CN109740353A - A kind of credible starting method of the BMC firmware of server - Google Patents
A kind of credible starting method of the BMC firmware of server Download PDFInfo
- Publication number
- CN109740353A CN109740353A CN201910003502.2A CN201910003502A CN109740353A CN 109740353 A CN109740353 A CN 109740353A CN 201910003502 A CN201910003502 A CN 201910003502A CN 109740353 A CN109740353 A CN 109740353A
- Authority
- CN
- China
- Prior art keywords
- bmc
- firmware
- password module
- credible
- kernel
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The present invention discloses a kind of credible starting method of the BMC firmware of server, belongs to the secure and trusted starting field of server B MC firmware.It is characterized in that, the Hash Value and storage of BMC firmware each section are calculated with credible password module when issuing BMC firmware in the system being made of at one BMC chip, BMC Flash, BMC firmware, credible password module.Credible password module is called to measure BMC kernel after BMC chip power-up U-Boot starting, start BMC kernel after passing through with a reference value comparison, it is applied after the starting of BMC kernel by BMC kernel calls credible password module measurement U-Boot and BMC, starting BMC application after passing through with a reference value comparison.If above each measurement results any a part of measurement results and a reference value compared with a reference value are inconsistent, send measurement result information and to server system administrator and close BMC chip.Present invention utilizes a reference value of credible password module and each section of BMC firmware-existing credible algorithms of metric composition and the mutual measurement of U-Boot, BMC kernel to enhance the safety of BMC firmware.
Description
Technical field
The invention belongs to the secure and trusted starting fields of server B MC firmware, more particularly to how to utilize trusted cryptography's mould
The a reference value of each section of block and BMC firmware-existing credible algorithm of metric composition and the mutual degree of U-Boot, BMC kernel
The safety of amount enhancing BMC firmware
Background technique
Existing credible start-up technique level metric level-one, the present invention carry out mutually measurement to U-Boot and BMC kernel and test
Card.
Summary of the invention
It is an object of the present invention to call credible password module respectively by U-Boot, BMC kernel when BMC firmware starts
Respectively credible measurement is carried out to BMC kernel, U-Boot, verifying enhances the safety of BMC firmware mutually, increases and is modified
Difficulty.
The present invention is characterized in that:
The BMC firmware refers to the journey for BMC chip operation being stored in inside server B MC Flash chip
Sequence, BMC firmware are divided into U-Boot, BMC kernel and BMC application three parts,
The method be in the system being made of BMC chip, credible password module, BMC Flash, successively according to
What lower step was realized:
Step (1), system initialization
It is compiled by the programmer of BMC firmware and generates BMC firmware, it is solid to calculate BMC by the hash algorithm of credible password module
The Hash Value that U-Boot, BMC kernel, the BMC of part are applied, as a reference value and stores,
Step (2)
After BMC chip power-up, successively measured according to the following steps
<2.1>after U-Boot starting, credible password module is called to measure the hash of BMC kernel with identical hash algorithm
Value, if equal, into next step, if unequal, send measurement results and gives server system pipe with a reference value compared with
Reason person, and BMC chip is closed,
<2.2>after the starting of BMC kernel, credible password module is called to measure the hash of U-Boot with identical hash algorithm
Value, if equal, into next step, if unequal, send measurement results and gives server system pipe with a reference value compared with
Reason person, and BMC chip is closed,
<2.3>BMC kernel calls credible password module measures the Hash Value of each BMC application with identical hash algorithm, with
A reference value is into comparing, if equal, BMC start completion sends measurement results and give server system administrator if unequal,
And BMC chip is closed,
If there is no credible password module chip on server master board, replaced with soft structure credible password module.
The advantage of the invention is that starting if only modifying a part of BMC firmware after the publication of BMC firmware in BMC firmware
Shi Yiran is able to detect out, thus increases the safety of BMC firmware.
Detailed description of the invention
Fig. 1, system block diagram of the invention when using credible password module chip.
Fig. 2, system block diagram of the invention when using soft structure credible password module.
Fig. 3, program flow chart of the invention.
Specific embodiment
The present invention is implemented according to following below scheme:
(1) it is compiled by the programmer of BMC firmware and generates BMC firmware, BMC is calculated by the hash algorithm of credible password module
The Hash Value that U-Boot, BMC kernel, the BMC of firmware are applied, and as a reference value and store,
(2) BMC is powered on, and after U-Boot starting, credible password module is called to measure BMC kernel with identical hash algorithm
Hash Value, metric is compared with a reference value, if equal continuation next step, if unequal transmission measurement results are to server
System manager, and BMC chip is closed,
(3) after the starting of BMC kernel, credible password module is called to be made with the Hash Value that identical hash algorithm measures U-Boot
For metric, metric is compared with a reference value, if equal continuation next step, if unequal transmission measurement results are to service
Device system manager, and BMC chip is closed,
(4) BMC kernel calls credible password module uses identical hash algorithm to measure the Hash Value of each BMC application as degree
Magnitude, metric is compared with a reference value, if equal continuation next step, until BMC start completion, if unequal transmission degree
Amount result gives server system administrator, and closes BMC chip.
