CN107943508A - It is a kind of based on service processor as the renewable BIOS update methods for trusting root - Google Patents
It is a kind of based on service processor as the renewable BIOS update methods for trusting root Download PDFInfo
- Publication number
- CN107943508A CN107943508A CN201711295819.5A CN201711295819A CN107943508A CN 107943508 A CN107943508 A CN 107943508A CN 201711295819 A CN201711295819 A CN 201711295819A CN 107943508 A CN107943508 A CN 107943508A
- Authority
- CN
- China
- Prior art keywords
- bios
- service processor
- renewal
- rtu
- image
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
- Storage Device Security (AREA)
Abstract
Present invention offer is a kind of based on BIOS update method of the service processor as renewable trust root, belongs to server security technical field.The controllable service processor of client is updated root by the method, then verifies that BIOS updates image by RTU, is not written if BIOS renewal image validation failures into BIOS flash memory;The RTU configuration locking mechanism if BIOS renewal image validation successes, and BIOS renewal images are write into BIOS flash memory.Service processor is updated root by the present invention, ensure the legitimacy and integrality for the BIOS image files that user uses during being updated from client to BIOS, there is safer renewal BIOS for the server including one or more service processors, it ensure that the safety of corporate server product, BIOS renewal efficiency is improved, reduces the error rate in BIOS renewal processes.
Description
Technical field
The present invention relates to server security technical field, relates in particular to a kind of be used as based on service processor and may be updated
Trust the BIOS update methods of root.
Background technology
Uniquenesses of the BIOS in modem computer systems framework and privilege, become the important attack of some viral wooden horses
Target, Malware modification unwarranted to BIOS/firmware is to which constituting significant threat.The BIOS of malice is changed
A part that is complicated, targetedly attacking-permanent refusal service is carried out to tissue or continues existing Malware.
Certification update mechanism ensures the authenticity of firmware renewal image using digital signature.Use certification update mechanism
The renewal of firmware image is dependent on the trust root renewal (RTU) comprising signature verification algorithm and is included on firmware renewal image
The key storage of public key needed for verification signature.Key storage and signature verification algorithm are stored in department of computer science in a manner of shielded
On system, and it can only be changed by using the local update mechanism of certified update mechanism or safety.Key in RTU is deposited
Reservoir includes being used on firmware renewal image the public keys for verifying signature, or if the copy of public key is provided with firmware
Image is updated, then the hash including public key.In the latter case, the public keys that update mechanism provides firmware renewal image
Hashed, and ensure that it is matched with the Hash appeared in crypto key memory before using the public key provided, to test
Demonstrate,prove the signature on firmware renewal image.
However, due to needing the framework of remotely administered server and the complexity of operation so that with identical with client
Mode realizes that BIOS safeguard protections are more difficult, and more difficult core reasons are that server usually has multiple BIOS renewals
Mechanism.In addition, some servers have one or more service processors (SP), SP performs various management functions to host, its
Include the renewal of BIOS.Based on this, present invention introduces SP as safety-critical component, there is provided one kind is made based on service processor
For the renewable BIOS update methods for trusting root.
The content of the invention
Present invention offer is a kind of based on BIOS update method of the service processor as renewable trust root, by service center
Manage device and update root as the trusted in BIOS renewal processes, it is ensured that user is during client is updated BIOS
The legitimacy and integrality of used BIOS image files, ensure the safety of server product.
The present invention solve technical problem technical solution be:
It is a kind of based on service processor as the renewable BIOS update methods for trusting root, including:
Root is updated using the controllable service processor of client as the trusted of BIOS renewal processes;
RTU verification BIOS renewal image files, determine the credible rear configuration locking mechanism of BIOS renewal image files so that only
There is RTU to have to access to BIOS and the right of write operation.
Based on such scheme, this method does following optimization:
It is specific as the renewable BIOS update methods for trusting root, the method based on service processor as described above
Comprise the following steps:
Digitally signed BIOS renewal images are sent to RTU;
RTU stores the renewal images of the BIOS by digital signature received to the position that can only be write by RTU;
RTU verification BIOS renewal images, if BIOS renewal image validation failures, are not written into BIOS flash memory;If
BIOS renewal image validations are successful, then RTU configuration lockings mechanism so that only RTU can be accessed and be carried out write-in behaviour to BIOS
Make;
BIOS renewal images are write BIOS flash memory by RTU.
