CN109308414A - A kind of mainboard clean boot realization system and method based on Domestic Platform - Google Patents

A kind of mainboard clean boot realization system and method based on Domestic Platform Download PDF

Info

Publication number
CN109308414A
CN109308414A CN201810981590.9A CN201810981590A CN109308414A CN 109308414 A CN109308414 A CN 109308414A CN 201810981590 A CN201810981590 A CN 201810981590A CN 109308414 A CN109308414 A CN 109308414A
Authority
CN
China
Prior art keywords
bios
hard disk
mainboard
cpu
data protection
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810981590.9A
Other languages
Chinese (zh)
Inventor
王圣南
冯磊
孟宪鑫
刘洋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong Chaoyue CNC Electronics Co Ltd
Original Assignee
Shandong Chaoyue CNC Electronics Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong Chaoyue CNC Electronics Co Ltd filed Critical Shandong Chaoyue CNC Electronics Co Ltd
Priority to CN201810981590.9A priority Critical patent/CN109308414A/en
Publication of CN109308414A publication Critical patent/CN109308414A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention provides a kind of mainboard clean boot realization system and method based on Domestic Platform, and described includes mainboard and hard disk, and the mainboard includes basic module and security module, and the basic module is connect with security module;Basic module includes CPU and BIOS;Security module includes safety card and data protection interface module;BIOS is connect with CPU and safety card respectively by analogue quantity switch;Safety card is as trusted root, for authenticating the content of BIOS;CPU reads the content of BIOS, initializes to CPU;The hard disk is connect by data protection interface module with CPU, and whether data protection interface module is consistent with BIOS for detecting hard disk or hard disk metric.Data protection interface module, for carrying out encryption and decryption processing to hard disc data, by the processing of data protection chip, the data in hard disk can be encrypted, and encrypted hard disk data in other computer systems is made to be shown as messy code.