Claims (2)
1. a kind of credible starting method of the BMC firmware of server, it is characterised in that:
The BMC firmware refers to the program for BMC chip operation being stored in inside server B MC Flash chip, BMC
Firmware is divided into U-Boot, BMC kernel and BMC application three parts,
The method is in the system being made of BMC chip, credible password module, BMC Flash, successively according to following step
Suddenly it realizes:
Step (1), system initialization
It is compiled by the programmer of BMC firmware and generates BMC firmware, BMC firmware is calculated by the hash algorithm of credible password module
The Hash Value that U-Boot, BMC kernel, BMC are applied, as a reference value and stores,
Step (2)
After BMC chip power-up, successively measured according to the following steps
<2.1>after U-Boot starting, credible password module is called to measure the Hash Value of BMC kernel with identical hash algorithm, with
A reference value is into comparing, if equal, into next step, if unequal, send measurement results and gives server system administrator,
And BMC chip is closed,
<2.2>after the starting of BMC kernel, credible password module is called to measure the Hash Value of U-Boot with identical hash algorithm, with
A reference value is into comparing, if equal, into next step, if unequal, send measurement results and gives server system administrator,
And BMC chip is closed,
<2.3>BMC kernel calls credible password module measures the Hash Value of each BMC application with identical hash algorithm, with benchmark
It is worth into comparing, if equal, BMC start completion sends measurement results and give server system administrator, and close if unequal
Close BMC chip.
2. a kind of credible starting method of the BMC firmware of server according to claim 1, it is characterised in that: if clothes
There is no credible password module chip on business device mainboard, is replaced with soft structure credible password module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910003502.2A CN109740353A (en) | 2019-01-03 | 2019-01-03 | A kind of credible starting method of the BMC firmware of server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910003502.2A CN109740353A (en) | 2019-01-03 | 2019-01-03 | A kind of credible starting method of the BMC firmware of server |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109740353A true CN109740353A (en) | 2019-05-10 |
Family
ID=66363134
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910003502.2A Pending CN109740353A (en) | 2019-01-03 | 2019-01-03 | A kind of credible starting method of the BMC firmware of server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109740353A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110851138A (en) * | 2019-11-06 | 2020-02-28 | 山东超越数控电子股份有限公司 | BMC software development method for separating kernel and application |
| CN111159691A (en) * | 2019-12-23 | 2020-05-15 | 北京工业大学 | Dynamic credibility verification method and system for application program |
| CN112651030A (en) * | 2021-01-14 | 2021-04-13 | 北京工业大学 | Trusted starting method for BMC firmware system security |
| CN112699346A (en) * | 2021-01-05 | 2021-04-23 | 本贸科技股份有限公司 | Method for reinforcing and protecting BMC chip firmware based on cryptographic chip SE |
| CN112818396A (en) * | 2021-02-02 | 2021-05-18 | 北京工业大学 | Method for generating and managing BMC trusted audit log |
| CN114417360A (en) * | 2022-03-28 | 2022-04-29 | 青岛鼎信通讯股份有限公司 | System safety starting method applied to embedded power equipment |
| CN112651030B (en) * | 2021-01-14 | 2024-06-04 | 北京工业大学 | BMC firmware system security-oriented trusted starting method |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101281577A (en) * | 2008-05-16 | 2008-10-08 | 北京工业大学 | Dependable computing system capable of protecting BIOS and method of use thereof |
| CN101877040A (en) * | 2009-12-07 | 2010-11-03 | 中国航天科工集团第二研究院七○六所 | High-reliability computing platform |
| CN104200165A (en) * | 2014-07-30 | 2014-12-10 | 中国电子科技集团公司第三十研究所 | Initiative trusted measurement method based on CPU made in China |
| CN104410636A (en) * | 2014-12-01 | 2015-03-11 | 浪潮集团有限公司 | Method for enhancing security of BMC/SMC in cloud computing system |
| CN105550579A (en) * | 2016-02-02 | 2016-05-04 | 浪潮电子信息产业股份有限公司 | Method for measuring BMC integrity on basis of TPCM |
| CN105718806A (en) * | 2016-01-26 | 2016-06-29 | 浪潮电子信息产业股份有限公司 | Method for achieving trusted active measurement based on domestic BMC and TPM2.0 |
| CN106127056A (en) * | 2016-06-20 | 2016-11-16 | 浪潮电子信息产业股份有限公司 | A kind of method for designing of domestic BMC chip trusted firmware |
| CN106384052A (en) * | 2016-08-26 | 2017-02-08 | 浪潮电子信息产业股份有限公司 | BMC U-boot trusted starting control method |
| CN107169379A (en) * | 2017-05-19 | 2017-09-15 | 郑州云海信息技术有限公司 | A kind of method and server that integrity measurement is carried out based on BMC and TCM |
| CN107506663A (en) * | 2017-08-02 | 2017-12-22 | 中电科技(北京)有限公司 | Server security based on credible BMC starts method |
