CN110096882B - Safety measurement method in equipment operation process - Google Patents
Safety measurement method in equipment operation process Download PDFInfo
- Publication number
- CN110096882B CN110096882B CN201810092539.2A CN201810092539A CN110096882B CN 110096882 B CN110096882 B CN 110096882B CN 201810092539 A CN201810092539 A CN 201810092539A CN 110096882 B CN110096882 B CN 110096882B
- Authority
- CN
- China
- Prior art keywords
- tpcm
- measurement
- equipment
- main control
- control chip
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Abstract
The invention discloses a safety measurement method in the running process of equipment, which comprises the steps of measuring and verifying an operating system LOADER and an operating system KERNEL in the normal starting process of the equipment, if the measurement result is normal, the equipment enters a normal working state, measuring the operating system in real time, and if the measurement result is abnormal, the equipment is shut down.
Description
Technical Field
The invention relates to the field of trusted computing, in particular to a security measurement method in the running process of equipment.
Background
Trusted computing is receiving increasing attention from more and more companies and research institutions as a new development direction in the field of information security. The main objective of the trusted computing system is to construct a computing environment that can be expected by a user, thereby ensuring that computing resources are not maliciously tampered and stolen.
The concept of domestic trusted computing has also been widely recognized and popularized by governments, military, enterprises, and the like. Through the development of many years, the research of the national credible computing theory and technology has led ahead of other countries, and the research has progressed to the credible computing 3.0 era with active control and active measurement. One of the major innovations of the trusted computing 3.0 is to implement an active measurement function, where an actively-controlled trusted platform control module TPCM measures the integrity of the firmware before the CPU runs the firmware code, so as to ensure that the firmware is not tampered. The TPCM module is combined with the TCM module to realize the password support function of the trusted software base.
Currently, trusted computing 3.0 is realized by a mode of a special PCIE interface TPCM card and an independent motherboard connecting line, but the TPCM card provided with a PCIE interface has the characteristic of high hardware cost, and needs a motherboard to provide an independent PCIE slot for support, and has certain requirements on space and interfaces of equipment; in addition, the connection mode also needs a separate connecting line, so that the compatibility of the mainboard can be reduced, and the existence of the connecting line can have certain influence on the stability of the equipment.
Disclosure of Invention
Based on the above problems in the prior art, it is necessary to provide a method for measuring security during the operation of a device, in which TPCM firmware for measuring security is integrated in a main control chip, and the device is measured to ensure the operation security.
A safety measurement method in the operation process of equipment is characterized by comprising the following steps:
step 1: the TPCM carries out integrity measurement and verification on an operating system LOADER OS LOADER, if the measurement result is normal, the OS LOADER is executed, and the step 2 is continuously executed; otherwise, an exception is prompted;
step 2: the TPCM carries out measurement and verification operation on an OS KERNEL of an operating system KERNEL, if the measurement result is normal, the OS KERNEL is operated, a file system is loaded, and the step 3 is carried out; otherwise, an exception is prompted;
and step 3: and the equipment enters an operating system, the TPCM measures the operating system in real time, and if the measurement result is abnormal, the abnormality is prompted.
The measurement operation is completed by calling TCM by a TPCM module in the main control chip.
The step 3, the TPCM performs real-time measurement on the operating system, and the measurement is as follows:
the security measurement for the operating system is done at predetermined time intervals.
Before the step 1, performing integrity check measurement on BIOS and BMC firmware or PNOR and BMC firmware in the device through TPCM.
And (2) integrating a TPCM (trusted platform manager) module in a main control chip of the device firmware storage system, preferentially electrifying the TPCM module when the device is started, and executing the operation in the step (1) when the TPCM module finishes the integrity measurement of the BIOS and the BMC firmware or the PNOR and the BMC firmware and the measurement result is normal.
The method for prompting the abnormality comprises the following steps: and lightening an indicator lamp, sounding an alarm, and prompting printing error information or shutdown by a printing interface.
The invention discloses a safety measurement method in the running process of equipment, which comprises the steps of measuring and verifying an operating system LOADER and an operating system KERNEL in the normal starting process of the equipment, if the measurement result is normal, the equipment enters a normal working state, measuring the operating system in real time, and if the measurement result is abnormal, the equipment is shut down.
Drawings
Fig. 1 is a device diagram of a TPCM storage system for implementing the trusted computing in embodiment 1 of the present invention;
fig. 2 is a flowchart of a trusted computing implementation method in embodiment 1 of the present invention;
fig. 3 is a flowchart illustrating a security measurement method during operation of a device according to embodiment 4 of the present invention.