Description

A kind of mainboard clean boot realization system and method based on Domestic Platform
Technical field
The present invention relates to computer information safety technique fields, and in particular to a kind of mainboard based on Domestic Platform opens safely It is dynamic to realize system and method.
Background technique
It is secure and trusted to increasingly become focus concerned by people with the rise and development of information industry.Especially calculate Machine field, with the high speed development of network and informationization technology, information security situation is increasingly severe, the safety of computer equipment Property not only influence information security, future can also further influence national security and army's safety.Safety based on Domestic Platform Trusted technology gradually rises.Computer motherboard is higher and higher to the reliability design requirement of access right, prevents non-management The random operation of personnel or other staff bring the loss of business datum.During computer starting, motherboard hardware and entire system The system link weak in safety, the abnormal initialization of hardware or user distort configuration, may cause the inconsistent of data, by Gradually become the key factor for influencing Domestic Platform mainboard management safety.In practical operation operational process, how Domestic Platform is realized Mainboard initial configuration starting state safe design it is particularly important, and become determine Domestic Platform mainboard safety pass One of key element.
Summary of the invention
In order to overcome the deficiencies in the prior art described above, the present invention provides a kind of mainboard clean boot based on Domestic Platform Realize system and method, to solve the above technical problems.
The technical scheme is that
A kind of mainboard clean boot realization system based on Domestic Platform, described includes mainboard and hard disk, and the mainboard includes base This module and security module, the basic module are connect with security module;
Basic module includes CPU and BIOS;Security module includes safety card and data protection interface module;
BIOS is connect with CPU and safety card respectively by analogue quantity switch;Safety card is as trusted root, for authenticating in BIOS Hold;CPU reads the content of BIOS, initializes to CPU;
The hard disk is connect by data protection interface module with CPU, and data protection interface module is for detecting hard disk or hard disk Whether metric is consistent with BIOS.
Preferably, the data protection interface module includes data protection chip and hard-disk interface chip;
The hard disk is connect by sequentially connected data protection chip and hard-disk interface chip with CPU.
Preferably, data protection interface module, for carrying out encryption and decryption processing to hard disc data, by data protection chip Processing, the data in hard disk can be encrypted, and make to be encrypted hard disk data in other computer systems to be shown as messy code.
Preferably, the hard-disk interface chip includes SATA interface chip.
Preferably, the analogue quantity switch is alternative analogue quantity switch.
Technical solution of the present invention also provides a kind of mainboard clean boot implementation method based on Domestic Platform, including walks as follows It is rapid:
Content of the safety card as trusted root certification BIOS;
If authenticating successfully, starting BIOS initializes CPU;
BIOS measures hard disk by data protection interface module and forbids system to start if hard disk is not detected.
Preferably, content of the step safety card as trusted root certification BIOS further include:
S11: system electrification, safe card start-up;
S12: analogue quantity switch switches to safety card and the access of BIOS, authenticates the content of BIOS.
Preferably, step S12 includes:
If authentification failure, system is forbidden to continue to start;
System is restarted, until authenticating successfully.
Preferably, if step authenticates successfully, starting BIOS initializes CPU, specifically includes:
After the completion of BIOS certification, safety card draws high cpu reset, and analogue quantity switch switches to the access of CPU and BIOS, reads BIOS information initializes CPU.
Preferably, step BIOS forbids system if hard disk is not detected by data protection interface module measurement hard disk Starting, specifically includes:
Hard disk is measured by data protection chip, judges whether hard disk is replaced by hard disk serial number, measures successful subsequent It is continuous to launch into system, the No starting if measurement fails or hard disk is not detected, starting system of laying equal stress on.
As can be seen from the above technical solutions, the invention has the following advantages that based on trusted root to user's hardware and firmware Carry out the main contents and core that certification is secure and trusted technology.Certification occurs before equipment starting, once authentification failure, prohibits Only equipment starts, and the safety of equipment entirety can be improved.Data protection interface module is used to carry out encryption and decryption to hard disc data Processing, by the processing of data protection chip, the data in hard disk can be encrypted, the number in other computer systems in hard disk According to messy code can be shown as, to reduce the risk of leaking data.
In addition, design principle of the present invention is reliable, structure is simple, has very extensive application prospect.
It can be seen that compared with prior art, the present invention have substantive distinguishing features outstanding and it is significant ground it is progressive, implementation Beneficial effect be also obvious.
Detailed description of the invention
Fig. 1 is a kind of mainboard clean boot realization system connection block diagram based on Domestic Platform;
Fig. 2 is a kind of mainboard clean boot implementation method flow chart based on Domestic Platform.
Specific embodiment
The present invention will be described in detail with reference to the accompanying drawing and by specific embodiment, and following embodiment is to the present invention Explanation, and the invention is not limited to following implementation.
Embodiment one
As shown in Figure 1, system is realized in a kind of mainboard clean boot based on Domestic Platform, and it is described including mainboard and hard disk 6, it is described Mainboard includes basic module and security module, and the basic module is connect with security module;
Basic module includes CPU 1 and BIOS 2;Security module includes safety card 3 and data protection interface module 7;
BIOS 2 is connect with CPU 1 and safety card 3 respectively by analogue quantity switch 8;Safety card 3 is used as trusted root, for authenticating The content of BIOS 2;CPU 1 reads the content of BIOS 2, initializes to CPU 1;
The hard disk 6 is connect by data protection interface module 7 with CPU 1, and data protection interface module 7 is for detecting hard disk Or hard disk metric and BIOS it is whether consistent.
The data protection interface module 7 includes data protection chip 4 and hard-disk interface chip 5;
The hard disk 6 is connect by sequentially connected data protection chip 4 and hard-disk interface chip 5 with CPU 1.
Data protection interface module 7, for carrying out encryption and decryption processing to 6 data of hard disk, by the place of data protection chip 4 It manages, the data in hard disk 6 can be encrypted, and encrypted hard disk data in other computer systems is made to be shown as messy code.
The hard-disk interface chip 5 includes SATA interface chip.
The analogue quantity switch 8 is alternative analogue quantity switch, and safety card 3 starts first, and analogue quantity switch 8 switches to The access of safety card 3 and BIOS 2, to authenticate the content of BIOS 2.After certification passes through, safety card 3 draws high the reset of CPU 1, mould Analog quantity switch 8 switches to the access of CPU 1 Yu BIOS 2.Authentification failure then forbids system to continue to start, and makes system reboot, directly To authenticating successfully.
Mainboard based on Domestic Platform refers to the notebook or desk-top mainboard that CPU is domestic CPU (Godson or soaring).Its Middle basic module includes CPU 1, BIOS 2, bridge piece etc., and security module includes safety card 3 and data protection interface module 7.Wherein Safety card 3 is used as trusted root, and for authenticating the content of BIOS 2, data protection interface module 7 is for connecting hard disk 6.When pressing When power on button, mainboard is powered on, and safety card 3 starts first, is verified to the content of BIOS 2.After being verified, CPU 1 is opened It is dynamic, the content of BIOS is read, CPU 1 is initialized.After the completion of initialization, BIOS passes through data protection interface module degree Hard disk etc. is measured, if hard disk or hard disk metric is not detected for data protection interface module 7 and BIOS is inconsistent, No starting. It can prevent user from arbitrarily distorting BIOS, replace hard disk, guarantee the consistency of data, improve the safety of system entirety.
Embodiment two
A kind of mainboard clean boot implementation method based on Domestic Platform, includes the following steps:
S1: content of the safety card as trusted root certification BIOS;
S11: system electrification, safe card start-up;
S12: analogue quantity switch switches to safety card and the access of BIOS, authenticates the content of BIOS.
If authentification failure, system is forbidden to continue to start;
System is restarted, until authenticating successfully.
S2: if authenticating successfully, starting BIOS initializes CPU;After the completion of BIOS certification, safety card answers CPU Position is drawn high, and analogue quantity switch switches to the access of CPU and BIOS, is read BIOS information and is initialized CPU;
S3:BIOS measures hard disk by data protection interface module and forbids system to start if hard disk is not detected.
The onboard SATA interface chip of mainboard, data protection chip and analogue quantity switch chip, external safety card is as credible Root, mainboard integrated data protect chip, connect hard disk by data protection chip;
Such as Fig. 2, system electrification, safety card starts first, and analogue quantity switch switches to safety card and the access of BIOS, with certification The content of BIOS.After certification passes through, safety card draws high cpu reset, and analogue quantity switch switches to the access of CPU and BIOS.Recognize Card failure, then forbid system to continue to start, make system reboot, until authenticating successfully.
BIOS starting, initializes CPU, and initial work passes through data protection interface module after completing and measures hard disk, leads to Hard disk serial number is crossed to judge whether hard disk is replaced, will continue to launch into system after measuring successfully, if measurement failure or Hard disk then No starting, system reboot is not detected.
Data protection chip must connect hard disk, and hard disk is impermissible for arbitrarily replacing, otherwise No starting.
Data protection interface module is used to carry out encryption and decryption processing to hard disc data, by the processing of data protection chip, Data in hard disk can be encrypted, and the data in other computer systems in hard disk can be shown as messy code, be let out with reducing data The risk of dew.
Management terminal can control the closing of tamper function, to replace power supply.
Description and claims of this specification and term " first ", " second ", " third " " in above-mentioned attached drawing The (if present)s such as four " are to be used to distinguish similar objects, without being used to describe a particular order or precedence order.It should manage The data that solution uses in this way are interchangeable under appropriate circumstances, so as to the embodiment of the present invention described herein can in addition to Here the sequence other than those of diagram or description is implemented.In addition, term " includes " and " having " and their any deformation, It is intended to cover and non-exclusive includes.
The foregoing description of the disclosed embodiments enables those skilled in the art to implement or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, as defined herein General Principle can be realized in other embodiments without departing from the spirit or scope of the present invention.Therefore, of the invention It is not intended to be limited to the embodiments shown herein, and is to fit to and the principles and novel features disclosed herein phase one The widest scope of cause.

