CN109308414A - A kind of mainboard clean boot realization system and method based on Domestic Platform - Google Patents
A kind of mainboard clean boot realization system and method based on Domestic Platform Download PDFInfo
- Publication number
- CN109308414A CN109308414A CN201810981590.9A CN201810981590A CN109308414A CN 109308414 A CN109308414 A CN 109308414A CN 201810981590 A CN201810981590 A CN 201810981590A CN 109308414 A CN109308414 A CN 109308414A
- Authority
- CN
- China
- Prior art keywords
- bios
- hard disk
- mainboard
- cpu
- data protection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
- Storage Device Security (AREA)
Abstract
The present invention provides a kind of mainboard clean boot realization system and method based on Domestic Platform, and described includes mainboard and hard disk, and the mainboard includes basic module and security module, and the basic module is connect with security module;Basic module includes CPU and BIOS;Security module includes safety card and data protection interface module;BIOS is connect with CPU and safety card respectively by analogue quantity switch;Safety card is as trusted root, for authenticating the content of BIOS;CPU reads the content of BIOS, initializes to CPU;The hard disk is connect by data protection interface module with CPU, and whether data protection interface module is consistent with BIOS for detecting hard disk or hard disk metric.Data protection interface module, for carrying out encryption and decryption processing to hard disc data, by the processing of data protection chip, the data in hard disk can be encrypted, and encrypted hard disk data in other computer systems is made to be shown as messy code.
Description
Technical field
The present invention relates to computer information safety technique fields, and in particular to a kind of mainboard based on Domestic Platform opens safely
It is dynamic to realize system and method.
Background technique
It is secure and trusted to increasingly become focus concerned by people with the rise and development of information industry.Especially calculate
Machine field, with the high speed development of network and informationization technology, information security situation is increasingly severe, the safety of computer equipment
Property not only influence information security, future can also further influence national security and army's safety.Safety based on Domestic Platform
Trusted technology gradually rises.Computer motherboard is higher and higher to the reliability design requirement of access right, prevents non-management
The random operation of personnel or other staff bring the loss of business datum.During computer starting, motherboard hardware and entire system
The system link weak in safety, the abnormal initialization of hardware or user distort configuration, may cause the inconsistent of data, by
Gradually become the key factor for influencing Domestic Platform mainboard management safety.In practical operation operational process, how Domestic Platform is realized
Mainboard initial configuration starting state safe design it is particularly important, and become determine Domestic Platform mainboard safety pass
One of key element.
Summary of the invention
In order to overcome the deficiencies in the prior art described above, the present invention provides a kind of mainboard clean boot based on Domestic Platform
Realize system and method, to solve the above technical problems.
The technical scheme is that
A kind of mainboard clean boot realization system based on Domestic Platform, described includes mainboard and hard disk, and the mainboard includes base
This module and security module, the basic module are connect with security module;
Basic module includes CPU and BIOS;Security module includes safety card and data protection interface module;
BIOS is connect with CPU and safety card respectively by analogue quantity switch;Safety card is as trusted root, for authenticating in BIOS
Hold;CPU reads the content of BIOS, initializes to CPU;
The hard disk is connect by data protection interface module with CPU, and data protection interface module is for detecting hard disk or hard disk
Whether metric is consistent with BIOS.
Preferably, the data protection interface module includes data protection chip and hard-disk interface chip;
The hard disk is connect by sequentially connected data protection chip and hard-disk interface chip with CPU.
Preferably, data protection interface module, for carrying out encryption and decryption processing to hard disc data, by data protection chip
Processing, the data in hard disk can be encrypted, and make to be encrypted hard disk data in other computer systems to be shown as messy code.
Preferably, the hard-disk interface chip includes SATA interface chip.
Preferably, the analogue quantity switch is alternative analogue quantity switch.
Technical solution of the present invention also provides a kind of mainboard clean boot implementation method based on Domestic Platform, including walks as follows
It is rapid:
Content of the safety card as trusted root certification BIOS;
If authenticating successfully, starting BIOS initializes CPU;
BIOS measures hard disk by data protection interface module and forbids system to start if hard disk is not detected.
Preferably, content of the step safety card as trusted root certification BIOS further include:
S11: system electrification, safe card start-up;
S12: analogue quantity switch switches to safety card and the access of BIOS, authenticates the content of BIOS.
Preferably, step S12 includes:
If authentification failure, system is forbidden to continue to start;
System is restarted, until authenticating successfully.