Detailed Description
The invention provides a method and a device for realizing trusted computing. In order to make the objects, technical solutions and effects of the present invention clearer and clearer, the present invention is further described in detail below with reference to the accompanying drawings and examples. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The terms "first," "second," "third," "fourth," and the like in the description and in the claims, as well as in the drawings, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It will be appreciated that the data so used may be interchanged under appropriate circumstances such that the embodiments described herein may be practiced otherwise than as specifically illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Example one
Fig. 1 shows a device diagram of the TPCM storage system for implementing the trusted computing, which mainly includes the following functional modules: the main control chip stores TPCM firmware and is used for completing a safety measurement function; the trusted password module TCM is used for realizing a trusted password verification function; the cache chip is used for caching data; the FLASH/DRAM module is used for storing data; the power supply interface is used for directly supplying power to the TPCM storage system through a mainboard battery after the equipment is started, so that a main control chip in the system is powered on preferentially; a data interface supportable by the data interface
SATA/SAS/PCIE and other data communication protocols commonly used in the field.
Compared with the common storage system in the prior art, the TPCM storage system provided by the invention is additionally provided with a special power supply interface, a TPCM active control function in a main control chip and a TCM module in the system. The special power supply interface is used for supplying power to the storage system when the equipment is in a pre-starting state (namely, a state when the power supply is switched on but the starting is not finished), so that the main control chip is powered on preferentially to complete the safety measurement function; when the safety measurement work is finished, the BIOS, the CPU and other parts are normally powered on and started, and at the moment, the firmware memory data interface is used for supplying power to the storage system, namely, the storage system is enabled to recover the normal working state.
FIG. 2 is a workflow diagram of the trusted computing implementation method, including the following steps:
step 1: and (4) detecting whether the equipment is in a pre-starting state, and if so, entering the step 2.
Specifically, the pre-start state refers to a state when the device is connected to a power supply but has not yet been started formally, such as a state between when a power-on key is pressed and when the device is started up and enters a formal operating mode.
Step 2: detecting whether a TPCM (tire pressure monitor) module exists in the storage system, if so, firstly powering on a main control chip in the storage system, and skipping to the step 3; if not, the equipment executes a normal starting process.
Specifically, a corresponding flag bit is stored in a FLASH/DRAM module in advance, if a TPCM module exists in the storage system, the flag bit is set to 1, and the equipment adopts a power supply interface to preferentially supply power to a main control chip in the next starting process; and if the TPCM module does not exist in the storage system, setting the zone bit to be 0, and supplying power to each part in the equipment by adopting a power supply interface in the next starting process of the equipment so as to enable the equipment to execute a normal starting process.
Specifically, the power supply interface realizes preferential power-on of the TPCM main control chip through modes of a mainboard battery, direct power supply of a power supply and the like, and the power supply mode can enable the main control chip to rapidly enter a normal working state.
And step 3: and after the main control chip is powered on preferentially, performing active security measurement on the equipment.
Specifically, proactively measuring security of the device includes integrity measuring firmware of a BIOS unit in the device.
Specifically, the TPCM module in the main control chip calls the TCM module to perform integrity measurement on the firmware of the BIOS unit.
And 4, step 4: if the measurement result is normal, the equipment is normally started; if the measurement result is abnormal, the abnormal condition is prompted.
Specifically, if the measurement result is normal, the power supply mode of the active chip is switched from the power supply mode through the power supply interface to the power supply mode through the solid-state memory data interface, that is, the power supply mode is switched to the power supply mode which is commonly used for the main control chip in the prior art, so that the device enters the normal working state.
The method for prompting the abnormality comprises the following steps: and lightening an indicator lamp, sounding an alarm, and prompting printing error information or shutdown by a printing interface.
The technical scheme of this embodiment can thereby realize solid-state memory master control chip's multiplexing in master control chip integrated TPCM module, utilizes master control chip to realize TPCM safety measurement function to reduce the cost of trusted computing hardware, the product popularization of the later stage of being convenient for.
The data communication protocol for the data interface to communicate comprises SATA, SAS, PCIe, NVMe, SD, PMC, VPX, XMC, CF, CFAST, PXIe, SCPCIe, USB, PATA, mSATA, OCP or CAPI.
Example two
The device in this embodiment is a server, and the server further includes a baseboard management controller BMC for managing and controlling the server.
After the flag bit in the storage system is judged to be 1, the integrity of the BIOS firmware and the BMC firmware of the server is measured, and the normal boot process is continuously executed only when the measurement results of the BIOS firmware and the BMC firmware are normal, otherwise, the server is not booted.
EXAMPLE III
In this embodiment, UEFI is used to replace the conventional BIOS to boot the device, and the integrity of the BIOS firmware needs to be measured when the integrity of the device is measured.
Preferably, when the device is a server, integrity measurement needs to be performed on the server and the BIOS firmware of the BMC at the same time, and a normal boot process of the server is continuously executed only when measurement results of the server and the BIOS firmware of the BMC are both normal, otherwise, the server is not booted.
