on said system, including:
S1:The script module of management server obtains white list from the memory of server host;
Script module accesses particular server by RESTful api interfaces, and specific method is that script module passes through
RESTful api interfaces send the request message for obtaining white list to particular server (its IP address is IP addr1)
Request, concrete form are:http://IP addr1/System_Inventory/White_List, the http request
URI information correspondingly stores the memory of white list;The memory of the particular server receives the request message, and what is preserved is white
List is sent to management server.The request message of renewal white list also can be transmitted in script module, with updating maintenance white list.
For example, the white list information of hardware assets can be obtained by following procedure:
White_uri=' http://IP addr1/System_Inventory/White_List‘
Result=requests.get (White_uri) .json ()
json.dumps(Result)
The memory for storing white list can be EERPOM memories, and script module can pass through the IPMI Master of standard
Write-read orders and EERPOM memory communications, obtain white list, multiple servers main frame can also be obtained, repaiied
The operation for safeguarding white list such as change, update, it is easily operated, it is versatile.
For example, following IPMI orders are called in script:
Command=' ipmitool-I 127.0.0.1-U admin-P admin raw 0x06 0x52 busid
slaveaddress readcount offsetLSB offsetMSB
Result=os.popen (command) .read ()
S2:According to the white list of acquisition, integrity verification is carried out to each nextport hardware component NextPort of server host.
Script module is according to the white list of the particular server main frame of acquisition, each nextport hardware component NextPort being successively read on white list
Title, to each nextport hardware component NextPort read out, script module is sent to particular server by RESTful api interfaces and obtains phase
The request message of the key message for the nextport hardware component NextPort answered, such as:The request message request (CPU) of CPU key message is obtained,
Its concrete form is, for example,:http://IP addr1/redfish/v1/Systems/1/Processors/num, wherein, it is right
In polycaryon processor, num values correspond to one of processor;Obtain the request message request of BIOS key message
(BIOS), its concrete form is, for example,:http://IP addr1/System_Inventory/BIOS;Obtain the key of hard disk
The request message request (disk) of information, its concrete form are:http://IP addr1/redfish/v1/Systems/
1/Disks/num, wherein, for multiple hard disks, num values correspond to one of hard disk;Obtain the key message of internal storage location
Request message request (Memory), its concrete form are:http://IP addr1/redfish/v1/Systems/
Memory/num, wherein, if multiple memory bars, Bum values correspond to one of memory bar;Obtain the key message of network interface card
Request message request (NICs), its concrete form are:http://IP addr1/redfish/v1/Systems/1/NICs/
Num, wherein, for multiple network interface cards, num values correspond to one of network interface card;Obtain the request message of the key message of BMC chip
Request (BMC), its concrete form are:http://IP addr1/Managers/BMC;URI information and the phase of http request
The title for the Hard disc module answered is corresponding;Each Hard disc module of the particular server receives corresponding request message, will be corresponding
Key message is sent to the script module of management server.
Script module receives the key message of Hard disc module, by key message nextport hardware component NextPort name corresponding with white list
A reference value is compared corresponding to title, if unanimously, the integrity verification of the nextport hardware component NextPort by, if inconsistent, the hardware
Component integrity verification is not by can perform the strategies such as alarm.Further, preserved in white list be nextport hardware component NextPort title and
Corresponding benchmark metric value, after script module obtains the key message of Hard disc module, the metric of the key message is first calculated,
Again by the metric compared with corresponding benchmark metric value corresponding to nextport hardware component NextPort title in white list, if unanimously, should
The integrity verification of nextport hardware component NextPort is by the way that if inconsistent, the nextport hardware component NextPort integrity verification is not by can perform the plans such as alarm
Slightly.
The system and method that hardware integrity is verified using script of the present invention, is connect using script by Redfish API
Mouth accesses the Hard disc module of each main frame, and the key message of each Hard disc module is entered with the corresponding a reference value being stored in white list
Row compares, to judge the integrality of Hard disc module.On the one hand, by management server can mass to some server hosts
Hardware integrity checking is carried out, second aspect, integrity verification is independent of hardware, even if the nextport hardware component NextPort hair of server host
Changing (increases or deleted), as long as synchronized update script accesses the information of corresponding nextport hardware component NextPort, and renewal white list, you can
The integrity verification to all hardware component is realized, is not in errors and omissions problem, without considering the difference of nextport hardware component NextPort
Property, scalability is extremely strong;The third aspect, white list is easy to read, safeguarded, versatile.The system and method for the present invention, it is general
Property it is strong, scalability is strong, portability is strong, can be substantially improved operating efficiency, reduces the construction cycle, reduces development cost, high
Effect completes the process of host hardware integrity verification, improves security of system.
The technical principle described above for being presently preferred embodiments of the present invention and its being used, for those skilled in the art
For, without departing from the spirit and scope of the present invention, any equivalent change based on the basis of technical solution of the present invention
Change, the simply obvious change such as replacement, belong within the scope of the present invention.