Preferably, if step authenticates successfully, starting BIOS initializes CPU, specifically includes:
After the completion of BIOS certification, safety card draws high cpu reset, and analogue quantity switch switches to the access of CPU and BIOS, reads
BIOS information initializes CPU.
Preferably, step BIOS forbids system if hard disk is not detected by data protection interface module measurement hard disk
Starting, specifically includes:
Hard disk is measured by data protection chip, judges whether hard disk is replaced by hard disk serial number, measures successful subsequent
It is continuous to launch into system, the No starting if measurement fails or hard disk is not detected, starting system of laying equal stress on.
As can be seen from the above technical solutions, the invention has the following advantages that based on trusted root to user's hardware and firmware
Carry out the main contents and core that certification is secure and trusted technology.Certification occurs before equipment starting, once authentification failure, prohibits
Only equipment starts, and the safety of equipment entirety can be improved.Data protection interface module is used to carry out encryption and decryption to hard disc data
Processing, by the processing of data protection chip, the data in hard disk can be encrypted, the number in other computer systems in hard disk
According to messy code can be shown as, to reduce the risk of leaking data.
In addition, design principle of the present invention is reliable, structure is simple, has very extensive application prospect.
It can be seen that compared with prior art, the present invention have substantive distinguishing features outstanding and it is significant ground it is progressive, implementation
Beneficial effect be also obvious.
Detailed description of the invention
Fig. 1 is a kind of mainboard clean boot realization system connection block diagram based on Domestic Platform;
Fig. 2 is a kind of mainboard clean boot implementation method flow chart based on Domestic Platform.
Specific embodiment
The present invention will be described in detail with reference to the accompanying drawing and by specific embodiment, and following embodiment is to the present invention
Explanation, and the invention is not limited to following implementation.
Embodiment one
As shown in Figure 1, system is realized in a kind of mainboard clean boot based on Domestic Platform, and it is described including mainboard and hard disk 6, it is described
Mainboard includes basic module and security module, and the basic module is connect with security module;
Basic module includes CPU 1 and BIOS 2;Security module includes safety card 3 and data protection interface module 7;
BIOS 2 is connect with CPU 1 and safety card 3 respectively by analogue quantity switch 8;Safety card 3 is used as trusted root, for authenticating
The content of BIOS 2;CPU 1 reads the content of BIOS 2, initializes to CPU 1;
The hard disk 6 is connect by data protection interface module 7 with CPU 1, and data protection interface module 7 is for detecting hard disk
Or hard disk metric and BIOS it is whether consistent.
The data protection interface module 7 includes data protection chip 4 and hard-disk interface chip 5;
The hard disk 6 is connect by sequentially connected data protection chip 4 and hard-disk interface chip 5 with CPU 1.
Data protection interface module 7, for carrying out encryption and decryption processing to 6 data of hard disk, by the place of data protection chip 4
It manages, the data in hard disk 6 can be encrypted, and encrypted hard disk data in other computer systems is made to be shown as messy code.
The hard-disk interface chip 5 includes SATA interface chip.
The analogue quantity switch 8 is alternative analogue quantity switch, and safety card 3 starts first, and analogue quantity switch 8 switches to
The access of safety card 3 and BIOS 2, to authenticate the content of BIOS 2.After certification passes through, safety card 3 draws high the reset of CPU 1, mould
Analog quantity switch 8 switches to the access of CPU 1 Yu BIOS 2.Authentification failure then forbids system to continue to start, and makes system reboot, directly
To authenticating successfully.
Mainboard based on Domestic Platform refers to the notebook or desk-top mainboard that CPU is domestic CPU (Godson or soaring).Its
Middle basic module includes CPU 1, BIOS 2, bridge piece etc., and security module includes safety card 3 and data protection interface module 7.Wherein
Safety card 3 is used as trusted root, and for authenticating the content of BIOS 2, data protection interface module 7 is for connecting hard disk 6.When pressing
When power on button, mainboard is powered on, and safety card 3 starts first, is verified to the content of BIOS 2.After being verified, CPU 1 is opened
It is dynamic, the content of BIOS is read, CPU 1 is initialized.After the completion of initialization, BIOS passes through data protection interface module degree
Hard disk etc. is measured, if hard disk or hard disk metric is not detected for data protection interface module 7 and BIOS is inconsistent, No starting.
It can prevent user from arbitrarily distorting BIOS, replace hard disk, guarantee the consistency of data, improve the safety of system entirety.