As an optimization, to meet the protection requirement of integrity of firmware, the RTU is by the generation outside control right transfer to RTU
BIOS flash memory is locked before code.Code, encryption key and the static data stored on the service processor flash memory is by recognizing
Card update mechanism is updated, and only carries out authentication codes in the environment of service processor, and user authorized after can be with clothes
Business processor interacts.
As an optimization, the RTU communicates, with inspection before verification BIOS renewal image files with service processor
Look into the presence or absence of candidate BIOS renewal images.If service processor instruction is there are candidate BIOS renewal images, from service center
Reason device reads mainframe memory, and is verified;If candidate BIOS renewal images are not present in service processor instruction, or
If candidate BIOS renewal image validation failure, BIOS will by SPI controller interact locking BIOS flash memory, with locking until
Reset the sector for including BIOS image.When locking puts 1, the access to the SPI sector lock registers is changed into read-only, therefore nothing
Method modification is locked to reset and sets.The sector lock is completed before the RTU parts of BIOS are exited.
Further, when service processor indicate there are candidate BIOS renewal image and BIOS renewal image file verification into
Work(, then system bios with SPI Flash controller by interacting come the renewal of execution system flash memory, after the completion of BIOS renewals, system
BIOS will force restarting systems and restart from new image to perform.
When starting BIOS renewals, the system management software on server host can be interacted with service processor, with
Transmission BIOS renewal images, which are stored into service processor environment, supplies BIOS access.Alternatively, candidate BIOS more new images are via clothes
The out-of-band communication of business processor Ethernet reaches service processor.
The RTU realized as a system bios part can be with control main frame end, all strings of server in system reset
Row Peripheral Interface flash sector is all unlocked in system reset.
Above-mentioned technical proposal has the following advantages that or beneficial effect:
The present invention's is a kind of based on BIOS update method of the service processor as renewable trust root, it is by client
Controllable service processor updates root as the trusted of BIOS renewal processes, then verifies that BIOS renewals are reflected by RTU
Picture, is not written into BIOS flash memory if BIOS renewal image validation failures;RTU matches somebody with somebody if BIOS renewal image validation successes
Locking mechanism is put, and BIOS renewal images are write into BIOS flash memory., can be in many of server using this BIOS update methods
The security update of BIOS flash memory occurs during mode of operation.Trusted of the present invention using service processor as BIOS renewal processes
Update root, it is ensured that the legitimacy for the BIOS image files that user uses during being updated from client to BIOS and
Integrality, has safer renewal BIOS for the server including one or more service processors, it is ensured that
The safety of corporate server product, improves BIOS renewal efficiency, reduces the error rate in BIOS renewal processes.
Brief description of the drawings
Fig. 1 is provided in an embodiment of the present invention a kind of based on BIOS renewal of the service processor as renewable trust root
Method realizes flow chart.
Embodiment
In order to make the purpose , technical scheme and advantage of the present invention be clearer, with reference to the accompanying drawings and embodiments, it is right
The present invention is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, and
It is not used in the restriction present invention.
Understanding to embodiment for convenience, make an explanation first to the initialism involved in embodiment and Key Term and
Explanation.
SP:Service Processor, service processor;
RoT:Root of Trust, trusted root;
RTU:Root of Trust for Update, may be updated trusting root;
BIOS:Basic Input Output System, basic input output system;
SPI:Serial Peripheral Interface, Serial Peripheral Interface (SPI)
As shown in Figure 1, it is provided in this embodiment it is a kind of based on service processor as the renewable BIOS for trusting root more
New method, the method specifically include following step:
Digitally signed BIOS renewal images are sent to RTU;
RTU stores the renewal images of the BIOS by digital signature received to the position that can only be write by RTU;
RTU verification BIOS renewal images, if BIOS renewal image validation failures, are not written into BIOS flash memory;If
BIOS renewal image validations are successful, then RTU configuration lockings mechanism so that only RTU can be accessed and be carried out write-in behaviour to BIOS
Make;
BIOS renewal images are write BIOS flash memory by RTU.
Specifically, to meet the protection requirement of integrity of firmware, the RTU is by the generation outside control right transfer to RTU
BIOS flash memory is locked before code.Code, encryption key and the static data stored on the service processor flash memory is by recognizing
Card update mechanism is updated, and only carries out authentication codes in the environment of service processor, and user authorized after can be with clothes
Business processor interacts.
When starting BIOS renewals, the system management software on server host can be interacted with service processor, with
Transmission BIOS renewal images, which are stored into service processor environment, supplies BIOS access.Alternatively, candidate BIOS more new images are via clothes
The out-of-band communication of business processor Ethernet reaches service processor.
The RTU realized as a system bios part can be with control main frame end, all strings of server in system reset
Row Peripheral Interface flash sector is all unlocked in system reset.In system flash, RTU will not be with itself and portion of system bios
Separate, system bios inherently RTU before insincere code (such as Option ROM) is performed.RTU is in verification BIOS
Before updating image file, communicate with service processor, to check for candidate BIOS renewal images.If service
Processor instruction then reads mainframe memory, and verified there are candidate BIOS renewal images from service processor;If
Service processor instruction is there is no candidate BIOS renewal images, or if candidate BIOS renewal image validation failures, BIOS
Locking BIOS flash memory will be interacted by SPI controller, to lock until resetting the sector for including BIOS image.When locking puts 1,
Access to the SPI sector lock registers is changed into read-only, therefore can not change and be locked to reset setting.The sector lock exists
Completed before exiting the RTU parts of BIOS.
Further, if service processor instruction there are candidate BIOS renewal image and BIOS renewal image file verification into
Work(, then system bios with SPI Flash controller by interacting come the renewal of execution system flash memory, after the completion of BIOS renewals, system
BIOS will force restarting systems and restart from new image to perform.
The present embodiment based on service processor as the renewable BIOS update methods for trusting root, can be in server
Many modes of operation during the security update of BIOS flash memory occurs, including BIOS can be updated when server is run, without
Need to restart system.Although new BIOS will not be performed before restart in the present embodiment, system administration can be used
Interrupt handling routine, so that service processor or other safety methods operationally update flash memory.The present embodiment is by service processing
Device updates root as the trusted of BIOS renewal processes, verifies the digital signature of BIOS image files, it is ensured that user is from visitor
The legitimacy and integrality for the BIOS image files that family end uses during being updated to BIOS, it is ensured that corporate server
The safety of product.
The foregoing is merely illustrative of the preferred embodiments of the present invention, not to limit the present invention, for the art
Technical staff for, any modification, improvement and equivalent substitution for being made without departing from the principle of the present invention etc., are wrapped
Containing within the scope of the present invention.
Claims (8)
- It is 1. a kind of based on BIOS update method of the service processor as renewable trust root, it is characterised in that including:Root is updated using the controllable service processor of client as the trusted of BIOS renewal processes;RTU verification BIOS renewal image files, determine the credible rear configuration locking mechanism of BIOS renewal image files so that only RTU, which has, to access BIOS and the right of write operation.
- 2. according to claim 1 based on BIOS update method of the service processor as renewable trust root, it is special Sign is that the method specifically includes following step:Digitally signed BIOS renewal images are sent to RTU;RTU stores the renewal images of the BIOS by digital signature received to the position that can only be write by RTU;RTU verification BIOS renewal images, if BIOS renewal image validation failures, are not written into BIOS flash memory;If BIOS Image validation success is updated, then RTU configuration lockings mechanism so that only RTU can be accessed and be carried out write operation to BIOS;BIOS renewal images are write BIOS flash memory by RTU.
- 3. according to claim 2 based on BIOS update method of the service processor as renewable trust root, it is special Sign is that the RTU locks BIOS flash memory before by the code outside control right transfer to RTU.
- 4. according to claim 1 based on BIOS update method of the service processor as renewable trust root, it is special Sign is that the RTU communicates with service processor and waited to check for before verification BIOS renewal image files BIOS is selected to update image;If service processor indicates that there are candidate BIOS to update image, mainframe memory is read from service processor, and Verified;If candidate BIOS renewal images, or candidate BIOS renewal image validation failures is not present in service processor instruction, then BIOS will interact locking BIOS flash memory by SPI controller, to lock until resetting the sector for including BIOS image.
- 5. according to claim 4 based on BIOS update method of the service processor as renewable trust root, it is special Sign is, when service processor instruction updates image there are candidate BIOS, if BIOS renewal image files are proved to be successful, is System BIOS with SPI Flash controller by interacting come the renewal of execution system flash memory, and after the completion of BIOS renewals, system bios will be strong Restarting systems processed simultaneously restart execution from new image.
- 6. according to any one of claims 1 to 5 updated based on service processor as the renewable BIOS for trusting root Method, it is characterised in that code, encryption key and the static data stored on the service processor flash memory is updated by certification Mechanism is updated, and only carries out authentication codes in the environment of service processor, and user authorized after can be with service processing Device interacts.
- 7. according to claim 6 based on BIOS update method of the service processor as renewable trust root, it is special Sign is that the RTU can be with control main frame end, all Serial Peripheral Interface (SPI) flash sectors of server in system reset System is all unlocked when resetting.
- 8. according to claim 6 based on BIOS update method of the service processor as renewable trust root, it is special Sign is, when starting BIOS renewals, the system management software on server host is interacted with SP, is reflected with sending BIOS renewals As being stored in service processor environment.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711295819.5A CN107943508A (en) | 2017-12-08 | 2017-12-08 | It is a kind of based on service processor as the renewable BIOS update methods for trusting root |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711295819.5A CN107943508A (en) | 2017-12-08 | 2017-12-08 | It is a kind of based on service processor as the renewable BIOS update methods for trusting root |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107943508A true CN107943508A (en) | 2018-04-20 |
Family
ID=61946261
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711295819.5A Pending CN107943508A (en) | 2017-12-08 | 2017-12-08 | It is a kind of based on service processor as the renewable BIOS update methods for trusting root |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107943508A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20210224061A1 (en) * | 2020-12-23 | 2021-07-22 | Intel Corporation | Firmware update technologies |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030037244A1 (en) * | 2001-08-16 | 2003-02-20 | International Business Machines Corporation | System management interrupt generation upon completion of cryptographic operation |
CN107256168A (en) * | 2017-06-12 | 2017-10-17 | 郑州云海信息技术有限公司 | A kind of design method of UEFI BIOS safety upgrade mechanism |
CN107392032A (en) * | 2017-08-07 | 2017-11-24 | 浪潮(北京)电子信息产业有限公司 | A kind of method and system credible checking BIOS |
-
2017
- 2017-12-08 CN CN201711295819.5A patent/CN107943508A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030037244A1 (en) * | 2001-08-16 | 2003-02-20 | International Business Machines Corporation | System management interrupt generation upon completion of cryptographic operation |
CN107256168A (en) * | 2017-06-12 | 2017-10-17 | 郑州云海信息技术有限公司 | A kind of design method of UEFI BIOS safety upgrade mechanism |
CN107392032A (en) * | 2017-08-07 | 2017-11-24 | 浪潮(北京)电子信息产业有限公司 | A kind of method and system credible checking BIOS |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20210224061A1 (en) * | 2020-12-23 | 2021-07-22 | Intel Corporation | Firmware update technologies |
EP4020193A1 (en) * | 2020-12-23 | 2022-06-29 | INTEL Corporation | Firmware update technologies |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110169036B (en) | Method, system, machine-readable medium for updating programmable devices | |
US9652755B2 (en) | Method and system for securely updating field upgradeable units | |
CN108604263B (en) | Dual signed executable image for customer provided integrity | |
TWI667586B (en) | System and method for verifying changes to uefi authenticated variables | |
KR101476948B1 (en) | System and method for tamper-resistant booting | |
KR101067399B1 (en) | Saving and retrieving data based on symmetric key encryption | |
JP4064914B2 (en) | Information processing apparatus, server apparatus, method for information processing apparatus, method for server apparatus, and apparatus executable program | |
JP4278327B2 (en) | Computer platform and operation method thereof | |
US6993648B2 (en) | Proving BIOS trust in a TCPA compliant system | |
US11042384B2 (en) | Managing the customizing of appliances | |
EP2727040B1 (en) | A secure hosted execution architecture | |
US20140020083A1 (en) | Customizable Storage Controller With Integrated F+ Storage Firewall Protection | |
US7840795B2 (en) | Method and apparatus for limiting access to sensitive data | |
US6986041B2 (en) | System and method for remote code integrity in distributed systems | |
JP2008537224A (en) | Safe starting method and system | |
US20030226007A1 (en) | Prevention of software tampering | |
US9262600B2 (en) | Tamper proof mutating software | |
US20100313011A1 (en) | Identity Data Management in a High Availability Network | |
CN107798258B (en) | System and method for authenticating critical operations for solid state drives | |
CN107172100A (en) | A kind of local security updates the method and device of BIOS mirror images | |
US20050154899A1 (en) | Mobile software authentication and validation | |
US10158623B2 (en) | Data theft deterrence | |
US7228432B2 (en) | Method and apparatus for providing security for a computer system | |
CN111868723A (en) | Virus immunization computer system and method | |
CN107943508A (en) | It is a kind of based on service processor as the renewable BIOS update methods for trusting root |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180420 |
|
RJ01 | Rejection of invention patent application after publication |