-
2019
- 2019-01-03 CN CN201910003502.2A patent/CN109740353A/en active Pending
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101281577A (en) * | 2008-05-16 | 2008-10-08 | 北京工业大学 | Dependable computing system capable of protecting BIOS and method of use thereof |
| CN101877040A (en) * | 2009-12-07 | 2010-11-03 | 中国航天科工集团第二研究院七○六所 | High-reliability computing platform |
| CN104200165A (en) * | 2014-07-30 | 2014-12-10 | 中国电子科技集团公司第三十研究所 | Initiative trusted measurement method based on CPU made in China |
| CN104410636A (en) * | 2014-12-01 | 2015-03-11 | 浪潮集团有限公司 | Method for enhancing security of BMC/SMC in cloud computing system |
| CN105718806A (en) * | 2016-01-26 | 2016-06-29 | 浪潮电子信息产业股份有限公司 | Method for achieving trusted active measurement based on domestic BMC and TPM2.0 |
| CN105550579A (en) * | 2016-02-02 | 2016-05-04 | 浪潮电子信息产业股份有限公司 | Method for measuring BMC integrity on basis of TPCM |
| CN106127056A (en) * | 2016-06-20 | 2016-11-16 | 浪潮电子信息产业股份有限公司 | A kind of method for designing of domestic BMC chip trusted firmware |
| CN106384052A (en) * | 2016-08-26 | 2017-02-08 | 浪潮电子信息产业股份有限公司 | BMC U-boot trusted starting control method |
| CN107169379A (en) * | 2017-05-19 | 2017-09-15 | 郑州云海信息技术有限公司 | A kind of method and server that integrity measurement is carried out based on BMC and TCM |
| CN107506663A (en) * | 2017-08-02 | 2017-12-22 | 中电科技(北京)有限公司 | Server security based on credible BMC starts method |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110851138A (en) * | 2019-11-06 | 2020-02-28 | 山东超越数控电子股份有限公司 | BMC software development method for separating kernel and application |
| CN111159691A (en) * | 2019-12-23 | 2020-05-15 | 北京工业大学 | Dynamic credibility verification method and system for application program |
| CN111159691B (en) * | 2019-12-23 | 2022-03-11 | 北京工业大学 | Dynamic credibility verification method and system for application program |
| CN112699346A (en) * | 2021-01-05 | 2021-04-23 | 本贸科技股份有限公司 | Method for reinforcing and protecting BMC chip firmware based on cryptographic chip SE |
| CN112651030A (en) * | 2021-01-14 | 2021-04-13 | 北京工业大学 | Trusted starting method for BMC firmware system security |
| CN112651030B (en) * | 2021-01-14 | 2024-06-04 | 北京工业大学 | BMC firmware system security-oriented trusted starting method |
| CN112818396A (en) * | 2021-02-02 | 2021-05-18 | 北京工业大学 | Method for generating and managing BMC trusted audit log |
| CN112818396B (en) * | 2021-02-02 | 2024-02-02 | 北京工业大学 | BMC trusted audit log generation and management method |
| CN114417360A (en) * | 2022-03-28 | 2022-04-29 | 青岛鼎信通讯股份有限公司 | System safety starting method applied to embedded power equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109740353A (en) | A kind of credible starting method of the BMC firmware of server | |
| CN102136043B (en) | Computer system and measuring method thereof | |
| US10148429B2 (en) | System and method for recovery key management | |
| US20130179669A1 (en) | Trusted network booting system and method | |
| US20090019285A1 (en) | Establishing a Trust Relationship Between Computing Entities | |
| CN108833522B (en) | System and method for determining credibility of node | |
| KR20150028837A (en) | Measuring platform components with a single trusted platform module | |
| WO2012064171A1 (en) | A method for enabling a trusted platform in a computing system | |
| CN101515316A (en) | Trusted computing terminal and trusted computing method | |
| US11163865B2 (en) | Trusted computing method, and server | |
| US11886593B2 (en) | Verification of a provisioned state of a platform | |
| CN109726562A (en) | A kind of starting method that server master board based on credible BMC is credible | |
| CN104850792A (en) | Establishment method and apparatus of trust chain of server | |
| CN111914303B (en) | Security measurement and security verification method for Linux system running state | |
| WO2020019485A1 (en) | Simulator identification method, identification device, and computer readable medium | |
| CN112347472B (en) | Behavior credibility measuring method and device based on power edge calculation | |
| CN110875819A (en) | Password operation processing method, device and system | |
| CN107480535A (en) | The reliable hardware layer design method and device of a kind of two-way server | |
| US20180189479A1 (en) | Verification of security domain separation | |
| CN106354550A (en) | Method, device and system for protecting security of virtual machine | |
| Arias et al. | Device attestation: Past, present, and future | |
| Dave et al. | Care: Lightweight attack resilient secure boot architecture with onboard recovery for risc-v based soc | |
| US11438151B2 (en) | Enriching local cryptoprocessor queries with sdn augmented information | |
| CN113448681B (en) | Registration method, equipment and storage medium of virtual machine monitor public key | |
| CN106372523A (en) | Modem file safety protection method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20190510 |