Embodiment two
A kind of mainboard clean boot implementation method based on Domestic Platform, includes the following steps:
S1: content of the safety card as trusted root certification BIOS;
S11: system electrification, safe card start-up;
S12: analogue quantity switch switches to safety card and the access of BIOS, authenticates the content of BIOS.
If authentification failure, system is forbidden to continue to start;
System is restarted, until authenticating successfully.
S2: if authenticating successfully, starting BIOS initializes CPU;After the completion of BIOS certification, safety card answers CPU
Position is drawn high, and analogue quantity switch switches to the access of CPU and BIOS, is read BIOS information and is initialized CPU;
S3:BIOS measures hard disk by data protection interface module and forbids system to start if hard disk is not detected.
The onboard SATA interface chip of mainboard, data protection chip and analogue quantity switch chip, external safety card is as credible
Root, mainboard integrated data protect chip, connect hard disk by data protection chip;
Such as Fig. 2, system electrification, safety card starts first, and analogue quantity switch switches to safety card and the access of BIOS, with certification
The content of BIOS.After certification passes through, safety card draws high cpu reset, and analogue quantity switch switches to the access of CPU and BIOS.Recognize
Card failure, then forbid system to continue to start, make system reboot, until authenticating successfully.
BIOS starting, initializes CPU, and initial work passes through data protection interface module after completing and measures hard disk, leads to
Hard disk serial number is crossed to judge whether hard disk is replaced, will continue to launch into system after measuring successfully, if measurement failure or
Hard disk then No starting, system reboot is not detected.
Data protection chip must connect hard disk, and hard disk is impermissible for arbitrarily replacing, otherwise No starting.
Data protection interface module is used to carry out encryption and decryption processing to hard disc data, by the processing of data protection chip,
Data in hard disk can be encrypted, and the data in other computer systems in hard disk can be shown as messy code, be let out with reducing data
The risk of dew.
Management terminal can control the closing of tamper function, to replace power supply.
Description and claims of this specification and term " first ", " second ", " third " " in above-mentioned attached drawing
The (if present)s such as four " are to be used to distinguish similar objects, without being used to describe a particular order or precedence order.It should manage
The data that solution uses in this way are interchangeable under appropriate circumstances, so as to the embodiment of the present invention described herein can in addition to
Here the sequence other than those of diagram or description is implemented.In addition, term " includes " and " having " and their any deformation,
It is intended to cover and non-exclusive includes.
The foregoing description of the disclosed embodiments enables those skilled in the art to implement or use the present invention.
Various modifications to these embodiments will be readily apparent to those skilled in the art, as defined herein
General Principle can be realized in other embodiments without departing from the spirit or scope of the present invention.Therefore, of the invention
It is not intended to be limited to the embodiments shown herein, and is to fit to and the principles and novel features disclosed herein phase one
The widest scope of cause.
Claims (10)
1. system is realized in a kind of mainboard clean boot based on Domestic Platform, which is characterized in that described includes mainboard and hard disk
(6), the mainboard includes basic module and security module, and the basic module is connect with security module;
Basic module includes CPU(1) and BIOS(2);Security module includes safety card (3) and data protection interface module (7);
BIOS(2 it) is connect respectively with CPU(1) and safety card (3) by analogue quantity switch (8);Safety card (3) is used as trusted root,
For authenticating BIOS(2) content;CPU(1) read BIOS(2) content, to CPU(1) initialize;
The hard disk (6) connects by data protection interface module (7) and CPU(1), and data protection interface module (7) is for examining
It surveys hard disk or hard disk metric and whether BIOS is consistent.
2. system is realized in a kind of mainboard clean boot based on Domestic Platform according to claim 1, which is characterized in that institute
Stating data protection interface module (7) includes data protection chip (4) and hard-disk interface chip (5);
The hard disk (6) connects by sequentially connected data protection chip (4) and hard-disk interface chip (5) and CPU(1).
3. system is realized in a kind of mainboard clean boot based on Domestic Platform according to claim 2, which is characterized in that number
According to protection interface module (7), for carrying out encryption and decryption processing to hard disk (6) data, by the processing of data protection chip (4),
Data in hard disk (6) can be encrypted, and encrypted hard disk data in other computer systems is made to be shown as messy code.
4. system is realized in a kind of mainboard clean boot based on Domestic Platform according to claim 2, which is characterized in that institute
The hard-disk interface chip (5) stated includes SATA interface chip.
5. system is realized in a kind of mainboard clean boot based on Domestic Platform according to claim 1, which is characterized in that institute
The analogue quantity switch (8) stated is alternative analogue quantity switch.