Claims (8)
1. utilize the system of script verification hardware integrity, it is characterised in that including management server and some server hosts,
Management server includes script module, RESTful api interfaces,
Server host includes white list, and the white list includes nextport hardware component NextPort title, and a reference value corresponding to each nextport hardware component NextPort;
Script module is communicated by RESTful api interfaces with server host, obtains white list and each nextport hardware component NextPort
Key message, by the key message compared with a reference value of corresponding nextport hardware component NextPort in white list, to verify nextport hardware component NextPort
Integrality.
2. the system according to claim 1 that hardware integrity is verified using script, it is characterised in that the nextport hardware component NextPort
Redfish standards are supported, support the access operation of RESTful api interfaces.
3. the system according to claim 1 that hardware integrity is verified using script, it is characterised in that the key message
Including version, model, brand, capacity, manufacturer, interface type, BIOS release times, ROM Size, CheckSum etc..
4. the method that hardware integrity is verified using script realized based on system described in claim 1, it is characterised in that
The white list of main frame is obtained, the white list includes nextport hardware component NextPort title, and a reference value corresponding to each nextport hardware component NextPort;
The key message of each nextport hardware component NextPort of main frame is obtained, by a reference value of key message Hard disc module corresponding with white list
It is compared, to verify the integrality of nextport hardware component NextPort.
5. the method according to claim 4 that hardware integrity is verified using script, it is characterised in that
Script sends the request message for obtaining, updating white list by RESTful api interfaces to main frame, to be obtained from main frame,
Update white list.
6. the method according to claim 4 that hardware integrity is verified using script, it is characterised in that
The white list is stored in the eeprom memory of the main frame, the IPMI Master write- that script passes through standard
Read orders and EERPOM memory communications, obtain, update the white list.
7. the method according to claim 4 that hardware integrity is verified using script, it is characterised in that
Script sends corresponding request message by RESTful api interfaces to each nextport hardware component NextPort of main frame, to obtain each hardware
The key message of component.
8. the method according to claim 4 that hardware integrity is verified using script, it is characterised in that
The white list includes nextport hardware component NextPort title, and benchmark metric value corresponding to each nextport hardware component NextPort;Obtain each hardware of main frame
The key message of component, the metric of key message is calculated, by the base of metric Hard disc module corresponding with the white list
Accuracy value is compared, to verify the integrality of nextport hardware component NextPort.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710694172.7A CN107590392A (en) | 2017-08-14 | 2017-08-14 | Utilize the system and method for script verification hardware integrity |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710694172.7A CN107590392A (en) | 2017-08-14 | 2017-08-14 | Utilize the system and method for script verification hardware integrity |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107590392A true CN107590392A (en) | 2018-01-16 |
Family
ID=61042221
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710694172.7A Pending CN107590392A (en) | 2017-08-14 | 2017-08-14 | Utilize the system and method for script verification hardware integrity |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107590392A (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108334411A (en) * | 2018-01-30 | 2018-07-27 | 郑州云海信息技术有限公司 | Resource transfer method and device based on Redfish in a kind of BMC |
| CN108829594A (en) * | 2018-06-07 | 2018-11-16 | 郑州云海信息技术有限公司 | The method and system of automatic test BMC web assets information function under a kind of Linux |
| CN109063489A (en) * | 2018-08-28 | 2018-12-21 | 郑州云海信息技术有限公司 | A kind of starting method and device |
| CN109815721A (en) * | 2019-01-30 | 2019-05-28 | 郑州云海信息技术有限公司 | A kind of method, apparatus, terminal and storage medium for modifying BIOS Setup option password by BMC |
| CN110858144A (en) * | 2018-08-24 | 2020-03-03 | 中国电信股份有限公司 | Automatic server deployment method, device and system and computer readable storage medium |
| CN112073474A (en) * | 2020-08-19 | 2020-12-11 | 深圳市国鑫恒运信息安全有限公司 | Js-based intelligent data center management method and system |
| CN112199197A (en) * | 2020-10-23 | 2021-01-08 | 网易(杭州)网络有限公司 | Server management method and system |
| CN113254888A (en) * | 2021-06-11 | 2021-08-13 | 统信软件技术有限公司 | Method for acquiring hardware information, authorization control system and computing equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102473162A (en) * | 2010-05-13 | 2012-05-23 | 华为技术有限公司 | System, apparatus for content delivery for internet traffic and methods thereof |