Claims (10)

1. system is realized in a kind of mainboard clean boot based on Domestic Platform, which is characterized in that described includes mainboard and hard disk (6), the mainboard includes basic module and security module, and the basic module is connect with security module;
Basic module includes CPU(1) and BIOS(2);Security module includes safety card (3) and data protection interface module (7);
BIOS(2 it) is connect respectively with CPU(1) and safety card (3) by analogue quantity switch (8);Safety card (3) is used as trusted root, For authenticating BIOS(2) content;CPU(1) read BIOS(2) content, to CPU(1) initialize;
The hard disk (6) connects by data protection interface module (7) and CPU(1), and data protection interface module (7) is for examining It surveys hard disk or hard disk metric and whether BIOS is consistent.
2. system is realized in a kind of mainboard clean boot based on Domestic Platform according to claim 1, which is characterized in that institute Stating data protection interface module (7) includes data protection chip (4) and hard-disk interface chip (5);
The hard disk (6) connects by sequentially connected data protection chip (4) and hard-disk interface chip (5) and CPU(1).
3. system is realized in a kind of mainboard clean boot based on Domestic Platform according to claim 2, which is characterized in that number According to protection interface module (7), for carrying out encryption and decryption processing to hard disk (6) data, by the processing of data protection chip (4), Data in hard disk (6) can be encrypted, and encrypted hard disk data in other computer systems is made to be shown as messy code.
4. system is realized in a kind of mainboard clean boot based on Domestic Platform according to claim 2, which is characterized in that institute The hard-disk interface chip (5) stated includes SATA interface chip.
5. system is realized in a kind of mainboard clean boot based on Domestic Platform according to claim 1, which is characterized in that institute The analogue quantity switch (8) stated is alternative analogue quantity switch.
6. a kind of mainboard clean boot implementation method based on Domestic Platform, which comprises the steps of:
Content of the safety card as trusted root certification BIOS;
If authenticating successfully, starting BIOS initializes CPU;
BIOS measures hard disk by data protection interface module and forbids system to start if hard disk is not detected.
7. a kind of mainboard clean boot implementation method based on Domestic Platform according to claim 6, which is characterized in that step Content of the rapid safety card as trusted root certification BIOS further include:
S11: system electrification, safe card start-up;
S12: analogue quantity switch switches to safety card and the access of BIOS, authenticates the content of BIOS.
8. a kind of mainboard clean boot implementation method based on Domestic Platform according to claim 7, which is characterized in that step Suddenly S12 includes:
If authentification failure, system is forbidden to continue to start;
System is restarted, until authenticating successfully.
9. a kind of mainboard clean boot implementation method based on Domestic Platform according to claim 7, which is characterized in that step If authenticating suddenly successfully, starting BIOS initializes CPU, specifically includes:
After the completion of BIOS certification, safety card draws high cpu reset, and analogue quantity switch switches to the access of CPU and BIOS, reads BIOS information initializes CPU.
10. a kind of mainboard clean boot implementation method based on Domestic Platform according to claim 7, which is characterized in that Step BIOS measures hard disk by data protection interface module and forbids system to start if hard disk is not detected, and specifically includes:
Hard disk is measured by data protection chip, judges whether hard disk is replaced by hard disk serial number, measures successful subsequent It is continuous to launch into system, the No starting if measurement fails or hard disk is not detected, starting system of laying equal stress on.
CN201810981590.9A 2018-08-27 2018-08-27 A kind of mainboard clean boot realization system and method based on Domestic Platform Pending CN109308414A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810981590.9A CN109308414A (en) 2018-08-27 2018-08-27 A kind of mainboard clean boot realization system and method based on Domestic Platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810981590.9A CN109308414A (en) 2018-08-27 2018-08-27 A kind of mainboard clean boot realization system and method based on Domestic Platform

Publications (1)

Publication Number Publication Date
CN109308414A true CN109308414A (en) 2019-02-05

Family

ID=65224002

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810981590.9A Pending CN109308414A (en) 2018-08-27 2018-08-27 A kind of mainboard clean boot realization system and method based on Domestic Platform

Country Status (1)

Country Link
CN (1) CN109308414A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110059466A (en) * 2019-04-03 2019-07-26 山东超越数控电子股份有限公司 A kind of implementation method of secure and trusted card, secure and trusted card and system
CN110688680A (en) * 2019-10-14 2020-01-14 山东超越数控电子股份有限公司 Method for realizing safe login
CN115659421A (en) * 2022-11-10 2023-01-31 北京中航科电测控技术股份有限公司 Multi-architecture special card compatible platform of computer platform

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101324912A (en) * 2008-07-30 2008-12-17 中国航天科工集团第二研究院七○六所 Credible safety computer
CN101504708A (en) * 2009-03-17 2009-08-12 北京鼎普科技股份有限公司 Computer security apparatus and method
CN101877040A (en) * 2009-12-07 2010-11-03 中国航天科工集团第二研究院七○六所 High-reliability computing platform
CN101980235A (en) * 2010-10-27 2011-02-23 中国航天科工集团第二研究院七○六所 Safe computing platform
CN201845340U (en) * 2010-11-19 2011-05-25 紫光股份有限公司 Safety computer provided with user safety subsystem
US20120151223A1 (en) * 2010-09-20 2012-06-14 Conde Marques Ricardo Nuno De Pinho Coelho Method for securing a computing device with a trusted platform module-tpm
CN103593622A (en) * 2013-11-05 2014-02-19 浪潮集团有限公司 FPGA-based design method of safe and trusted computer
CN203773424U (en) * 2014-04-11 2014-08-13 山东超越数控电子有限公司 Safe and reliable computer based on loongson processor
CN105718806A (en) * 2016-01-26 2016-06-29 浪潮电子信息产业股份有限公司 Method for achieving trusted active measurement based on domestic BMC and TPM2.0
CN107665316A (en) * 2017-09-25 2018-02-06 四川卫士通信息安全平台技术有限公司 A kind of computer BIOS design method based on certification and credible measurement
CN108268286A (en) * 2016-12-29 2018-07-10 联想(上海)信息技术有限公司 Computer system starting method and computer system

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101324912A (en) * 2008-07-30 2008-12-17 中国航天科工集团第二研究院七○六所 Credible safety computer
CN101504708A (en) * 2009-03-17 2009-08-12 北京鼎普科技股份有限公司 Computer security apparatus and method
CN101877040A (en) * 2009-12-07 2010-11-03 中国航天科工集团第二研究院七○六所 High-reliability computing platform
US20120151223A1 (en) * 2010-09-20 2012-06-14 Conde Marques Ricardo Nuno De Pinho Coelho Method for securing a computing device with a trusted platform module-tpm
CN101980235A (en) * 2010-10-27 2011-02-23 中国航天科工集团第二研究院七○六所 Safe computing platform
CN201845340U (en) * 2010-11-19 2011-05-25 紫光股份有限公司 Safety computer provided with user safety subsystem
CN103593622A (en) * 2013-11-05 2014-02-19 浪潮集团有限公司 FPGA-based design method of safe and trusted computer
CN203773424U (en) * 2014-04-11 2014-08-13 山东超越数控电子有限公司 Safe and reliable computer based on loongson processor
CN105718806A (en) * 2016-01-26 2016-06-29 浪潮电子信息产业股份有限公司 Method for achieving trusted active measurement based on domestic BMC and TPM2.0
CN108268286A (en) * 2016-12-29 2018-07-10 联想(上海)信息技术有限公司 Computer system starting method and computer system
CN107665316A (en) * 2017-09-25 2018-02-06 四川卫士通信息安全平台技术有限公司 A kind of computer BIOS design method based on certification and credible measurement

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110059466A (en) * 2019-04-03 2019-07-26 山东超越数控电子股份有限公司 A kind of implementation method of secure and trusted card, secure and trusted card and system
CN110059466B (en) * 2019-04-03 2023-04-18 超越科技股份有限公司 Method for realizing secure trusted card, secure trusted card and system
CN110688680A (en) * 2019-10-14 2020-01-14 山东超越数控电子股份有限公司 Method for realizing safe login
CN115659421A (en) * 2022-11-10 2023-01-31 北京中航科电测控技术股份有限公司 Multi-architecture special card compatible platform of computer platform

Similar Documents

Publication Publication Date Title
US6032257A (en) Hardware theft-protection architecture
TWI277904B (en) Method, recording medium and system for protecting information
CN103038745B (en) Extension integrity measurement
CN102663301B (en) Trusted computer and credibility detection method
JP4812168B2 (en) Trusted computing platform
US7437568B2 (en) Apparatus and method for establishing trust
CN101980235B (en) Safe computing platform
CN109308414A (en) A kind of mainboard clean boot realization system and method based on Domestic Platform
CN107506663A (en) Server security based on credible BMC starts method
US20070168677A1 (en) Changing user authentication method by timer and the user context
CN102289622B (en) Trusted startup method based on authentication policy file and hardware information collection
CN109614799B (en) Information authentication method
US20200177381A1 (en) Trusted measuring method, apparatus, system, storage medium, and computing device
US20080278285A1 (en) Recording device
US20110040961A1 (en) Binding data to a computing platform through use of a cryptographic module
CN103488937B (en) Measuring method, electronic equipment and measuring system
CN109992973B (en) Starting measurement method and device by using OPROM mechanism
CN111125707A (en) BMC (baseboard management controller) safe starting method, system and equipment based on trusted password module
CN110245495A (en) BIOS method of calibration, configuration method, equipment and system
GB2424494A (en) Methods, devices and data structures for trusted data
CN110187922A (en) It is arranged and verifies the method, apparatus, equipment and storage medium of BIOS parameter
CN109583214A (en) A kind of method of controlling security
CN113448681B (en) Registration method, equipment and storage medium of virtual machine monitor public key
CN108197457A (en) Hard disk secure control method and device
WO2024036832A1 (en) Method for realizing smart token cryptography application interface on basis of tpm

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20190205

RJ01 Rejection of invention patent application after publication