6. a kind of mainboard clean boot implementation method based on Domestic Platform, which comprises the steps of:
Content of the safety card as trusted root certification BIOS;
If authenticating successfully, starting BIOS initializes CPU;
BIOS measures hard disk by data protection interface module and forbids system to start if hard disk is not detected.
7. a kind of mainboard clean boot implementation method based on Domestic Platform according to claim 6, which is characterized in that step
Content of the rapid safety card as trusted root certification BIOS further include:
S11: system electrification, safe card start-up;
S12: analogue quantity switch switches to safety card and the access of BIOS, authenticates the content of BIOS.
8. a kind of mainboard clean boot implementation method based on Domestic Platform according to claim 7, which is characterized in that step
Suddenly S12 includes:
If authentification failure, system is forbidden to continue to start;
System is restarted, until authenticating successfully.
9. a kind of mainboard clean boot implementation method based on Domestic Platform according to claim 7, which is characterized in that step
If authenticating suddenly successfully, starting BIOS initializes CPU, specifically includes:
After the completion of BIOS certification, safety card draws high cpu reset, and analogue quantity switch switches to the access of CPU and BIOS, reads
BIOS information initializes CPU.
10. a kind of mainboard clean boot implementation method based on Domestic Platform according to claim 7, which is characterized in that
Step BIOS measures hard disk by data protection interface module and forbids system to start if hard disk is not detected, and specifically includes:
Hard disk is measured by data protection chip, judges whether hard disk is replaced by hard disk serial number, measures successful subsequent
It is continuous to launch into system, the No starting if measurement fails or hard disk is not detected, starting system of laying equal stress on.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810981590.9A CN109308414A (en) | 2018-08-27 | 2018-08-27 | A kind of mainboard clean boot realization system and method based on Domestic Platform |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810981590.9A CN109308414A (en) | 2018-08-27 | 2018-08-27 | A kind of mainboard clean boot realization system and method based on Domestic Platform |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109308414A true CN109308414A (en) | 2019-02-05 |
Family
ID=65224002
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810981590.9A Pending CN109308414A (en) | 2018-08-27 | 2018-08-27 | A kind of mainboard clean boot realization system and method based on Domestic Platform |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109308414A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110059466A (en) * | 2019-04-03 | 2019-07-26 | 山东超越数控电子股份有限公司 | A kind of implementation method of secure and trusted card, secure and trusted card and system |
CN110688680A (en) * | 2019-10-14 | 2020-01-14 | 山东超越数控电子股份有限公司 | Method for realizing safe login |
CN115659421A (en) * | 2022-11-10 | 2023-01-31 | 北京中航科电测控技术股份有限公司 | Multi-architecture special card compatible platform of computer platform |
Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101324912A (en) * | 2008-07-30 | 2008-12-17 | 中国航天科工集团第二研究院七○六所 | Credible safety computer |
CN101504708A (en) * | 2009-03-17 | 2009-08-12 | 北京鼎普科技股份有限公司 | Computer security apparatus and method |
CN101877040A (en) * | 2009-12-07 | 2010-11-03 | 中国航天科工集团第二研究院七○六所 | High-reliability computing platform |
CN101980235A (en) * | 2010-10-27 | 2011-02-23 | 中国航天科工集团第二研究院七○六所 | Safe computing platform |
CN201845340U (en) * | 2010-11-19 | 2011-05-25 | 紫光股份有限公司 | Safety computer provided with user safety subsystem |
US20120151223A1 (en) * | 2010-09-20 | 2012-06-14 | Conde Marques Ricardo Nuno De Pinho Coelho | Method for securing a computing device with a trusted platform module-tpm |
CN103593622A (en) * | 2013-11-05 | 2014-02-19 | 浪潮集团有限公司 | FPGA-based design method of safe and trusted computer |
CN203773424U (en) * | 2014-04-11 | 2014-08-13 | 山东超越数控电子有限公司 | Safe and reliable computer based on loongson processor |
CN105718806A (en) * | 2016-01-26 | 2016-06-29 | 浪潮电子信息产业股份有限公司 | Method for achieving trusted active measurement based on domestic BMC and TPM2.0 |
CN107665316A (en) * | 2017-09-25 | 2018-02-06 | 四川卫士通信息安全平台技术有限公司 | A kind of computer BIOS design method based on certification and credible measurement |
CN108268286A (en) * | 2016-12-29 | 2018-07-10 | 联想(上海)信息技术有限公司 | Computer system starting method and computer system |
-
2018
- 2018-08-27 CN CN201810981590.9A patent/CN109308414A/en active Pending
Patent Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101324912A (en) * | 2008-07-30 | 2008-12-17 | 中国航天科工集团第二研究院七○六所 | Credible safety computer |
CN101504708A (en) * | 2009-03-17 | 2009-08-12 | 北京鼎普科技股份有限公司 | Computer security apparatus and method |
CN101877040A (en) * | 2009-12-07 | 2010-11-03 | 中国航天科工集团第二研究院七○六所 | High-reliability computing platform |
US20120151223A1 (en) * | 2010-09-20 | 2012-06-14 | Conde Marques Ricardo Nuno De Pinho Coelho | Method for securing a computing device with a trusted platform module-tpm |
CN101980235A (en) * | 2010-10-27 | 2011-02-23 | 中国航天科工集团第二研究院七○六所 | Safe computing platform |
CN201845340U (en) * | 2010-11-19 | 2011-05-25 | 紫光股份有限公司 | Safety computer provided with user safety subsystem |
CN103593622A (en) * | 2013-11-05 | 2014-02-19 | 浪潮集团有限公司 | FPGA-based design method of safe and trusted computer |
CN203773424U (en) * | 2014-04-11 | 2014-08-13 | 山东超越数控电子有限公司 | Safe and reliable computer based on loongson processor |
CN105718806A (en) * | 2016-01-26 | 2016-06-29 | 浪潮电子信息产业股份有限公司 | Method for achieving trusted active measurement based on domestic BMC and TPM2.0 |
CN108268286A (en) * | 2016-12-29 | 2018-07-10 | 联想(上海)信息技术有限公司 | Computer system starting method and computer system |
CN107665316A (en) * | 2017-09-25 | 2018-02-06 | 四川卫士通信息安全平台技术有限公司 | A kind of computer BIOS design method based on certification and credible measurement |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110059466A (en) * | 2019-04-03 | 2019-07-26 | 山东超越数控电子股份有限公司 | A kind of implementation method of secure and trusted card, secure and trusted card and system |
CN110059466B (en) * | 2019-04-03 | 2023-04-18 | 超越科技股份有限公司 | Method for realizing secure trusted card, secure trusted card and system |
CN110688680A (en) * | 2019-10-14 | 2020-01-14 | 山东超越数控电子股份有限公司 | Method for realizing safe login |
CN115659421A (en) * | 2022-11-10 | 2023-01-31 | 北京中航科电测控技术股份有限公司 | Multi-architecture special card compatible platform of computer platform |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US6032257A (en) | Hardware theft-protection architecture | |
TWI277904B (en) | Method, recording medium and system for protecting information | |
CN103038745B (en) | Extension integrity measurement | |
CN102663301B (en) | Trusted computer and credibility detection method | |
JP4812168B2 (en) | Trusted computing platform | |
US7437568B2 (en) | Apparatus and method for establishing trust | |
CN101980235B (en) | Safe computing platform | |
CN109308414A (en) | A kind of mainboard clean boot realization system and method based on Domestic Platform | |
CN107506663A (en) | Server security based on credible BMC starts method | |
US20070168677A1 (en) | Changing user authentication method by timer and the user context | |
CN102289622B (en) | Trusted startup method based on authentication policy file and hardware information collection | |
CN109614799B (en) | Information authentication method | |
US20200177381A1 (en) | Trusted measuring method, apparatus, system, storage medium, and computing device | |
US20080278285A1 (en) | Recording device | |
US20110040961A1 (en) | Binding data to a computing platform through use of a cryptographic module | |
CN103488937B (en) | Measuring method, electronic equipment and measuring system | |
CN109992973B (en) | Starting measurement method and device by using OPROM mechanism | |
CN111125707A (en) | BMC (baseboard management controller) safe starting method, system and equipment based on trusted password module | |
CN110245495A (en) | BIOS method of calibration, configuration method, equipment and system | |
GB2424494A (en) | Methods, devices and data structures for trusted data | |
CN110187922A (en) | It is arranged and verifies the method, apparatus, equipment and storage medium of BIOS parameter | |
CN109583214A (en) | A kind of method of controlling security | |
CN113448681B (en) | Registration method, equipment and storage medium of virtual machine monitor public key | |
CN108197457A (en) | Hard disk secure control method and device | |
WO2024036832A1 (en) | Method for realizing smart token cryptography application interface on basis of tpm |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190205 |
|
RJ01 | Rejection of invention patent application after publication |