Example four
In this embodiment, a method for security measurement during operation of a device is provided, where after a measurement operation on a specified firmware in the device is completed, the following operations may be selectively and continuously performed during normal startup of the device, and an operation flowchart is as shown in fig. 3.
Step 1: performing integrity measurement and verification on an operating system LOADER (OS LOADER), and if the measurement result is normal, executing the OS LOADER and continuing to execute the step 2; otherwise, an exception is prompted;
specifically, the measurement operation is completed by calling the TCM by a TPCM module in the main control chip.
Step 2: measuring and verifying an operating system KERNEL (OS KERNEL), if the measurement result is normal, operating the OS KERNEL and loading a file system, and entering the step 3; otherwise, an exception is prompted;
specifically, the measurement operation is completed by calling TCM by a TPCM module in the main control chip.
And step 3: and the equipment enters an operating system, the TPCM measures the operating system in real time, and if the measurement result is abnormal, the abnormality is prompted.
Specifically, the measurement operation is completed by calling TCM by a TPCM module in the main control chip, and the measurement of the security of the operating system is completed at predetermined time intervals.
Preferably, after the device enters a normal operation state, the TPCM may be configured through the configuration interface to select one or more of the above-mentioned measures for security measurement.
Wherein, the mode that the suggestion has the anomaly includes: and lightening an indicator lamp, sounding an alarm, and prompting printing error information or shutdown by a printing interface.
According to the technical scheme of the embodiment, the TPCM module can be integrated in the main control chip so as to realize multiplexing of the main control chip of the solid-state memory, the main control chip is utilized to realize the TPCM safety measurement function, and the measured objects comprise firmware, OS LOADER, OS KERNEL and an operating system and the like of various chips, so that comprehensive safety measurement is performed on equipment.
In the embodiments provided in the present invention, it should be understood that the disclosed method and terminal can be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules is only one logical functional division, and other divisions may be realized in practice.
In addition, the technical solutions in the above several embodiments can be combined and replaced with each other without contradiction.
The modules described as separate parts may or may not be physically separate, and parts displayed as modules may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment.
In addition, functional modules in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional module.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference signs in the claims shall not be construed as limiting the claim concerned. Furthermore, it is obvious that the word "comprising" does not exclude other elements or steps, and the singular does not exclude the plural. A plurality of modules or means recited in the system claims may also be implemented by one module or means in software or hardware. The terms first, second, etc. are used to denote names, but not any particular order.
Finally, it should be noted that the above embodiments are only for illustrating the technical solutions of the present invention and not for limiting, and although the present invention is described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications or equivalent substitutions may be made on the technical solutions of the present invention without departing from the spirit and scope of the technical solutions of the present invention.
Claims (6)
1. A safety measurement method in the operation process of equipment is characterized in that a TPCM storage system comprises the following steps: the main control chip stores TPCM firmware and is used for completing a safety measurement function; the trusted password module TCM is used for realizing a trusted password verification function; the cache chip is used for caching data; the FLASH/DRAM module is used for storing data; the power supply interface is used for directly supplying power to the TPCM storage system through a mainboard battery after the equipment is started, so that a main control chip in the TPCM storage system is powered on preferentially; the data interface can support a SATA/SAS/PCIE data communication protocol;
prior to step 1, the method further comprises: detecting whether the equipment is in a pre-starting state, and if so, detecting whether a TPCM module exists in the storage system; if yes, firstly powering on a main control chip in the storage system; after the main control chip is powered on preferentially, performing active security measurement on the equipment, wherein the active security measurement on the equipment comprises integrity measurement on firmware of a BIOS unit in the equipment; if the measurement result is normal, the equipment is normally started;
the TPCM is integrated in the main control chip so as to realize the multiplexing of the main control chip of the solid-state memory, and the safety measurement function of the TPCM is realized by utilizing the main control chip;
the method comprises the following steps:
step 1: the TPCM carries out integrity measurement and verification on an operating system LOADER OS LOADER, if the measurement result is normal, the OS LOADER is executed, and the step 2 is continuously executed; otherwise, an exception is prompted;
step 2: the TPCM carries out measurement and verification operation on an OS KERNEL of an operating system KERNEL, if the measurement result is normal, the OS KERNEL is operated, a file system is loaded, and the step 3 is carried out; otherwise, an exception is prompted;
and step 3: and the equipment enters an operating system, the TPCM measures the operating system in real time, and if the measurement result is abnormal, the abnormality is prompted.
2. The method of claim 1, further comprising:
the measurement operation is completed by calling TCM by a TPCM module in the main control chip.
3. The method of claim 2, wherein the TPCM performs real-time measurement on the operating system in step 3 by:
the security measurement for the operating system is done at predetermined time intervals.
4. The method of claim 3, further comprising:
before the step 1, performing integrity check measurement on the BIOS and BMC firmware or PNOR and BMC firmware in the device through the TPCM.