| CN104980525A (en) * | 2015-07-10 | 2015-10-14 | 华南理工大学 | Pervasive mobile computing frame based on state middleware |
| CN105678359A (en) * | 2016-01-20 | 2016-06-15 | 中国科学技术大学苏州研究院 | WoT based fixed asset management system and method |
| CN106548062A (en) * | 2015-09-18 | 2017-03-29 | 三星电子株式会社 | Server and user terminal |
| CN106936766A (en) * | 2015-12-29 | 2017-07-07 | 大唐高鸿信安(浙江)信息科技有限公司 | Credible cloud automatic deployment system and method based on credible chip |
-
2017
- 2017-08-14 CN CN201710694172.7A patent/CN107590392A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102473162A (en) * | 2010-05-13 | 2012-05-23 | 华为技术有限公司 | System, apparatus for content delivery for internet traffic and methods thereof |
| CN104980525A (en) * | 2015-07-10 | 2015-10-14 | 华南理工大学 | Pervasive mobile computing frame based on state middleware |
| CN106548062A (en) * | 2015-09-18 | 2017-03-29 | 三星电子株式会社 | Server and user terminal |
| CN106936766A (en) * | 2015-12-29 | 2017-07-07 | 大唐高鸿信安(浙江)信息科技有限公司 | Credible cloud automatic deployment system and method based on credible chip |
| CN105678359A (en) * | 2016-01-20 | 2016-06-15 | 中国科学技术大学苏州研究院 | WoT based fixed asset management system and method |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108334411A (en) * | 2018-01-30 | 2018-07-27 | 郑州云海信息技术有限公司 | Resource transfer method and device based on Redfish in a kind of BMC |
| CN108829594A (en) * | 2018-06-07 | 2018-11-16 | 郑州云海信息技术有限公司 | The method and system of automatic test BMC web assets information function under a kind of Linux |
| CN110858144A (en) * | 2018-08-24 | 2020-03-03 | 中国电信股份有限公司 | Automatic server deployment method, device and system and computer readable storage medium |
| CN109063489A (en) * | 2018-08-28 | 2018-12-21 | 郑州云海信息技术有限公司 | A kind of starting method and device |
| CN109815721A (en) * | 2019-01-30 | 2019-05-28 | 郑州云海信息技术有限公司 | A kind of method, apparatus, terminal and storage medium for modifying BIOS Setup option password by BMC |
| CN112073474A (en) * | 2020-08-19 | 2020-12-11 | 深圳市国鑫恒运信息安全有限公司 | Js-based intelligent data center management method and system |
| CN112199197A (en) * | 2020-10-23 | 2021-01-08 | 网易(杭州)网络有限公司 | Server management method and system |
| CN112199197B (en) * | 2020-10-23 | 2023-07-18 | 网易(杭州)网络有限公司 | Server management method and system |
| CN113254888A (en) * | 2021-06-11 | 2021-08-13 | 统信软件技术有限公司 | Method for acquiring hardware information, authorization control system and computing equipment |
| CN113254888B (en) * | 2021-06-11 | 2021-11-09 | 统信软件技术有限公司 | Method for acquiring hardware information, authorization control system and computing equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107590392A (en) | Utilize the system and method for script verification hardware integrity | |
| US10311224B1 (en) | Digitally sealing equipment for authentication of components | |
| WO2019100605A1 (en) | Platform-as-a-service paas container platform construction method, server, system, and storage medium | |
| US9998464B2 (en) | Storage device security system | |
| CN111552676A (en) | Block chain based evidence storing method, device, equipment and medium | |
| CN107451147B (en) | Method and device for dynamically switching kafka clusters | |
| US8189458B2 (en) | Monitoring system, monitoring device, monitored device, and monitoring method | |
| CN103164523A (en) | Inspection method, device and system of data consistency inspection | |
| CN102982264A (en) | Method for protecting embedded type device software | |
| CN105681281B (en) | Encryption device based on embedded OS | |
| US11165766B2 (en) | Implementing authentication protocol for merging multiple server nodes with trusted platform modules utilizing provisioned node certificates to support concurrent node add and remove | |
| WO2013086901A1 (en) | Checking method and apparatus for field replaceable unit, and communication device | |
| US9626328B1 (en) | Method and system for on-demand aggregated logging for distributed systems | |
| WO2020224100A1 (en) | Blockchain configuration file processing apparatus, system, and method, and storage medium | |
| CN110058821A (en) | A kind of method and device of query service device storage information | |
| CN110661853A (en) | Data proxy method, device, computer equipment and readable storage medium | |
| US20180082066A1 (en) | Secure data erasure in hyperscale computing systems | |
| US10402282B1 (en) | Assisted device recovery | |
| CN113220481A (en) | Request processing and feedback method and device, computer equipment and readable storage medium | |
| CN103902414A (en) | Network type test system and method | |
| CN103023704A (en) | Method and system for accessing virtual network service equipment | |
| CN101777979B (en) | Operating method and system for intelligent key device | |
| CN106844142A (en) | A kind of system and method that node SOL is monitored for SAS Switch whole machine cabinets | |
| CN103902321A (en) | Host installation system and method | |
| CN116700747A (en) | Firmware upgrading method, control device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180116 |