5. The method of claim 4, further comprising:
and (2) integrating a TPCM (trusted platform manager) module in a main control chip of the device firmware storage system, preferentially electrifying the TPCM module when the device is started, and executing the operation in the step (1) when the TPCM module finishes the integrity measurement of the BIOS and the BMC firmware or the PNOR and the BMC firmware and the measurement result is normal.
6. The method of claim 1, wherein the manner in which exceptions are declared comprises: and lightening an indicator lamp, sounding an alarm, and prompting printing error information or shutdown by a printing interface.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810092539.2A CN110096882B (en) | 2018-01-31 | 2018-01-31 | Safety measurement method in equipment operation process |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810092539.2A CN110096882B (en) | 2018-01-31 | 2018-01-31 | Safety measurement method in equipment operation process |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110096882A CN110096882A (en) | 2019-08-06 |
| CN110096882B true CN110096882B (en) | 2021-04-20 |
Family
ID=67442012
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810092539.2A Active CN110096882B (en) | 2018-01-31 | 2018-01-31 | Safety measurement method in equipment operation process |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110096882B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110609536B (en) * | 2019-08-29 | 2020-11-10 | 青岛海尔科技有限公司 | Method and device for controlling module in household appliance to be powered on and household appliance |
| CN111045743B (en) * | 2019-12-12 | 2024-02-13 | 海光信息技术股份有限公司 | Operating system safe starting method, management method, device and equipment |
| CN112631670A (en) * | 2020-12-31 | 2021-04-09 | 联想(北京)有限公司 | Control method and device and electronic equipment |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102279914A (en) * | 2011-07-13 | 2011-12-14 | 中国人民解放军海军计算技术研究所 | Unified extensible firmware interface (UEFI) trusted supporting system and method for controlling same |
| CN104866459A (en) * | 2015-05-29 | 2015-08-26 | 上海新储集成电路有限公司 | Storage chip |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9152793B2 (en) * | 2012-09-28 | 2015-10-06 | Intel Corporation | Methods, systems and apparatus to self authorize platform code |
-
2018
- 2018-01-31 CN CN201810092539.2A patent/CN110096882B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102279914A (en) * | 2011-07-13 | 2011-12-14 | 中国人民解放军海军计算技术研究所 | Unified extensible firmware interface (UEFI) trusted supporting system and method for controlling same |
| CN104866459A (en) * | 2015-05-29 | 2015-08-26 | 上海新储集成电路有限公司 | Storage chip |
Non-Patent Citations (2)
| Title |
|---|
| 基于UEFI的BIOS 信任链的研究;王冠 等;《微计算机信息》;20110531;第27卷(第5期);第2页 * |
| 王冠 等.基于UEFI的BIOS 信任链的研究.《微计算机信息》.2011,第27卷(第5期), * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110096882A (en) | 2019-08-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8468389B2 (en) | Firmware recovery system and method of baseboard management controller of computing device | |
| CN111399919A (en) | Starting method and system of server, electronic equipment and storage medium | |
| US20150378846A1 (en) | Method, computer program, and computer for restoring set of variables | |
| CN101122936A (en) | Embed type platform guiding of credible mechanism | |
| CN102279914A (en) | Unified extensible firmware interface (UEFI) trusted supporting system and method for controlling same | |
| CN110096882B (en) | Safety measurement method in equipment operation process | |
| CN105807848B (en) | Touch industrial personal computer | |
| US8281119B1 (en) | Separate normal firmware and developer firmware | |
| CN104850792A (en) | Establishment method and apparatus of trust chain of server | |
| TW201520895A (en) | System and method for automatically recovering BIOS of a computer | |
| US10817211B2 (en) | Method for completing a secure erase operation | |
| CN103593281A (en) | Test system and test method | |
| CN110119623A (en) | A kind of credible main board implementation method for realizing that firmware is actively measured using TPCM | |
| CN103678053A (en) | Computer self-check method and system | |
| US8176309B2 (en) | Boot system has BIOS that reads rescue operating system from memory device via input/output chip based on detecting a temperature of a hard disk | |
| CN109583214B (en) | Safety control method | |
| CN103455750B (en) | The high peace verification method of a kind of embedded device and device | |
| CN104657232A (en) | BIOS automatic recovery system and BIOS automatic recovery method | |
| CN110096393A (en) | A kind of credible measure of server | |
| CN111198832B (en) | Processing method and electronic equipment | |
| TW202131170A (en) | Firmware corruption recovery | |
| CN110119625A (en) | A kind of trusted computing method | |
| CN114510751A (en) | Hardware replacement prevention device and method based on processor security kernel | |
| CN112231704B (en) | Trusted network environment protection method, device and computer readable storage medium | |
| CN103677875A (en) | Method for starting electronic equipment, method for controlling permission and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |